CAL HIPAA Subscriber’s Handbook
For Administrators of
Organizations with a CAL HIPAA Web Site Subscription
As the largest HIPAA information and compliance
assistance web portal on the Internet with over 4500 pages of user freindly
information, it can sometimes seem a bit overwhelming to the first time
visitor.
Below is a practical guide describing how to use our
web site for HIPAA compliance assistance and for educating your
organization’s Privacy and Security Officers, and for training your
workforce members to satisfy HIPAA’s employee training
requirements
An
Overview of Our Web Site Sections:
We have conveniently organized our site into several
distinctive sections with navigational links for each section located on the
right side of our homepage and each section main page.
Our web site sections include:
Section:
HIPAA Forms. This section contains all necessary policies and procedures,
forms and checklists to satisfy HIPAA’s requirement that health care
providers have polices and procedures in place to assure the protection of
patient’s health information. All documents are downloadable and fully
customizable to suit the needs of any health care provider or covered entity
under HIPAA.
Section:
HIPAA Compliance Manual. This section contains our 116 page easy-to-read,
easy-to-understand HIPAA compliance guide covering every element of HIPAA's
Privacy and Security regulations. It is downloadable and printable for
distribution to management for compliance implementation assistance and for all
workforce members for required training purposes.
Section:
Workforce Training. This section contains an overview of how our online
HIPAA workforce training and testing works, the benefits and features of our
online workforce training and testing, and FAQ’s about our online
workforce training, testing and training documentation. From this section you
can access our online HIPAA training courses (called Webinars) to start your
training.
Section:
Training Webinars. This section contains our online HIPAA training courses.
Our training courses are called Webinars. A
Webinar is an acronym we use for “Web
Seminar”. A Webinar is a fancy word for a
multimedia web site presentation which all takes place on our web site. This
section of our web site contains two different training Webinars. One training
Webinar is our Level One training
Webinar. It is designed for owners, management and
Privacy & Security Officers in satisfying all of HIPAA's compliance and implementation requirements. It is
extremely comprehensive and covers every aspect of HIPAA’s Privacy and Szecurity regulations. Our other training
Webinar is our Level Two training
Webinar. It is tailored for workforce members and
meets HIPAA's requirements for Privacy and Security
awareness training for insuring the confidentiality, integrity and security of
protected health information. Our Level Two workforce Webinar, although not as lengthy or comprehensive as our
Level One Webinar, provides all the essential
elements required to satisfy HIPAA’s workforce
training requirements.
Section:
Testing. This section allows individuals who have taken out training
Webinars to test their knowledge of
HIPAA’s Privacy and Security regulations. Just
like we have two different Webinars, we also have
two different tests. Our level One test is for
individuals who have completed our Level One Webinar for owners, management and Privacy & Security
Officers. Our Level Two test is for individuals who have completed our Level
Two Webinar for workforce members. Our HIPAA
training tests can be taken as often as desired. Results are displayed online
with explanations of each answer. Tests are also e-mailed to the taker for
training documentation - a HIPAA requirement.
Section:
Training Documentation. HIPAA requires that all health care providers
document the HIPAA training activities of all their workforce members. This
section of our web site allows every workforce member to access special logs
which we keep on our web servers which record their individual activities
whenever they use our web site. These individual workforce member activity logs
can be saved on the user's computer or they can be printed out and saved for
their employer’s records.
Section:
Implementation Guidelines.
HIPAA’s Privacy and Security numerous
regulations each have many requirements. In this section of our web site we
have conveniently catalogued each regulation – with each regulation having
it’s own overview, implementation guidelines
and special considerations where necessary and appropriate. This section of our
web site is most commonly used by Privacy & Security Officers and
management for implementing and maintaining HIPAA’s many requirements, but is a good reference
source for any employee interested in broadening their knowledge of
HIPAA.
Section:
Tutorials. This section of our web site contains over 100 categorized
tutorials covering the fundamental elements of HIPAA’s Privacy and Security regulations. These
tutorials are most commonly used by Privacy & Security Officers and
management for implementing and maintaining HIPAA’s many requirements, but they are also
wonderful learning aids for any employee desiring a more in-depth understanding
of HIPAA’s Privacy and Security
regulations.
Section:
FAQ’s. This section of our web site contains an
enormous library of “Frequently Asked Questions” about
HIPAA”s Privacy and Security
regulations. They are updated routinely as new questions arise, and as
HIPAA’s regulations change. These FAQ’s
are most commonly referenced by Privacy & Security Officers and management
for implementing and maintaining HIPAA’s many
requirements, but they are also wonderful learning aids for any employee or
individual desiring a more in-depth understanding of HIPAA’s Privacy and Security
regulations.
Section:
HIPAA Directory. This section of our web site contains a gigantic HIPAA
catalog containing detailed listings of companies offering HIPAA compliant
products and services throughout the United States.
