Who enforces HIPAA?
Updated: 5 days ago
In this article
How do you know if your company is complying with HIPAA?
What is the HIPAA minimum necessary standard rule?
How will HIPAA training help my company?
If you haven't heard, Ethena recently launched a new HIPAA training course, specifically for workers who aren't in hospital settings on their feet all day, but for the many thousands of workers out there who handle sensitive health information from their desks on a daily basis.
Who enforces HIPAA?
No really, who's in charge around here?
The U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and Security Rules. Other state and federal agencies also have certain responsibilities for enforcing HIPAA. As you’ll recall, HIPAA refers to the Health Information Portability and Accountability Act of 1996, which is designed to ensure that the sensitive health information of an individual is never shared without their awareness and consent.
As a company, how can you tell if you’re complying with HIPAA?
Here’s the deal: Taking HIPAA training is just one part of what’s required for a company to comply with HIPAA. In other words, solely completing the training does not make a HIPAA-compliant company.
Certain states have enacted laws (specific to them) on when to train HIPAA for employees. (Like California, which requires that health care provider employees and subcontractors complete HIPAA training –– but only prior to interacting with their first patient.)
Some guidelines exist on when and how frequently to administer HIPAA training and admittedly, they can seem a bit vague. For instance, HIPAA training should be given:
Within “a reasonable amount of time” when an employee has joined
And be repeated “periodically” when changes are made to policies or new concerns around HIPAA arise
The bottom line? Ideally, it’s best to have HIPAA training recur annually
And because there are no clear federal regulations dictating what must be included in HIPAA trainings, most (like Ethena’s HIPAA course) cover the following important topics:
The main HIPAA rules and regulations: HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, and the role of state laws
Basics and common terminology (like PHI, business associates, covered entities, etc.)
Security incidents and HIPAA violations
Patient access to health records
Common violations and precautions
What is the HIPAA minimum necessary standard rule?
As we outlined in a previous post about online HIPAA training, the fundamental purpose of HIPAA is to keep personal health information (PHI) secure. To that end, the “minimum necessary rule” is the standard applied to requesting or utilizing any health-related information for a specific purpose –– that is, providers must ask only for the information that is absolutely required.
Approaching health information through the lens of what is minimally necessary is a key element of the HIPAA Privacy Rule (which we cover in more detail in our online HIPAA training!). This rule was designed explicitly to make sure that an authorized individual accesses only what is essential –– and considering how crucial data privacy is, it’s vital that anyone who touches health-related information incorporates every layer of protection available to keep PHI secure.
How will signing up for HIPAA training help me and my company?
While it can depend on the specifics of your company’s needs, here’s a breakdown of some benefits you’ll receive from HIPAA training.
1. For those who work at the intersection of healthcare and technology, it’s timely and essential
Healthcare and technology go hand in hand these days, and that means tech companies –– those with clients like healthcare providers and medical device suppliers, and work with entities which handle PHI –– require HIPAA training so they also understand the intricacies of what’s required to keep sensitive health information protected.
2. Employees learn about the HIPAA legal landscape (and its importance)
Protecting health information requires an understanding of data privacy. In regards to HIPAA compliance, that means learning about the laws of HIPAA and how to handle and transmit PHI under HIPAA regulations and your company’s policies. Equally important is training employees to recognize a risk or breach and educating them on whom to turn to and what procedures should be followed so the situation is resolved quickly and efficiently.
3. It signals that the company deems HIPAA compliance essential
Signing on to HIPAA training lets everyone (from employees, to shareholders, to the public) in on the fact that the company and its leadership take HIPAA seriously. And that the company is committed to protecting itself from risks (legal and financial alike) that can arise if PHI is mishandled.
Okay, I’m convinced to sign up for training, but why Ethena’s HIPAA training?
1. It was created for tech people (not physicians)
Ethena’s online HIPAA training is designed for the compliance needs for people specifically in the tech space. We find it’s especially useful for internal teams like HR that, by virtue of their work, deal with company health plans and often require training on best practices to keep employee PHI secure.
2. Subject matter experts give our content their stamp of approval (every time)
At Ethena, we work directly with subject matter experts (SMEs) throughout the content-creation process to ensure our training stays up-to-date and relevant to the topic at hand. And before publishing, all material is reviewed and vetted by our team of legal experts (The laws don’t just apply to those taking HIPAA training, after all!).
3. It has engaging, relatable, and inclusive content
Say the words “training time” to your team, and practically everyone inwardly (some less silently) groans. But here at Ethena, our compliance training is different. We produce content:
With timely (and relevant) examples
That is written by thoughtful and informed content creators
That is enhanced by engaging visuals (produced by graphic designers, comic book artists, YouTube creators, you name it)
And with the aim to ensure our courses are educational and enjoyable
And since we realize the training you’ve come across in the past may not have aligned
with your company’s DEI initiatives, we thought we’d reassure you: Ethena uses a
research-driven approach that incorporates culturally- and racially-diverse identities and inclusive language, and ensures scenarios depicted are relatable, timely, and authentic.
4. We probably integrate with your in-house HR software
And because of that, we save your HR and compliance team tons of time! Check out our full list of integrations to see if we play nice with your HR software!
And while we’re on the subject, let’s talk about how easy Ethena makes it for your employees to get into their training. If your workplace uses Slack, Zoom Team Chat, or email for daily communication, integrating these programs with Ethena makes accessing training as convenient as possible.
Example of Ethena's Slack integration reminding your employees to take their HIPAA training
Time to take charge and train on HIPAA!
Ready to take the next steps to move your company toward complying with HIPAA? Let’s talk! And if you’re curious to see a sample training by Ethena and learn why it’s gotten over a million positive reviews from our learners, why wait? Request one today!