The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that is primarily known for the provisions pertaining to patient medical records privacy and security.

Healthcare providers, plans, and organizations must comply with HIPAA if they perform certain insurance related transaction electronically.

Additionally, any organization that handles protected health information as a contractor for a healthcare provider or plan will also be required to comply with HIPAA pursuant to a Business Associate Agreement.

There are exceptions though, please see our Knowledge Base answer for a more in-depth answer

If HIPAA applies to you, you must train your employees. The regulations are very clear on that fact.

Except for independent contractors (who would need to have a Business Associate Agreement) anyone with access patient records must be trained. This includes volunteers, interns, and student. If they have access, they need to be trained, regardless if they are paid or not. This group of people are called your "workforce" in the regulations.

Through a random audit or compliance review, if the Department of Health and Human Services (HHS) discovers that your workforce is untrained, financial penalties could be assessed simply because of the lack of training.

However it is far more likely that the untrained employee is responsible for or involved in a breach or patient complaint; after all, they may not know anything about HIPAA. At that point, HHS will come in and review your office. The lack of training (or documentation of training) of that employee can greatly enhance the penalty for the breach, from the minimum $25,000 per year, up to a maximum of $1.5 million per year. The fine is greatly dependent on all of the circumstances surrounding the breach or complaint, but the lack of training will always make it worse. Training your workforce with YHT is both efficient and inexpensive. There is no reason to risk it; absolutely no reason.

Training your workforce is required by the regulations, however there are many other things you'll have to do. Luckily, our Advanced Training course covers all of these other requirements. The advanced training and our customizable sample forms, agreements, and policies give you all the tools you need.

The only other real option, aside from hiring an attorney, is in-person trainers. They will come to your office, train your staff all at once, and leave. Trainers are expensive; you have to pay the trainer thousands AND shut down to train your team. New hires present another problem, you cannot wait 11 months to train a new employee. Ideally, they should be trained before they are given access to your patient's records. It is also difficult to know the quality of a trainer before they show up. Unless part of a larger program, they also rarely provide materials like forms and policies.

Perhaps the only real advantage to an in-person trainer is that they are available to answer question on that one or two days To mitigate this disadvantage, we have created the Knowledge Base to answer any questions you may have, whenever you have them.

Our course runs right from the browser, so any device or operating system can run our training videos. Our other materials either come in Word documents and/or PDF. Generally, just about any system capable of playing a internet video can play our course.

Not at all. You and your staff can begin training immediately after your purchase. All training modules are hosted online — no download of HIPAA software is required.

The basic training, done all at once, takes a little under an hour; including the videos and quiz. However, there is no need to do it in one sitting, each trainee can individually work through the course at their own pace.

We’re glad you asked! With members in all 50 states, CEDR HR Solutions is the #1 provider of individually customized, HR-compliant medical and dental office employee handbooks and a leading provider of on-demand HR support. Through high-quality policies, support and training, we help practices of all sizes and specialties to manage risks and avoid lawsuits, saving you money, stress, and time.