HIPAA Compliance is an ongoing process and one of the most important aspects of it is making sure that your staff members participate in compliance training and awareness program regularly. As a covered entity under HIPAA, you are required by law to provide training resources for all members of workforce. The importance of ongoing compliance training program is crucial not only in order to ensure compliance and protect the PHI of your patients, but also to protect your practice from potential violations and top tier penalties associated with negligence on behalf of organization’s management.
Importance of Documented Training Program
Incidents happen to covered entities of all sizes, this is simply a fact. As a law, HIPAA is designed with provisions to address these unfortunate situations. The reality is that no organization is 100% protected from data breaches, theft, loss of devices and actions of untrained employees that can trigger an audit by the Department of Health and Human Services (HHS). We hope this will never happen to you, however, we would like to explain why this part of compliance plan cannot be overlooked to make sure your management team and compliance officers understand the importance of ongoing documented training program in the aforementioned circumstances.
One of the most important factors when it comes to determining the level of culpability by HHS and other law enforcement agencies is whether or not the incident was a result of negligence on behalf of management, or if it was simply an event that took place that was beyond control or knowledge of anyone in the organization. Further, it is considered if the management has taken the necessary steps in the past to prevent the incident that took place, or if the cause of an incident was lack of systems and safeguards in place. The entire new tiered penalty system of the Final OMNIBUS Security Rule enacted in September of 2013 is structured around these factors.