Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The HIPAA Training Program Life Jacket Keeping your staff afloat in the sea of HIPAA Rules & Regulations Holly Schlenvogt, MSH Privacy Officer Medical.

Similar presentations


Presentation on theme: "1 The HIPAA Training Program Life Jacket Keeping your staff afloat in the sea of HIPAA Rules & Regulations Holly Schlenvogt, MSH Privacy Officer Medical."— Presentation transcript:

1 1 The HIPAA Training Program Life Jacket Keeping your staff afloat in the sea of HIPAA Rules & Regulations Holly Schlenvogt, MSH Privacy Officer Medical Associates, Inc. holly.schlenvogt@ma-hc.com 262-415-1009 Kirsten Ruzic Wild, RN, BSN, MBA, CHC Corporate Compliance Officer, Privacy Officer & Risk Manager Synergy Health kwild@synergyhealth.org 262-836-8366

2 2 Goals & Objectives How to determine the Who, What, Where, When, Why and How’s of HIPAA Privacy & Security Training How to determine the Who, What, Where, When, Why and How’s of HIPAA Privacy & Security Training HIPAA Attitudes HIPAA Attitudes When does it become an issue of employee accountability? When does it become an issue of employee accountability? Training Documentation Training Documentation

3 3 "We need to review our training material.” Cartoon by Dave Harbaugh HCHumor © 2008 HCPro, Inc.

4 4 Who To Train The Captain & First Mates: high level “safety” measures The Captain & First Mates: high level “safety” measures The Crew: how to handle: The Crew: how to handle: –Day to day issues to keep the boat afloat –Generally how to handle new and unique issues (i.e. alert the Captain & First Mates) The Passengers should be able to relax and enjoy their cruise! The Passengers should be able to relax and enjoy their cruise! Training will vary by titles and roles

5 5 Who To Train: Captain & First Mates Owners Owners Board of Directors Board of Directors Leaders Leaders Physicians Physicians

6 6 Who To Train: The Crew Employees Employees Leaders Leaders Physicians (yes, they may wear the hat of a captain, first mate, and crew member) Physicians (yes, they may wear the hat of a captain, first mate, and crew member) Temporary Employees Temporary Employees Volunteers Volunteers Consultants & Contractors Consultants & Contractors

7 7 Who To Train: The Passengers Patients & their family members/friends Patients & their family members/friends –NOPP –Access (for them & their loved ones) –Release of Information (to other facilities, law enforcement, etc.) –Amendment requests –Special Requests –Filing a complaint –Perceptions Other Other Do you train any other passengers? Do you train any other passengers?

8 8 What To Train The Perfect Storm The Perfect Storm –What obstacles or dangers are in the sea (other boats, currents, icebergs, sea cucumbers, etc.)? –How to handle “unpredictable obstacles” The people to protect The people to protect How to protect them How to protect them Why this is important Why this is important

9 9 What To Train: Examples Example sessions & scenarios for your reference. Example sessions & scenarios for your reference. –Disclaimer: these do not represent legal advice and are by no means intended to be perfect or even cover every topic. They are just examples. It’s up to you to determine “what” to train based on your organization’s needs, issues, culture, etc. We cannot guarantee this information will be understood, remembered, followed, or even read by your employees!

10 10 What To Train: Scenarios Consider sending out periodic scenarios and/or have them in the training sessions Consider sending out periodic scenarios and/or have them in the training sessions –Hot topics –Recent issue –Review in Department Meetings Hearing examples of errors made and how to prevent them from happening “sticks” better than just telling the law Hearing examples of errors made and how to prevent them from happening “sticks” better than just telling the law Teach them to think! Teach them to think!

11 11 What To Train: We’re Right Here Let them know who you are and you are available for questions, comments, & concerns Let them know who you are and you are available for questions, comments, & concerns How they can find you How they can find you –Email –Phone –Pager –Hotline –Other?

