by Daniel J. Solove
There is a great quote in this article from HealthcareInfoSecurity: that expresses very well the importance and goals of HIPAA training programs:
Workforce training is important not only for preventing breaches, including those involving ID crimes, but also to help detect those incidents, [Ann Patterson of the Medical Identity Fraud Alliance] says. “Each employee must understand their role in protecting PHI. Equally important is regular and continued evaluation of the training programs to make sure that employees are adhering to the policies put in place, and that the ‘red flags’ detection systems are keeping pace with changing technologies and workplace practices.”
In addition to the excellent points in this quote, I believe that one of the keys in HIPAA training is to emphasize the human dimension. Following HIPAA’s rules can seem tedious and inconvenient, but doing so helps mitigate and prevent harm to patients. Medical ID theft is a serious and growing problem. Employees need to know that they shouldn’t be following HIPAA for its own sake but for the sake of patients. The most effective training makes an emotional connection — it explains not just what people should do or not do, but also why people should care.
Some useful resources:
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 21-23 in Washington, DC), an event that aims to bridge the silos between privacy and security.