Template:HIPAA Compliance: An Introduction/Introduction
Reason and scope
In the U.S. healthcare industry, there are two main regulatory laws: the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The first is aimed at clinical laboratories and the second applies to the vast majority of healthcare settings. This training guide is aimed at providing some accurate and useful training to those required to comply with HIPAA. Indeed, HIPAA training is mandated in the law itself, particularly by the United States Department of Health and Human Services (HHS), which summarizes that responsibility as such:
Workforce members include employees, volunteers, trainees, and may also include other persons whose conduct is under the direct control of the [covered] entity (whether or not they are paid by the entity). A covered entity must train all workforce members on its privacy policies and procedures, as necessary and appropriate for them to carry out their functions. A covered entity must have and apply appropriate sanctions against workforce members who violate its privacy policies and procedures or the Privacy Rule.
Anyone involved in healthcare has probably already realized that while their own entity's policies and procedures may well be in compliance, there is still a great deal of misunderstanding out there regarding HIPAA, as well as a general lack of knowledge of it beyond those measures that are in place where they happen to work. And it is also a matter of concern that industry professionals have encountered an alarming number of courses and guides purporting to provide an acceptable level of training, yet they prove to be significantly lacking in scope, clarity and in some cases accuracy.
This training guide is designed to provide a substantive, reasonably comprehensive understanding of all of the aspects of HIPAA that have bearing on most healthcare industry professionals. It is based almost completely on first-hand materials from the HHS (which the law charges with administration of HIPAA) and the actual Health Insurance and Portability Act of 1996 (HIPAA) law itself, rather than relying on secondary and tertiary interpretations and paraphrasing. However, these resources do not and cannot provide every detail for all scenarios. As such, several third-party sources were taken into account to gather and present the fullest comprehension of the materials and their relevance for the covered entities HIPAA affects.
Goals of this guide
The primary aim of this training guide is to supplement the requirement for HIPAA training as described above. Whether used to fulfill that directive, or as source for your own research, it is designed to provide the most comprehensive, clear and accurate general familiarity with HIPAA possible as it relates to those attempting to be compliant.
- Office for Civil Rights (26 July 2013). "Summary of the HIPAA Privacy Rule". United States Department of Health and Human Services. https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html. Retrieved 09 February 2022.