Workforce members include employees, volunteers, trainees, and may also include other persons whose conduct is under the direct control of the entity (whether or not they are paid by the entity). A covered entity and business associate must train all workforce members on its privacy policies and procedures, as necessary and appropriate for them to carry out their functions. A covered entity and business associate must have and apply appropriate sanctions against workforce members who violate its privacy policies and procedures or the Privacy Rule.
Rights of Privacy
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates that Covered Entities, which includes health plans, healthcare clearinghouses, and most healthcare providers, may not use or disclose individuals’ health information for purposes unrelated to providing healthcare, managing their organization, or meeting their obligations under state and federal law, unless individuals specifically authorize them to do so. Ensuring all employees in an organization understand and uphold these rules is no easy task and is, to a large degree, a training and management problem. This is why the Department of Health and Human Services (HHS) has mandated annual privacy and security training, as well as regular reminders for all employees of Covered Entities.
HIPAA/HITECH Personnel Training Requirements for Business Associates
The American Recovery and Reinvestment Act of 2009, also known as the stimulus bill, includes a section called the Health Information Technology for Economic and Clinical Health (HITECH) Act that changes the way HIPAA is administered by, among other things, allowing HHS to regulate Business Associates directly and making them directly subject to the Security Rule. Business Associates include companies or individuals who perform activities on behalf of a Covered Entity and receive Protected Health Information from that Covered Entity.
Evolve e-Learning Solution’s training courses meet these training requirements.
Training on how to protect electronic health information