Blog

What are the HIPAA Training Requirements?

HIPAA
September 1, 2020
HIPAA is a vast piece of legislation and requires that Employees be trained. But what just are the HIPAA Training Requirements?

HIPAA Training Requirements

The Health Insurance Portability and Accountability Act of 1996, also known as HIPAA, is a monumental law that was originally passed to increase the efficiency of the healthcare system. However, it is also full of broad, vague requirements and mandates for both covered entities and business associates to follow. You may know that HIPAA training is required by the law, but aren’t sure what exactly that means. We’ll try to help by looking at what the text of HIPAA actually has to say and what that means for your organization setting training standards.

What does HIPAA actually say about training? 

The standards of training are actually mentioned separately under the Privacy and Security Rules, the exact text can be read at teach privacy.

Within the Privacy Rule, the training must be completed by each employee by the organization’s date of reaching compliance with each new employee receiving training shortly after their hire date. Additionally, organizations should implement extra training in the event that there is an important change in policy. As all of this is being completed, covered entities. should document that the training was completed and meets the required standards. 

The Security Rule on the other hand just states that a “security awareness and training program” should be introduced that addresses security reminders, protection from malicious software, log-in monitoring and password management. Each of these topics is considered “addressable” rather than “required”, which means that the law is allowing flexibility for organizations to use discretion in accomplishing that objective with their own security control choice. 

Who needs to complete HIPAA training? 

HIPAA requires both covered entities and business associates to have all their employees that have the potential to access protected health information (PHI) to complete regular HIPAA training. To put it as simply as possible - anyone who could come into contact with PHI during the course of their job should be trained in the protocols of HIPAA. 

How often is HIPAA training required?

Although this is another area where the law is vague, it is important that training is recurring so that employees can be up-to-date with any changes to the law or company compliance policy as well as being refreshed in case of having forgotten information. The industry standard for HIPAA training is for it to be conducted annually so that any updates to the law can be included and employees are not able to forget the crucial information. 

How long should HIPAA training be? 

Just as with the training overall, HIPAA does not lay out any specific required length for the training. Adequate training must be long enough to portray all of the crucial information for the employee to understand the aspects of HIPAA. When videos or training are too long, they may lose the attention of the person taking the training which could result in a lack of information gain. 

What are the consequences for inadequate training? 

There is not a direct penalty or fine that is given out just for inadequate or non-existent HIPAA training. However, training is one of the key safeguards that should be used to prevent breaches in PHI. Therefore, if a breach does occur and an audit is then conducted of the organization where it is clear that training has not been prioritized, the fine may be bigger as this tells the OCR that the breach could’ve been prevented. 

Training is a crucial part of HIPAA compliance as it brings all parties up to date on what steps need to be taken to guarantee the privacy and security of PHI. Training educates employees on the details of the act and helps them gain understanding of their role in compliance. Accountable’s mission is to break down the complicated and vague nature of HIPAA into an easy to follow framework - starting with our online HIPAA training. Watch all the training videos, pass the quiz and receive a training certificate - it’s just that easy! 


More from the Blog

GenixTec has achieved HIPAA Compliance with Accountable
Compliant Tools

GenixTec has achieved HIPAA Compliance with Accountable

HIPAA and Workforce Training
HIPAA

HIPAA and Workforce Training

Understanding HIPAA Certification
HIPAA

Understanding HIPAA Certification

Is Google Docs HIPAA Compliant?
Compliant Tools

Is Google Docs HIPAA Compliant?

Is Calendly HIPAA Compliant?
Compliant Tools

Is Calendly HIPAA Compliant?

Is Google Sheets HIPAA Compliant?

Is Google Sheets HIPAA Compliant?

Is iCloud HIPAA Compliant?
Compliant Tools

Is iCloud HIPAA Compliant?

President Biden Looks to Boost Cybersecurity at U.S. Ports
Data Security

President Biden Looks to Boost Cybersecurity at U.S. Ports

Get Started
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Ready to chat?

See how some of the fastest growing companies use Accountable to build trust through privacy and compliance.
Trusted by
Accountable Compliance Management Logo

We make it easy to get your own HIPAA Certification and build trust with your customers and patients.

Product
PlaybooksHow it worksProductPricingWatch DemoSeal of ComplianceGet Support
Solutions
HIPAAGDPR
Resources
BlogHIPAA TrainingHIPAA Risk AnalysisGDPR Risk Analysis
Company
AboutCareersSupportContact UsPrivacy CenterProduct Updates
Account
Sign InForgot Password

"Accountable allowed us to quickly establish Core Compliance with HIPAA as well as a firm foundation for our Security Program." - Michael H.

© 2024 Accountable HQ, Inc.
SitemapTerms of ServicePrivacy Policy