The Health Insurance Portability and Accountability Act (HIPAA) was established to set national standards to protect individual’s medical records and other personal health information. The Occupational Health and Safety Act (OSHA) was established to ensure safe and healthful working conditions by enforcing standards and by providing training, education, and assistance.
Both acts have mandatory training requirements that can often be a source of confusion for medical and dental practices. Are we required to train annually? Who does training apply too? How long should training be? What topics should be covered? If we do not hold training will we be subject to fines?
The answers to many of these questions can be found at OSHA.gov or HHS.gov, however, some of these questions are not as clearly defined and can rely heavily on the interpretation of the law.
1) Does OSHA/HIPAA training need to be conducted annually?
Yes, annual OSHA training for all employees is mandatory, and training for new-hire employees must be completed within ten days of hire.
HIPAA requires organizations to provide training for all employees, new workforce members, and periodic refresher training. The definition of “periodic” is not defined and can be left open to interpretation. However, most organizations train all employees on HIPAA annually. This is considered to be a best practice. Regulations are updated yearly, so it can be difficult for practices to stay current. Failure to comply can result in fines or other consequences.
2) Who does training apply too? Should the doctor or dentist also be trained?
OSHA training is mandatory for all employees, including the doctor, nurses, receptionists and part-time employees.
HIPAA training is mandatory for anyone who comes into contact with protected health information (PHI). This includes doctors, dentists, nurses, receptionists and part-time employees/interns.
Employees in certain positions such as HIM, information technology network administration, or regulatory compliance staff members, may need more specialized training.
3) How long should training be?
HIPAA doesn’t specify a particular length for training. What matters most is the content of the training and that the information is taught effectively.
Proper training for OSHA and HIPAA cannot be conducted in just a few minutes. However, it does not require weeks of training either.
4) What topics should be covered?
Employers should refer to OSHA’s web site (www.osha.gov) for specific training requirements of OSHA standards. Specific, HIPAA training requirements can be found at (www.hhs.gov).
OSHA & HIPAA requirements as of 2013 include:
The following topics must be given to new employees, or if there is a change in the job procedures that introduces a new hazard:
5) Are we required to keep proof of training? If so, what documentation is required?
Yes, it is very important that the training is documented. HIPAA requires that training is documented. Although it is not specific to how training must be documented.
OSHA also requires training be documented. Records provide evidence of the employer`s compliance with OSHA standards. Training records should include:
6) Can we be fined if we don’t conduct training, or fail to hold it annually?
Yes, OSHA failure to train citations can be issued if just one missed employee training. OSHA penalties can range from $0-$70,000, depending upon how serious the violation.
HIPAA issues penalties up to 1.5 million depending on the provision of HIPAA violated. Some HIPAA violations can lead to civil or criminal penalties for employees. If employees weren’t provided adequate training, it could cause a greater risk of litigation in the event of such termination. Doctors and nurses can also be charged with ethical violations and might risk sanction or loss of license.
7) What are some example citations that can be given?
Each year the Occupational Safety and Health Administration issues citations to employers in the healthcare industry. Below is a list of 10 frequent citations issued to physicians’ offices and clinics in the last six months of 2011.
10 examples of OSHA citations for physicians’ offices and clinics
10 examples of HIPAA violations
Medical and Dental practices that recognize and value the importance of training employees on HIPAA and OSHA laws and procedures are less likely to have any reported complaints, receive a citation, or fail an audit. Both HIPAA and OSHA training are crucial to ensuring safe and healthful working conditions for employees and patients and for protecting patient’s private health information.
If your facility is seeking training or has questions regarding healthcare compliance guidelines contact the experts at MedSafe. MedSafe is the leading one-stop resource in providing healthcare compliance programs in the United States. Our Compliance Consultants are safety professionals who specialize in healthcare safety and have the experience needed to teach your staff the essence of good safety practices. Whether you need periodic specialized assistance to augment your in-house capabilities or turnkey management programs, MedSafe can help minimize your risk and time, while maximizing your peace of mind. We offer a wide variety of onsite and online training courses including: