Author's Note: It is important for all acupuncturists to remember that no matter the size of your office or staff, every health care practice collects and manages protected health information (PHI). Privacy and security rules under state and federal law must be observed and followed, whether you are a solo practitioner or work in a large group with staff. The HIPAA privacy and security rules are intentionally flexible and scalable to cover every type and size of health care practice.
While no specific HIPAA training requirements are described in law, accepted health care best practices should be followed by acupuncturists when compiling "necessary and appropriate" security awareness training, HIPAA training for employees at onboarding, and HIPAA refresher training programs. Let's start with some do's and don'ts to keep in mind.
Training Do's and Don'ts
Do keep the training short and sweet. One-hour training sessions are recommended.
Do use "periodic" refreshers, as suggested by the HIPAA security rule. Annual HIPAA refresher training is sufficient to meet the "periodic" requirement.
Don't forget solo practitioners have to document their annual training; especially if you are the only person in the office collecting and managing PHI. You need to document that you have completed a review of your practice's HIPAA privacy and security policies. In the event of an OCR investigation or audit, it is important to be able to produce the content of the training, as well as when it was administered.
Do include all office personnel in the training. Even if staff has no contact with PHI, it is essential they are seen to be involved with HIPAA compliance training.
Do provide regular security awareness training for yourself and any staff. Use examples based on data breaches from other small and solo practices.
In most cases, the HIPAA training requirements for employers only apply to employers who are HIPAA covered entities or business associates. They have to provide HIPAA training to all employees, regardless of their role within the organization, as per the administrative safeguards of the HIPAA security rule.
If an acupuncturist is not a HIPAA-covered entity, and therefore never engages in HIPAA-covered transactions (i.e., verifying insurance benefits or submitting claims transactions), then HIPAA privacy rule training only needs to be provided to employees with access to protected health information.
Why It Matters
Documenting your annual HIPAA training and the review provided to any employees is a requirement of HIPAA. When HIPAA rules are changed or updated, your practice's policies and procedures need to reflect those changes. This information needs to be included in both your personal refresher training and documented for any employees. This way, acupuncturists and their staff do not have to take the same training over and over. Completing a refresher training with HIPAA updates keeps your practice and employees current with all compliance training requirements.
Author's Note: For more information related to this article, please visit www.patientdataprotection.com or call Matthew Fiorenza, data security specialist, at 352-268-5088, ext. 4.
Do you receive text messages from companies letting you know about offers or giveaways, or simply sharing news? If your answer is yes, then you have opted in for SMS (short message service) text-message marketing. SMS text-message marketing uses various platforms and software to send personalized, timely and sometimes interactive messages.
The Oregon College of Oriental Medicine (OCOM) has announced it is closing after 41 years. Pending accreditor approval, OCOM will cease offering classes after September (fourth-year OCOM students graduate Aug. 26). All current / incoming OCOM students have the option of continuing their education at the National University of Natural Medicine or Five Branches University, or transferring to another school altogether.
| Digital Exclusive
The end of cancer treatment does not necessarily signal a return to good health. Cancer survivors report poorer health and well-being than people who have not had cancer; many suffer chronic consequences of cancer and its treatments. Some may also develop new symptoms many years after treatment has ended.
