The HIPAA training requirements for new hires are that new members of the workforce must be trained on an organization’s policies and procedures with respect to Protected Health Information that are relevant to the new hire’s functions within a reasonable amount of time of the new member of the workforce starting work with the organization.
In the context of the HIPAA training requirements for new hires, the HIPAA Privacy Rule training standard (§164.530(b)) is deliberately flexible in order to accommodate other types of training that may have to be provided when a new hire starts working for an organization. Nonetheless, due to the risk of an unintentional HIPAA violation or data breach due to a lack of knowledge, it is advisable to provide HIPAA Basics training to new hires at the earliest possible opportunity.
HIPAA Basics training covers subjects that some new hires may not be familiar with and give a comprehensive overview of HIPAA compliance. The provision of HIPAA Basics training ensures that new hires do not violate HIPAA or impermissibly disclose Protected Health Information due to a lack of HIPAA knowledge, and also that – when policy and procedure is provided to new hires – the policies and procedures are easier to understand and comply with.
The provision of HIPAA Basics training also ensures new hires can connect HIPAA compliance with security awareness training. It is often the case organizations ignore the General Requirements of the HIPAA Security Rule (§164.306) and provide “generic” security awareness training, rather than security awareness training designed to protect against reasonably anticipated threats and disclosures of Protected Health Information not permitted by the HIPAA Privacy Rule.
What Further HIPAA Training Requirements for New Hires Exist?
Further HIPAA training requirements for new hires are event specific. Events that may prompt further HIPAA training requirements for new hires include material changes to policies and procedures, the outcome of a risk assessment or periodic evaluation, the implementation of new technologies, or when HIPAA training is required for all applicable workforce members following a privacy complaint or compliance investigation by HHS’ Office for Civil Rights.
HIPAA training can also be imposed as a workforce sanction for a violation of any HIPAA Privacy Rule standard – even if the standard has not been covered in HIPAA policy and procedure training (see §164.530(e)). The risk of a workforce sanction due to a lack of HIPAA knowledge or the failure to understand HIPAA policies and procedures often prompts new hires to subscribe to online HIPAA Basics training courses when they are not provided by their employers.
New hires may also receive further HIPAA training if an organization provides annual HIPAA refresher training or incorporates HIPAA awareness into other mandated training. Other mandated training includes OSHA bloodborne pathogen training, CMS emergency preparedness training, and state anti-harassment training. HIPAA training might also be part of a Continuing Education training program required to maintain a new hire’s professional license.
Further Information about HIPAA Training Programs for New Hires
HIPAA covered entities and business associates who are concerned that their existing HIPAA training programs for new hires exposes Protected Health Information to impermissible disclosures and data breaches are advised to evaluate online HIPAA Basics training courses that are accredited by a recognized training assessor and that offer sample modules to ensure the course content aligns with HIPAA policies and procedures.
New hires concerned that their lack of HIPAA knowledge may result in a workforce sanction are advised to speak with their organization’s HIPAA privacy Officer to request a HIPAA Basics training course. If the organization’s HIPAA Privacy Officer does not agree to your request, it is advisable to subscribe independently to an accredited online HIPAA Basics training course that also offers a certificate of completion when you pass an end-of-course test.