If there’s one key point you take away from this article, let it be this: health information — yours and everyone else’s — must be kept secure at all times. And anyone who handles your health information should know how to do so.

In a nutshell, that is the point of completing HIPAA training requirements.

Before we proceed, a quick refresh on what HIPAA is: it refers to the Health Insurance Portability and Accountability Act of 1996 and was originally enacted to set up a series of federally mandated standards “to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.” In other words, your health information is personal. You have the right to know when it is being shared and authorize its usage.

What even is required HIPAA training?

We recognize that the words “required HIPAA training” may not be the most scintillating ones to come across in the vast universe of the internet –– but as trainings go, it’s an essential one.  

For anyone who handles personal health information (also known as PHI, it refers to any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA-covered entity) –– and it’s pretty much certain that HIPAA compliance training will be required. This training equips handlers with an understanding of how to keep information secure and what to do if such information is ever compromised (more on that below).

Is HIPAA training required by law?

One important point of distinction to remember here is that as a law, HIPAA applies only to the following:

  • Covered entities, or CEs, which refers to health care providers, clearinghouses, insurers, and business associates
  • Business associates, or BAs, which refers to someone outside of a CE who handles PHI for purposes like billing, claims processing, or data analysis
Screenshot from Ethena's HIPAA course
Screenshot from Ethena’s HIPAA course

Why should we care about HIPAA training requirements?

You might be thinking: We’re a tech company. A valid question, and here’s the answer: Tech companies, by virtue of the digitization of most records these days, are tasked with handling a ton of health-related information. Because of that, all tech company employees who touch any part of PHI must:

  • Take that responsibility seriously 
  • Know how to keep it secure

1. To prevent data breaches

Should a breach occur, it can have widespread and damaging consequences for everyone involved –– the individual whose information was compromised, the company’s reputation as a secure stakeholder of health information, and the company, which could be subject to serious financial and civil penalties. 

Think HIPAA violations aren’t really happening all that much? Think again: between 2017 and 2021, HIPAA complaints increased by 39% and breaches increased by 58%. 

2. To prevent fines

In recent years, hefty fees have been levied on companies for not taking sufficient steps to protect patients’ PHI: 

  • In 2021, a New York health plan company paid $5.1 million to the OCR (Office for Civil Rights) after an investigation revealed poor cybersecurity practices had led to a data breach of over 9.3 million patients’ PHI.
  • Also in 2021, an Arizona-based nonprofit paid out $200,000 to settle allegations that it did not provide patients access to their medical records in a timely manner.

The bottom line

With the right foundation and knowledge of HIPAA, your company can protect its customers  and avoid violations and penalties.

Here’s why required HIPAA training is necessary at your tech company

1. Even if you don’t work specifically in the field of health care…

It’s entirely understandable you may have a why-should-I-care POV if you’re not working directly with patients, but here’s the key point: If you encounter sensitive health related information as part of your job, you’re subject to HIPAA laws governing PHI protection. 

What’s more, a whole swath of tech companies are categorized as BAs (or business associates, as referenced above) –– which means they service the platforms and supply the innovative solutions used by:

  • Physicians
  • Hospitals
  • And health care customers

So ultimately, when you handle PHI, you’re required to ensure it stays protected.

2. You’ll learn the safeguards to protect yourself — and your company.

How many times have you casually stepped away from your work computer for a quick coffee break? It’s likely you didn’t log off, allowing your screen to remain visible. (For the record, don’t do that!) 

The serviceable takeaway here is that when your job requires handling private, sensitive information, knowing how to safeguard it (at all times) is crucial to keeping individuals’ PHI safe. And by adhering to HIPAA training requirements, you ensure you have the basics and the know-how to implement them.

After all, knowing the requirements is the first step, but also knowing how and when HIPAA is enforced is helpful, too.

3. Protecting PHI is a serious business, and needs to be taken seriously.

As we’ve noted above, penalties for failing to comply with HIPAA regulations should never be taken lightly –– and companies are increasingly being held criminally liable should a breach occur. Depending on the particular situation, civil monetary penalties can range from $100 to well over $50,000.

And criminal penalties can result in a jail sentence from one to 10 years. So equipping your employees with the right knowledge and skills benefits everyone in the long run.

How Ethena can help with HIPAA training requirements

So glad you asked. We’ve got a whole catalog of reasons, but here are three of the top ones:

1. Ethena’s training is digestible, never dense. 

Basically, we don’t overwhelm your employees. Ethena takes complex topics and breaks them down into bite-size chunks for content that’s:

  • Easy to read – we use conversational language, so no need to consult a dictionary here
  • Relatable – with an emphasis on why it applies to your workplace and workforce
  • Relevant – we include plenty of timely examples and real-world scenarios

2. Take the training when and how you want

Ethena’s training is entirely online –– which means it’s convenient to access anytime you want. It can be taken:

  • On your laptop
  • From your mobile device
  • Or even listened to in audio form while on your daily commute.

And if you need to pause and come back to it, we save your progress so you can pick back up exactly where you left off.

3. Did we mention how engaging it is? 

Say the word “training” at your next meeting and chances are, your direct reports do little more than roll their eyes in response. Well, not to toot our own horn (okay, maybe a little), but Ethena has received over one million positive ratings from our learners. 

When was the last time you positively rated company-required training? Jokes aside, we take great pride in our content: It’s written by real writers and incorporates everything from delightful puns to humorous videos to eye-catching illustrations. I mean, we literally work with comic book artists.

Connect with us about your HIPAA training requirements!

As a CE or BA, it’s important to be well versed in required HIPAA training for your employees. Violations can have significant criminal and civil penalties, so we’re here to help you take steps toward ensuring your employees are properly trained! 

Ready to get current with your online HIPAA training? Let’s talk! And if you’d like to get a closer look at what we do (and see for yourself why those one million learners really like our content), request a sample training today.  

HIPAA request demo image