Elements of an Effective
HIPAA Attestation Template
The Health Information Portability and Accountability Act (HIPAA) mandates specific standards for organizations and individuals who interact with patients’ protected health information.
One of those standards relates to the regular training of employees who may come in contact with PHI as a part of their jobs. How should compliant organizations handle this training, and should they have a HIPAA attestation template?
Do I Need a HIPAA Attestation Template?
HIPAA’s rules and regulations mandate that employees receive annual training on policies and procedures regarding the use of patient PHI. This obviously means that an organization must first have these policies and procedures in place.
Many HIPAA violations result from companies having outdated or ineffective policies in place. These violations have resulted in substantial fines for the organizations cited. One of the benefits that Compliancy Group provides for its clients is a full slate of HIPAA tested policies and procedures that are customizable to your organization and how you do business.
In addition to requiring annual training, HIPAA also requires a record of training to be maintained. As far as the regulators are concerned, if you can’t prove that the training was done, it never happened.
All Compliancy Group clients also have access to a suite of employee training materials that satisfies the annual requirements mandated by HIPAA. The training can be assigned to employees, and attestations recorded and tracked within “The Guard,” the compliance automation software solution offered by Compliancy Group.
What Should Be Part of an Effective HIPAA Attestation Template?
While there is no one correct method for training attestation and tracking, there are a few things to consider. The training and attestation process should be the least cumbersome method possible that provides the greatest flexibility for all employees. There also should be a way to easily retrieve the attestations in the event of a HIPAA audit.
Most experts agree the following items should be included on the attestation form:
- Name of practice, facility, or organization
- Name of employee receiving training
- Employee work location (if applicable)
- List of all training being attested to
- Effective calendar year of training
- Employee signature
- Date of signature
It is wise to include language in the attestation that signifies that the employee reviewed, understood, and agrees to abide by the organizational policies and regulatory requirements. There should also be a statement certifying that all training was completed.
Some organizations also include a statement that failure to comply with or a violation of policies and procedures covered by the training can result in disciplinary actions.