HIPAA’s Security
Rule (Section 164.308(a)(5)(i)) and
HIPAA’s Privacy Rule (Section 164.530 (b) (1))
requires that all covered health practitioners and health care organizations,
health plans, clearinghouses, and all other covered entities, provide training
for all workforce members to assure the protection of the confidentiality,
integrity and security of all individual’s personally identifiable
protected health information. HIPAA requires that workforce members be familiar
with Privacy and Security polices and procedures with respect to protected
health information and that all individual workforce
training be documented in written or electronic form and retained for a minimum
of six years.
Our web site was designed exclusively to assist all
required or interested organizations to easily and expeditiously train their
workforce members and document all individual training activities. Successful
implementation of the following step-by-step procedures will satisfy
HIPAA’s workforce training and documentation
requirements for any organization.
First,
download our HIPAA Compliance Manual onto your computer. Print out as many
copies as necessary to make sure that all your workforce members have a copy to
read. If large quantities are needed, such as with a large hospital with
several hundred employees, your local Kinkosâ
Printing Services can print out copies in quantity. Note that it is not
necessary to have a copy for each workforce member. You need only print enough
copies – in your estimation - to assure that a copy can be immediately
available for every workforce member to read and access for future
reference.
Second, get
your workforce members to read and study it. It contains easy-to-understand
descriptions of all the essential fundamental elements of HIPAA’s Privacy and Security
regulations.
Third,
require each of your workforce members to take one of our two online HIPAA
training Webinars. As mentioned, we have two
training Webinars. Our Level One HIPAA Training
Webinar is an intensely comprehensive presentation
encompassing all aspects and elements of HIPAA. It includes over 250 segments
and, depending upon reading skills and retention rates, it can take between 6
and 10 hours to complete. It is designed for company Privacy and Security
officers, company directors & officers, and upper level management. Our
level Two HIPAA Training Webinar is not as
comprehensive as our Level One Training Webinar but
covers HIPAA fundamental issues and elements, and satisfies
HIPAA’s workforce training requirements. It
includes 24 segments and, depending upon reading skills and retention rates, it
can take between 1 and 2 hours to complete. You have a decision to make here.
Which employee takes which Webinar? You are under
no legal obligation or requirement to make any employee or group of employees
take one Webinar or the other. HIPAA requires only
that your workforce members be “trained”. The decision how to train
your employees, and to what degree, is entirely up to you. For purposes of
meeting your HIPAA legal obligations, and especially for due diligence
considerations beyond the scope of HIPAA, we recommend that all persons in a
position of upper level authority take the more comprehensive Level One Privacy
& Security Officer Training Webinar. This would
include all owners, board directors, company officers, administrators,
department heads, HIPAA Privacy and Security Officers, and all doctors
We recommend that all other regular workforce
members, including full and part time employees and volunteers such as nurses,
secretaries, clerical staff, receptionists, engineers, janitors, telephone
operators, and technicians take the Level Two Workforce Training
Webinar.
Fourth, after
completing the Training Webinar require each person
to take the appropriate HIPAA Test. Like our two levels of Training
Webinars, we also have two corresponding levels of
HIPAA Tests. Our Level One Privacy and Security Officer HIPAA Test
is designed for those persons who complete our Level
One Privacy and Security Officer Training Webinar.
Our Level Two HIPAA Test is for those persons who complete our Level Two
Workforce Training Webinar. There is no limit to
how many times a test may be taken. Tests may be taken as often as desired.
Each time a person takes a test, they are required to enter their name, e-mail
address and employee ID number (if they have one). Each test consists of 20
randomly selected questions from our database of hundreds of questions. Test
results are displayed online after completion of the test with explanations for
each question and answer. Additionally, all test results are immediately
e-mailed to the test taker after each test. This satisfies HIPAA requirement
for documentation of training. Depending upon your company policies, the
e-mailed test results may be kept by the workforce member or the results may be
forwarded to a company administrator for printing out or saving to a computer
for record-keeping. Note of interest: Our testing system is configured to offer
a printable “Certificate of Achievement” whenever a test taker
correctly answers 18 of the 20 questions. The scoring standard we selected for
issuing the certificate is arbitrary and non-adjustable. You are not obligated
under HIPAA to accept our scoring standard of 90%. You are allowed to set your
own scoring standard for your workforce members. In other words, if you
determine that a score of, say, 50% (10 correct answers out of the 20) is
acceptable to your organization, then that is acceptable to HIPAA. Some
organizations set higher standards than others. 50%
correct; 60% correct; 75% correct; 90% correct. Whatever the percentage,
the decision is entirely yours. However, if you choice a passing score of less
than 18 out of 20 correct for your workforce members, then test-takers will not
be offered our “Certificate of Achievement”.
Fifth,
require your workforce members to download or print out their individual
“Activity Logs” from our web site. Every time one of your
workforce members visits our web site, a log is kept of every web page they
visit and how long they visited each web page. These are called “Activity
Logs” and they are available to each workforce member for downloading or
printing out for record-keeping to further satisfy your organization’s
legal HIPAA requirement that all your workforce members document their
individual training activities.
As complex as HIPAA is, satisfying
it’s workforce training requirements can be a
relatively painless and uncomplicated experience. By following all the above
recommended procedures, you will fully satisfy your legal federal HIPAA Privacy
and Security requirements for workforce training and documenting their training
activities.