HIPAA Audit Preparation Tip: Document Your Training
OCR, the Health and Human Services agency responsible for enforcement of the HIPAA Privacy, Security and Breach Notification Regulations, has begun a new phase of HIPAA audits. One of the things you can do to prepare for a potential audit is to document your practice’s HIPAA training. Here’s what you should start gathering and documenting:
- Samples of training materials – remember: training must be for Privacy (your specific Privacy Practices) AND Security Awareness and Reminders, and Breach Notification. If you use a “generic training” and nothing else, you could be at risk!
- Document when training was delivered (who took the training and when)
- Document how the training tracks to your Policies and Procedures. For example if your P&P’s state training is done at the time of hire but the documentation shows you have in some or all cases waited longer before training, or if you cannot prove that Security reminders are provided to all of the workforce –such as Physicians.
Source: June 28, 2016 Webinar featuring HIPAA expert David Ginsberg of PrivaPlan.