12 12 What To Train: P&Ps What to train is right inside your very own passport: policies & procedures (P&Ps) What to train is right inside your very own passport: policies & procedures (P&Ps) Review them and “categorize” each point for different titles/roles to train Review them and “categorize” each point for different titles/roles to train You can’t possibly cover every point, instead cover the core of each one You can’t possibly cover every point, instead cover the core of each one

13 13 What To Train: The Basics The Basics: The Basics: –Safeguarding PHI –The Privacy Officer is available, willing and able to help you! Issue: “This is basic stuff. I don’t need to be reminded.” Issue: “This is basic stuff. I don’t need to be reminded.” Repeat these, consistently! Repeat these, consistently!

14 14 What To Train: The Privacy Iceberg Obstacles Release of Information Release of Information –Release = verbal, written, electronic –When an authorization is required –Minors –Mental Health –Special PHI Communications –Release the minimum necessary

15 15 What To Train: The Privacy Obstacles “Typical” releases of information (TPO) “Typical” releases of information (TPO) –Anything else, do not release, review P&Ps/ contact your Privacy Officer! Ex: Attorney wants PHI NOW, now what? Ex: Attorney wants PHI NOW, now what? Law enforcement tells employee the patient is in jail and no longer has any privacy rights. Law enforcement tells employee the patient is in jail and no longer has any privacy rights.

16 16 What To Train: The Security Iceberg Obstacles Access the Minimum Necessary Access the Minimum Necessary –What do you really need to do your assigned job responsibilities? –Does this include looking at your family member’s PHI for treatment received or to look up an appointment in a department in which you don’t work? Email Email –Email patients? –Encrypt when external

17 17 What To Train: The Security Obstacles Password Protections Password Protections –Don’t share them! Don’t share them! Don’t share them! Did I say, don’t share them?! Flash drives & other portable media Flash drives & other portable media What examples can you share? What examples can you share?

18 18 Where To Train Different fish like different bait. Different fish like different bait. –Too cold, too hot, just right! –Some have better eye sight than others –Some travel in schools, others are better off alone Consider time restrictions Consider time restrictions Vary it up for the different fish! Vary it up for the different fish!

19 19 Where To Train Where do you train? Where do you train? Face-to-faceOnline MeetingsManual Email Communications Newsletters Intranet Communications Walk through the organization periodically DVD / Video

20 20 When To Train It’s not a good time to train while the boat is sinking, but you already knew that! It’s not a good time to train while the boat is sinking, but you already knew that!

21 21 When To Train Initial training Initial training Law changes (51.30) Law changes (51.30) Technology changes Technology changes Realize the “culture” needs to change Realize the “culture” needs to change When do you train? When do you train? HIPAA Week HIPAA Week Ongoing Ongoing –Annual –As P&Ps change –As “hot topics” or issues arise –Quarterly/bi-annual scenarios

22 22 Why Do We Train? We like to “annoy” our captains, first mate, and crew… We like to “annoy” our captains, first mate, and crew… –No! As long as you live under my ocean, you’ll obey my rules! As long as you live under my ocean, you’ll obey my rules! –No! We like to make sure our cruise is smooth sailing during the entire trip… We like to make sure our cruise is smooth sailing during the entire trip… –Yes!

23 23 Why Do We Train?: Laws Privacy Privacy –“A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information required by this subpart, as necessary and appropriate for the members of the workforce to carry out their function within the covered entity (CE).” 164.530(b)(1) A covered entity must provide training…as follows: A covered entity must provide training…as follows: –To each member of the CE’s workforce no later than the compliance date… –Thereafter, to each new member of the workforce within a reasonable period of time after the person joins the workforce; and –To each member of the CE’s workforce whose functions are affected by a material change in the P&Ps required by this subpart, within a reasonable period of time after the material change becomes effective… –A CE must document the training…has been provided.

24 24 Why Do We Train?: Laws Security Security –“Implement a security awareness and training program for all members of its workforce (including management)” 164.308(a)(5)(ii)(a) Security Updates – periodic security updates (Addressable) Security Updates – periodic security updates (Addressable)

25 25 Why Do We Train?: Laws Respect our patients’ right to privacy Respect our patients’ right to privacy It’s a part of our customer service standards It’s a part of our customer service standards Why do you train? Why do you train? Whew! There’s a lot to teach!!! Whew! There’s a lot to teach!!! Yes, and we know we have to train it… but how do we get the points across? Yes, and we know we have to train it… but how do we get the points across?

