HIPAA Security Compliance: Have a Good Training Process in Place


Training education is required while dealing with various electronic devices so these are under the control of the organization information security management process. Basically, training is required for everybody, including management. The HIPAA security rules, they specifically say that, including management. So you want to make sure that the boss doesn’t get off.

Well, make sure you have HIPAA training for new staff or whatever you have changes in policies and procedures. Now, try to follow a regular schedule with plenty of reminders and refreshers. And obviously, whenever you have new technologies, new – something new comes along, you want to make sure that you have some special healthcare training for those things so people know how to keep them secure.

Don’t ignore the new technologies. Make that – find ways to do things securely, okay. And make sure you document all your training in case you get audited. And the other thing has to do with technology adoption. Make sure, you know, don’t ignore the issue of, you know, people will always want to use the new thing.

And when they use a new thing, they will tend to forget what they already know even if they already know how to deal with encryption, how to deal with portable devices and laptops and things like that if they start doing something else with a new device or doing things a new way, they will tend to forget all the rules that they already know. So you need to make sure that you give people proper healthcare compliance training so they know what they're doing with their new devices. So you need to allow the new devices but you need to manage it, okay.

So your to-do list is don’t be in denial because obviously willful neglect can cost you. Find out what people are doing already with mobile devices. And figure out what they would like to do. See if you're holding anybody back from something that might be actually quite productive and quite useful and see if there are ways you can do things. I mean there are ways that you can do, secure texting and secure email, there are ways to do these things, okay. There are technical solutions for all these things as per the HIPAA regulations. Figure out what your risks are and lock down some of the solutions. Some of them are very low cost or even no cost depending on what you want to do.

Review your current policies and procedures and see if you can handle mobile devices and do your risk analysis and make sure what – make sure you have some idea well, what is the appropriate stuff for us to use to satisfy our staff and individuals so that we can get things that we need to done with – get things done that we need to with our devices.

And if you can, have some training on new and old policies. You need to make sure that we have this in place as a continuing process. It's a difficult thing to keep healthcare training going but you want to make sure you have the policies and procedures in place to have the training keep going. And make sure you can show that policies have been applied.

So – and if you can, run some drills on having a breach. Say, okay, listen, you've just lost your Smartphone. We've been through everything. We tried to secure everything. Let's pretend you just lost your Smartphone. Do we have a problem here? Is there a problem at all? Did anything go wrong? Is there anyway for somebody to pick that up and get into your system? Do some testing. Do some validation. It's important. And then learn from it.

Avoid HIPAA non-compliance with expert security management healthcare webinars and HIPAA training events at