HIPAA Breaches & Healthcare Students

stethoscope on open book on a white background

The value of providing healthcare students with Health Insurance Portability and Accountability Act (HIPAA) training cannot be underestimated as it can prevent serious data breaches from occurring while also increasing the employability of the individuals who successfully complete the HIPAA training. As the main factor that leads to HIPAA investigations is the unauthorized use and sharing of Private Health Information (PHI) it is clear that comprehensive training for those who will eventually be handling such data is the best possible place to start in order to reduce the chances of this happening.

Why is HIPAA Training for Healthcare Students so Important?

HIPAA governs how healthcare providers, health plans, healthcare clearinghouses, and business associates can handle PHI. The legislation allows for penalties, including large fines, to be sanctioned in the event of a breach occurring. Due to this employers will be sure to place additional value on any potential new recruits that have completed a HIPAA Training course. More and more educational institutions are now including this as part of their curriculum.

Since HIPAA was introduced there have been many large scale breaches that resulted from healthcare students not being fully aware of what is permitted when they are working in a healthcare setting or what to do if they receive a suspicious email. Breaches can occur due to a deliberate action of the individual responsible or due to unknowingly doing something that impacts the PHI of a patient.  Given the stringent penalties in place for organizations that breach HIPAA it is only natural to assume that employers will begin to favour applicants who can display a certified knowledge of how HIPAA impacts the way that they complete their work duties.

The body that enforces HIPAA, the US Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) has released data that shows that from 2017 to the present that the main issues leading to HIPAA investigations are Impermissible Uses and Disclosures of PHI. You can view the OCR data here.

How can Healthcare Students be Helped to Avoid Committing a HIPAA Breach?

The provision of an in-depth HIPAA training course as part of a curriculum will put healthcare students in the best possible position to avoid doing something that will result in a HIPAA violation occurring. Following completion of this course, students will be fully aware of how PHI can be managed, shared and reviewed. They will have a competitive edge in the recruitment process over rivals who have not undergone a similar course of training and graduates of these courses will become increasingly valued and sought after by healthcare groups.

You can review our sample training module HIPAA Training for Healthcare Students by clicking here or viewing the video below.

How can Healthcare Students Breach HIPAA?

There are many different way that a healthcare student can do something which leads to a HIPAA breach occuring. With adequate training almost all of these breaches could have been avoided.

  • Breaches involving sharing PHI without Authorization: 
  • Breaches involving unauthorized access to PHI or EHRs: A report has indicated that students who have been trained to use EHRs are breaching HIPAA by continuing to track patients after they have finished treating them. A survey conducted by JAMA Internal Medicine as part of a research projects found that 96.1% of medical students admitted that they had previously used EHRs to track former patients.
  • Breaches involving sharing details in a phishing attack: A phishing attack at Augusta University lead to an unauthorized individual illegally obtaining access to the email accounts of two employees in July 2017. An investigation confirmed access to the employees’ email accounts was gained between April 20-21, 2017. This was not the first time that individuals at Augusta University were tricked by phishing scams. A similar breach took place in September 2016 and lead to data being exposed.
  • Breaches involving lost or stolen computing devices: In 2017 one of the largest data breaches was recorded Washington State University when an unencrypted hard drive containing the data of more than 1 million individuals was stolen. The drive held personally identifiable information of participants in its research programs related to students and college graduates. The database on the drive was used to track students after graduation and contained data from 1998 to 2013. Data stored on the drive included names, addresses and Social Security numbers.

Conclusion: Providing Healthcare Students with Comprehensive HIPAA Training is Vital

HIPAA training for healthcare students can help to eliminate the possibility of a HIPAA breach occurring as a result of a lack of knowledge in relation to how PHI can be handled, while also resulting in students having a better chance of securing full-time employment due to the additional data privacy skills that they have acquired.

It is important for those creating and devising student curriculum and training courses to include a comprehensive HIPAA training course as part of the education provided to healthcare students.

You can sign up for the ComplianceJunction HIPAA Training Course for Students here.