The Federal Government has specific HIPAA (Health Insurance Portability and Accountability Act) requirements that include annual training. According to the U.S. Department of Health and Human Services, as part of HIPAA Administrative Safeguards, a covered entity must train on an annual basis, all workforce members regarding its security policies and procedures.
Compliance with HIPAA law is of course a strong driver for this training, but it is crucial that healthcare entities make their employees aware of the variety of cyber risks that can affect their practice and their clients. Your team at all levels, should be knowledgeable on the value of medical data to criminals and the black market. They should know what the risks are to patients if their personal medical data is stolen. Employees must be made and kept aware continuously of your institution’s policies and procedures in the area of HIPAA, security and privacy, including escalation procedures, contingency plans and more.A HIPAA training program must be engaging and ensure retention in the employees’ minds. Cybersecurity needs to be a #1 priority while making decisions of any kind in the healthcare industry today.