HIPAA Breaches & Healthcare Students

stethoscope on open book on a white background

The value of providing healthcare students with Health Insurance Portability and Accountability Act (HIPAA) training cannot be underestimated as it can prevent serious data breaches from occurring while also increasing the employability of the individuals who successfully complete HIPAA training.

As the main factors that lead to HIPAA investigations are the unauthorized use and disclosures of Protected Health Information (PHI), it is clear comprehensive training for those who will eventually be handling sensitive data is the best possible place to start in order to reduce the likelihood of these events happening.

Why is HIPAA Training for Healthcare Students so Important?

HIPAA governs how healthcare providers, health plans, healthcare clearinghouses, and business associates can use and disclose PHI. Subsequent legislation allows the HHS` Office for Civil Rights to impose financial penalties and other sanctions in the event of a HIPAA violation occurring.

Due to the potential for substantial penalties, employers will likely place additional value on new recruits that have completed a HIPAA training course. More and more educational institutions are now including HIPAA training as part of their curriculum.

Since the HIPAA Privacy and Security Rules were enacted, there have been many large scale breaches that resulted from healthcare students not being fully aware of data security when they are working in a healthcare setting.

Breaches can occur due to a deliberate action of the individual responsible or due to unknowingly doing something that impacts the PHI of a patient. Given the stringent penalties for organizations that breach HIPAA, it is only natural to assume that employers will begin to favor applicants who can display a certified knowledge of how HIPAA impacts the way that they complete their work duties.

How can Healthcare Students be Helped to Avoid Committing a HIPAA Breach?

The provision of an in-depth HIPAA training course as part of a curriculum will put healthcare students in the best possible position to avoid violating the HIPAA Rules.

Following completion of this course, students should be fully aware of how PHI can be accessed, used, and disclosed in compliance with the HIPAA Privacy and Security Rules. They will have a competitive edge in the recruitment process over rivals who have not undergone a similar course of training and graduates of these courses will become increasingly valued and sought by employers.

You can review our sample training module HIPAA Training for Healthcare Students by clicking here or viewing the video below.

How can Healthcare Students Breach HIPAA?

There are many different ways in which healthcare students can do something that violates HIPAA. With adequate training almost all of these breaches could have been avoided.

  • Breaches involving sharing PHI without authorization: 
  • Breaches involving unauthorized access to PHI or EHRs: A report claims that students who have been trained to use EHRs are breaching HIPAA by continuing to track patients after they have finished treating them. A survey conducted by JAMA Internal Medicine as part of a research project found that 96.1% of medical students admitted that they had previously used EHRs to track former patients.
  • Breaches involving divulging credentials in response to phishing emails: A phishing attack at Augusta University lead to an unauthorized individual illegally obtaining access to the email accounts of two employees in July 2017. An investigation confirmed access to the employees’ email accounts was gained between April 20-21, 2017. This was not the first time that individuals at Augusta University were tricked by phishing scams. A similar breach took place in September 2016 and led to data being exposed.
  • Breaches involving lost or stolen computing devices: In 2017, one of the largest data breaches was reported by Washington State University. An unencrypted hard drive containing the data of more than 1 million individuals was stolen. The drive held personally identifiable information of participants in its research programs related to students and college graduates. The database on the drive was used to track students after graduation and contained data from 1998 to 2013. Data stored on the drive included names, addresses and Social Security numbers.

Conclusion: Providing Healthcare Students with Comprehensive HIPAA Training is Vital

HIPAA training for healthcare students can help to eliminate the possibility of a HIPAA breach occurring as a result of a lack of knowledge. It can also result in students having a better chance of securing full-time employment due to the data protection skills they have acquired.

It is important for those creating and conducting the student curriculum to include a comprehensive HIPAA training course as part of the education they provide to healthcare students.

You can sign up for the ComplianceJunction HIPAA Training Course for Students here.