26 26 How to Train How in depth do you train? How in depth do you train? Snorkeling vs. deep sea scuba diving Snorkeling vs. deep sea scuba diving Different skills necessary for a salmon in the lake versus one swimming upstream in a river Different skills necessary for a salmon in the lake versus one swimming upstream in a river

27 27 How to Train Some considerations Some considerations –Different for length of “employment” –Different by title/role Complexity of issues vary Complexity of issues vary Release of Information for only those who actually release PHI (does facility services really need this training?) Release of Information for only those who actually release PHI (does facility services really need this training?) –Back to the basics for all

28 28 How to Train Adult Learning Principles Motivation – adults learn better with an inner motivation to develop a new skill or gain knowledge; resist learning if it is forced on them; why need to learn and what the benefits are; practical; interest and self-benefit Motivation – adults learn better with an inner motivation to develop a new skill or gain knowledge; resist learning if it is forced on them; why need to learn and what the benefits are; practical; interest and self-benefit Appropriate Level of Difficulty – challenging but not overwhelming; info should relate directly to learner’s own personal needs and wants; don’t make a lesser used skill so important that it de- motivates Appropriate Level of Difficulty – challenging but not overwhelming; info should relate directly to learner’s own personal needs and wants; don’t make a lesser used skill so important that it de- motivates

29 29 How to Train Adult Learning Principles Reinforcement – very necessary; encourages correct performance and discourages bad habits; negative reinforcement can be useful to change bad habits or inappropriate behavior; praise for asking questions Reinforcement – very necessary; encourages correct performance and discourages bad habits; negative reinforcement can be useful to change bad habits or inappropriate behavior; praise for asking questions Retention – must retain what taught to benefit from the learning; must see a meaning or a purpose for the new information; must be able to understand, interpret and apply the info in their own real life contexts; able to assign correct degree of importance to material and its application in the future; if didn’t learn well to begin with, degree of retention is reduced; requires practice Retention – must retain what taught to benefit from the learning; must see a meaning or a purpose for the new information; must be able to understand, interpret and apply the info in their own real life contexts; able to assign correct degree of importance to material and its application in the future; if didn’t learn well to begin with, degree of retention is reduced; requires practice

30 30 How to Train Adult Learning Principles Transference – ability to use the information taught in new settings and contexts; positive transference means they use the skills taught; negative transference means they don’t use the information provided; once wrong info is absorbed and used again and again just becomes another bad habit Transference – ability to use the information taught in new settings and contexts; positive transference means they use the skills taught; negative transference means they don’t use the information provided; once wrong info is absorbed and used again and again just becomes another bad habit

31 31 How to Train Be creative Be creative –Base training around a theme –Incentives: Provide treats or trinkets –Games? –Candy bar wrapped with question to answer –Have HIPAA “specialists” in each area/department to help answer questions –Caring for colleagues Vary the training Vary the training How are you creative? How are you creative?

32 32 How to Train – Training Techniques Clip art, flash animation, etc. Clip art, flash animation, etc. Handouts Handouts Practice ahead of time Practice ahead of time Set up the room well in advance Set up the room well in advance Know your audience Know your audience Don’t fake it Don’t fake it If you freeze, relax! If you freeze, relax!

33 33 How to Train – Training Techniques Get attention at the beginning Get attention at the beginning Get audience involved Get audience involved Look at the audience Look at the audience Talk to people, don’t lecture Talk to people, don’t lecture Guide them to their own knowledge Guide them to their own knowledge Do you have any techniques to share? Do you have any techniques to share?

34 34 How to Train – Training to Avoid Obstacles Train those Hot topics! Train those Hot topics! Explain how HIPAA violations occur, why they occur, and how to prevent them Explain how HIPAA violations occur, why they occur, and how to prevent them Predict obstacles Predict obstacles Train how to think in unique situations Train how to think in unique situations

35 35 How to Train Remember your crew has a lot of other things to remember (such as providing patient care & excellent customer service) Remember your crew has a lot of other things to remember (such as providing patient care & excellent customer service) –Be understanding & encouraging How do you train? How do you train?

