How Long is HIPAA Training

Employee training is a requirement mandated by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA training includes educating employees on HIPAA standards, your organization’s internal policies and procedures, and proper use of social media. You may be asking yourself how long is HIPAA training? 

HIPAA Training With Compliancy Group

Compliancy Group offers employee training as part of the HIPAA compliance program. Our HIPAA training is self-paced, allowing employees to complete their training courses according to their own schedule. Our HIPAA training program is fully trackable, allowing administrators to check on individual employee progress. Additionally, our software allows employees to legally attest that they have read and understood all of the training materials, giving you peace of mind that employees will understand their HIPAA obligations. 

How long is HIPAA training with Compliancy Group? Our HIPAA training program takes employees 1 – 2 hours to complete. Employee training must be completed annually for each employee. Employees must be trained, as soon as reasonably possible, upon being hired.

Employees will be trained on:

  • HIPAA Standards: HIPAA compliance requires organizations and their employees to adhere to the minimum necessary standard when accessing protected health information (PHI). HIPAA training dictates the proper uses and disclosures of PHI. In our HIPAA training module, employees learn when they may or may not use and disclose PHI. Additionally, PHI must only be accessed for a specific job function. Accessing PHI without cause violates the minimum necessary standard, and therefore HIPAA. 
  • Policies and Procedures: An essential element of HIPAA training is employees understanding of their organization’s internal policies and procedures. In the past, many organizations used a manual for their policies and procedures. However, the Department of Health and Human Services (HHS) no longer deem a HIPAA manual HIPAA compliant, as they are largely ineffective. Organizations must have policies and procedures that are customized to apply directly to their business practices. 
  • Social Media Use: With the growing use of social media, employees need to be aware of how their social media use can be a HIPAA violation. Employees cannot post any patient information on social media platforms without explicit written authorization from the patient. That includes patient testimonials, pictures of patients (even if they’re in the background), and any protected health information. Even when responding to patient reviews, providing any information that confirms that the person is a patient is a HIPAA violation, a simple “thank you” or “please call our office” are the only HIPAA compliant responses.