HIPAA regulations outline IT compliance in high-level detail but does not specify methods for true compliance. This lack of a guided approach can prove to be an obstacle for healthcare clinician managers seeking concrete methods to train personnel, especially in regards to technology.
Fortunately, Datica is here to help you by making sure your training focuses solely on what clinicians need to know, which will save time and increase engagement. Here are the five key topics we suggest you focus on in your HIPAA training sessions:
1) Remote Access to the Electronic Health Record (EHR)
With all of the documentation that clinicians deal with during the workdays, they could be accessing EHRs from their home to keep with their responsibilities. But if they are not properly trained on how to access these records, they could be setting your healthcare system up for a security breach. Here are a few tips:
- Enact a two-step authentication for allowing remote access
- Implement immediate sessions termination following a clinician signing in and being inactive for a predetermined amount of time.
- Inaugurate personal firewall software on all laptops and machine that store protected health information or connect to networks where protected health information may be stored.
- Place an embargo on clinicians from remotely accessing EHRs except in certain instances
2) Mobile Device Controls and Security
Missing or stolen devices (laptops, tablets, and phones) account for the most HIPAA security breaches. If clinicians have protected health information on these devices, these devices must be encrypted, password protected, and have safeguards properly implemented. Consider having clinicians sign a mobile device security agreement to emphasize the importance of housing data on these devices.
3) Pertinent EHR Access
Clinicians are not oblivious to the HIPAA Privacy rules and their responsibilities but part of that responsibility is that they only access patients’ information if they are directly involved in the care. Consistently stress the importance of this to ensure that staff members do not violate this rule and that they will be facing audits to ensure nothing goes askew.
4) Email and Texting Guidance
Since email and texting are so convenient for clinicians, some may be sending protected health information through these channels without a second thought. Be sure to drive the message that sharing information through these channels should always be avoided. Be sure to provide HIPAA compliant communication tools in alternative to these, such as HIPAA compliant secure messaging through patient portals.
5) Social Media Channel Guidance
In the modern day, most clinicians are somehow involved with at least one social media channel, such as LinkedIn, Facebook, or Twitter. Be sure to highlight that they should be keeping their social media pages private to avoid any requests from friends that are double as patients. Also be sure and address that clinicians need to ensure their blogging appropriately if applicable, and not as a source to provide health guidance to patients.
All in all, HIPAA compliance training should be very thorough but still direct with your clinicians. These are points to be treated as critical training areas for your organization. If you want a complete summary on HIPAA, check out our HIPAA compliance resource page written by our team of experts.