36 36 HIPAA Attitudes Have you encounter an employee that just doesn’t get it, or worse doesn’t appear to want to get it? Have you encounter an employee that just doesn’t get it, or worse doesn’t appear to want to get it? We’re sure you’ve never encountered an Upper Management individual like this! We’re sure you’ve never encountered an Upper Management individual like this! What do you do with this? What do you do with this? Have you had any experiences with bad attitudes? Have you had any experiences with bad attitudes?

37 37 HIPAA Attitudes I don’t have time for this! I don’t have time for this! This is boring! This is boring! It’s never been a problem in the past It’s never been a problem in the past Other organizations do it this way… Other organizations do it this way… That will never happen to me! That will never happen to me! “HIPAA Schmipa!” “HIPAA Schmipa!” And the opposite attitude…blame HIPAA for everything! And the opposite attitude…blame HIPAA for everything!

38 38 HIPAA Attitudes Change Process/Technology Adoption Lifecycle Change Process/Technology Adoption Lifecycle Everett Rogers “Diffusion of Innovations” 1957 Everett Rogers “Diffusion of Innovations” 1957 Defined 5 categories of Adopters or individual responses to change Defined 5 categories of Adopters or individual responses to change

39 39 HIPAA Attitudes 5 categories of Adopters: Innovators: eager to try new ideas, venturesome, prepared for setbacks and not discouraged, launch new ideas Innovators: eager to try new ideas, venturesome, prepared for setbacks and not discouraged, launch new ideas Early Adopters: high degree of opinion leadership; social leaders Early Adopters: high degree of opinion leadership; social leaders Early Majority: cautious toward change, rarely lead change efforts but willing to adopt new ideas Early Majority: cautious toward change, rarely lead change efforts but willing to adopt new ideas

40 40 HIPAA Attitudes Late Majority: view change with skepticism and caution, feel pressured to embrace change from others who have already adopted Late Majority: view change with skepticism and caution, feel pressured to embrace change from others who have already adopted Laggards: very traditional and last to adopt, point of reference is the past, decisions are made in terms of what has been done in the previously, adoption of change lags behind their awareness and knowledge level Laggards: very traditional and last to adopt, point of reference is the past, decisions are made in terms of what has been done in the previously, adoption of change lags behind their awareness and knowledge level

41 41 HIPAA Attitudes What do you do with the Laggards? What do you do with the Laggards? Send them to Davy Jones’ Locker? Send them to Davy Jones’ Locker? Identify personality types in response to change Identify personality types in response to change Initially, target Innovators and Early Adopters Initially, target Innovators and Early Adopters Laggards do eventually get there but processes must be well-established Laggards do eventually get there but processes must be well-established

42 42 Accountability Are we still teaching a new “culture”, or should employees now be accountable to “know better than to do that”? Are we still teaching a new “culture”, or should employees now be accountable to “know better than to do that”? Train that everyone is accountable for understanding and applying your HIPAA P&Ps. Train that everyone is accountable for understanding and applying your HIPAA P&Ps. Employees state they don’t recall that training Employees state they don’t recall that training

43 43 Accountability Understand that we are human and humans make mistakes (lapses occur) Understand that we are human and humans make mistakes (lapses occur) Train that disciplinary action is required, but make them comfortable about this Train that disciplinary action is required, but make them comfortable about this –Just Culture philosophy…how does it fit? How do you make them understand the importance of this? How do you make them understand the importance of this?

44 44 Training Documentation Remember to document all training Remember to document all training –Annual –Ongoing –Electronic communications Signed agreements may be considered “training” Signed agreements may be considered “training” Communications may be considered “training” Communications may be considered “training”

45 45 Training Documentation Who maintains this documentation? Who maintains this documentation? Maintain for six years. Maintain for six years. What purpose does it serve, other than meeting regulation requirements? What purpose does it serve, other than meeting regulation requirements? –Government investigations (OCR requests copies) –Proof of education during disciplinary process

46 46 Other Considerations What else do you consider to be important elements in your Privacy & Security Training program? What else do you consider to be important elements in your Privacy & Security Training program?

47 47 May You Have Exciting, Yet Smooth HIPAA Training Seas Ahead! Thank you!


Download ppt "1 The HIPAA Training Program Life Jacket Keeping your staff afloat in the sea of HIPAA Rules & Regulations Holly Schlenvogt, MSH Privacy Officer Medical."

Similar presentations


Ads by Google