A review of online HIPAA training courses shows a wide range of courses exist. Undoubtedly there are some which are more comprehensive than others, and while price is no guarantee of quality, those that acknowledge that training is only one piece of the compliance jigsaw puzzle are more likely to align their training courses with Covered Entities´ requirements.
It is important to be aware online HIPAA training courses cannot totally replace in-house training. According to the Administrative Requirements of the HIPAA Privacy Rule (45 CFR § 164.530), Covered Entities are required to train members of the workforce on the policies and procedures developed to protect the privacy of PHI. As each Covered Entity will likely have unique policies and procedures, it is impossible to expect online HIPAA training courses to cover each privacy policy.
Nonetheless, online HIPAA training courses can play an important role in providing members of the workforce with an understanding of HIPAA so that in-house training on policies and procedures has context. Furthermore, by relieving the administrative overhead of developing and delivering in-house training on HIPAA basics, Covered Entities can dedicate more in-house training time to the issue that really matters – ensuring the workforce operates in compliance with HIPAA.
The Benefits of Online HIPAA Training Courses
In addition to providing members of the workforce with an understanding of HIPAA and saving Covered Entities time and money, online HIPAA training courses allow members of the workforce to study HIPAA when they have time to do so. This avoids the scenario in which large groups of the workforce attend classroom training simultaneously – potentially reducing staff coverage in the healthcare environment and creating operational issues.
Most online HIPAA training courses deliver training in bite-sized modules. This enables Covered Entities to mix and match modules to better meet the requirements of their workforces. The provision of online training in bite-sized modules also makes it easier to conduct refresher training or additional training when a risk assessment identifies a lack of knowledge in individuals or groups of the workforce. “Material change” training will still have to be delivered in-house.
Can Security and Awareness Training be Taught Online?
Under the Administrative Safeguards of the HIPAA Security Rule (45 CFR § 164.308), Covered Entities and Business Associates are required to implement a security and awareness training program. Like the Privacy Rule training requirements, online HIPAA training courses cannot cover each Covered Entity´s or Business Associate´s security policies – notwithstanding that each organization may also use different security devices to comply with the Technical Safeguards of the Security Rule.
However, it can be better to teach the basics of security compliance via an online training course because the content of the course will alert trainees to the nature of cyber threats to ePHI, the reasons why the Security Rule was introduced, and why it had to be updated via the HITECH Act. A solid grounding in security compliance can help members of the workforce better understand the policies, procedures, and technologies implemented by Covered Entities and Business Associates.
Online Training and HIPAA Certification
Most online HIPAA training courses offer some form of certification at the end of each course or training module. While certificates can serve a purpose inasmuch as they document that training has been provided, it is important to understand what certification represents – that, at a point in time, a member of the workforce had sufficient knowledge to complete a training course. HIPAA certification does not guarantee compliance.
Indeed, the Department of Health and Human Services (HHS) warns Covered Entities to be aware of misleading marketing claims suggesting HIPAA training courses or their content are endorsed by HHS or the Office for Civil Rights. Furthermore, while a certificate of competency demonstrates a knowledge of HIPAA, it does not absolve Covered Entities – nor the workforce members to whom a certificate has been awarded – of their compliance obligations.
Online HIPAA Training Courses FAQs
How do online HIPAA training courses relieve the administrative overhead for Covered Entities and Business Associates?
For any HIPAA training to be effective, it has to be understood. Online HIPAA training courses provide a grounding in the HIPAA rules, so when it comes to training members of the workforce on policies, procedures, and technologies, trainees will understand why the policies, procedures, and technologies have been put in place – aiding retention of the training and contributing to a more HIPAA-compliant workforce.
What is the difference between refresher training and material change training?
Refresher training is a refresher course in HIPAA basics. Most compliancy professionals advocate refresher training at least annually; and, by re-using online training modules, Covered Entities are able to extract a higher ROI from the cost of the modules.
Material change training is required when there has been a material change in a Covered Entity´s policies and procedures that impacts the functions of the workforce. As the training relates to policies and procedures, it is not something usually covered by online HIPAA training courses. This is why material change training will still have to be delivered in-house.
How does mixing and matching modules better meet the requirements of the workforce?
Covered Entities have diverse workforces that can include healthcare professionals, IT technicians, environmental services personnel, and gardeners. While it may be necessary to train some of these workforce groups on areas of HIPAA such as cyber threats to ePHI, and the HITECH Act, it is not necessary to train every workforce group of every area of HIPAA.
Consequently, some workforce groups may only need to undergo training on the basics of the Privacy Rule, preventing HIPAA violations, patients´ rights, and the HIPAA disclosure rules, while others may need a more in-depth background on computer safety rules, how to protect ePHI from cyber threats, and disclosures of PHI in emergency situations.
How does online HIPAA training support in-house training?
With regards to the Privacy Rule training requirements, online HIPAA training courses provide a background to HIPAA and explain why the main regulatory rules were introduced to give context to in-house training. With regards to the Security Rule training requirements, by providing members of the workforce with an understanding of the nature of threats to ePHI, it will be easier to explain the purpose of security policies, procedures, and technologies.
How important is it to get a HIPAA certificate at the end of online training?
The Privacy Rule states that all HIPAA training should be documented. Therefore, although a certificate does not guarantee HIPAA compliance and the online training course may not fulfil all the Privacy Rule and Security Rule training requirements, the certificate demonstrates that a Covered Entity or Business Associate provided training – evidence that may be required to establish the burden of proof in the event of an inspection, audit, or investigation.
