Security training for all new and existing members of the covered entity’s workforce is required by the compliance date (April 20, 2006) of the Security Rule. In addition, periodic retraining should be given whenever environmental or operational changes affect the security of EPHI. Changes may include: new or updated policies and procedures; new or upgraded software or hardware; new security technology; or even changes in the Security Rule. Specifically, the Security Awareness and Training standard states that covered entities must: “Implement a security awareness and training program for all members of its workforce (including management).”
What is provided in our Training
Your staff will be informed on current and new rules that apply to HIPAA by our in-house HIPAA consultants. They will learn the four implementation specifications that are apart of the Security Awareness and Training standard.
The four implementation specifications:
- Security Reminders (*Addressable)
- Protection from Malicious Software (*Addressable)
- Log-in Monitoring (*Addressable)
- Password Management (*Addressable)
*these specifications vary between each practice and organization
They will also learn what is expected in audits and how to handle PHI (Patient Health Information) both physically and electronically. Your staff will also learn how to handle a breach and how to minimize the percentage of a breach by making small, but ethical changes in their daily routine.