As modern medical standardization continues, the field of traditional Chinese medicine has the advantage of comprehensive personalization. For rare or complex cases, deeper consideration of constitution is invaluable. Proper constitutional assessment, especially with first-time clients, can guide desirable and predictable outcomes. This leads to a higher rate of return, and greater trust between you and your patient.Â
Annual HIPAA Compliance Training
Author's Note: It is important for all acupuncturists to remember that no matter the size of your office or staff, every health care practice collects and manages protected health information (PHI). Privacy and security rules under state and federal law must be observed and followed, whether you are a solo practitioner or work in a large group with staff. The HIPAA privacy and security rules are intentionally flexible and scalable to cover every type and size of health care practice.
While no specific HIPAA training requirements are described in law, accepted health care best practices should be followed by acupuncturists when compiling "necessary and appropriate" security awareness training, HIPAA training for employees at onboarding, and HIPAA refresher training programs. Let's start with some do's and don'ts to keep in mind.
Training Do's and Don'ts
Do keep the training short and sweet. One-hour training sessions are recommended.
Do use "periodic" refreshers, as suggested by the HIPAA security rule. Annual HIPAA refresher training is sufficient to meet the "periodic" requirement.
Don't forget solo practitioners have to document their annual training; especially if you are the only person in the office collecting and managing PHI. You need to document that you have completed a review of your practice's HIPAA privacy and security policies. In the event of an OCR investigation or audit, it is important to be able to produce the content of the training, as well as when it was administered.
Do include all office personnel in the training. Even if staff has no contact with PHI, it is essential they are seen to be involved with HIPAA compliance training.
Do provide regular security awareness training for yourself and any staff. Use examples based on data breaches from other small and solo practices.
In most cases, the HIPAA training requirements for employers only apply to employers who are HIPAA covered entities or business associates. They have to provide HIPAA training to all employees, regardless of their role within the organization, as per the administrative safeguards of the HIPAA security rule.
If an acupuncturist is not a HIPAA-covered entity, and therefore never engages in HIPAA-covered transactions (i.e., verifying insurance benefits or submitting claims transactions), then HIPAA privacy rule training only needs to be provided to employees with access to protected health information.
Why It Matters
Documenting your annual HIPAA training and the review provided to any employees is a requirement of HIPAA. When HIPAA rules are changed or updated, your practice's policies and procedures need to reflect those changes. This information needs to be included in both your personal refresher training and documented for any employees. This way, acupuncturists and their staff do not have to take the same training over and over. Completing a refresher training with HIPAA updates keeps your practice and employees current with all compliance training requirements.
Author's Note: For more information related to this article, please visit www.patientdataprotection.com or call Matthew Fiorenza, data security specialist, at 352-268-5088, ext. 4.