.

HIPAA Security Training

<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Fri Jun 18, 2010 6:17 am

HIPAA Security Training

OK folks, here is my dilemma:  we have a requirement to have employees take a HIPAA security test for HIPAA training and am not sure how it applies to temporary employees.  One scenario that was brought to me was what if there is a temporary employee who works for one day, a couple of days or one week; do they need to take this training?  HIPAA guidelines are not very clear and concise in my opinion. 

I just want to make sure that we are covered and fulfill the HIPAA requirements for security training.  Has anyone been in this situation before?

Thanks all!
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Fri Jun 18, 2010 9:49 am

Re: HIPAA Security Training

I don't know if it is applicable to the private sector, but when I was  in the National Guard, the only people that had to be HIPAA certified were the one handling HIPAA protected information. We basically had only senior enlisted and officers go through the training.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Fri Jun 18, 2010 10:20 am

Re: HIPAA Security Training

My company does HIPAA-related stuff but I've never had to be certified for anything.  Maybe this is something that needs investigating...
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

vekarman

User avatar

Newbie
Newbie

Posts: 28

Joined: Thu Mar 19, 2009 1:21 am

Post Mon Jun 21, 2010 9:01 am

Re: HIPAA Security Training

I have also not heard of any HIPAA training. But following are my views on such trainings.

All regulations like HIPAA, SarbOx, PCI-DSS etc are based on Best Practices in relevant industries. You can organize a formal training about user awareness for the employees who are handling and processing HIPAA records and infrastructure also. I understand majority of the people in a company who are HIPAA compliant will be desktop operators who are accessing HIPAA records. They should be trained about the best practices like password protection, clear screen policy etc.. You might be having some IT infra people who are maintaining hardware and network processing HIPAA records. They should be trained about the security of the hardware and network from leaking of HIPAA records. Application developers need to be trained about incorporating security into applications which process HIPAA records. and so on...

You have to segregate people in various groups based on their job roles and train them on best practices.

Few cents from me.

Kishore
CISSP
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Jun 22, 2010 1:21 pm

Re: HIPAA Security Training

CISSP, MCSE, CSTA, Security+ SME
<<

tux633k

Newbie
Newbie

Posts: 9

Joined: Sat Apr 10, 2010 9:50 pm

Post Wed Jun 30, 2010 7:11 pm

Re: HIPAA Security Training

The keywords when it comes to HIPAA is reasonable and appropriate.  If it is not reasonable to train a temporary employee that only stays with you for one day then training shouldn't be a requirement for those employees.

When an employee is given the test is there an acknowledgment form that is signed by them and returned to HR or the security office?  You may want to consider creating a 1 page document that simply covers Compliance, Security and Privacy in very general terms (Ex. employees should not... based on XYZ Policy) and have temp employees read and sign that form for documentation purposes so that you can prove that you are doing your due diligence if it came to that.
CEH, MCP, CSCS, CHP
<<

Compliance

Newbie
Newbie

Posts: 2

Joined: Tue Jul 06, 2010 2:44 am

Post Tue Jul 06, 2010 3:00 am

Re: HIPAA Security Training

HIPAA requires employees to be trained based on their job role. Even if you employee is temporary employee. Based on the job role of the person, you will ask them to take necessary training. If you want them to take the basic training, you can ask them to do the Certified HIPAA Privacy Associate (CHPA) training http://hipaatraining.net/hipaa-certific ... .htm&nbsp; which includes HIPAA security overview. If you want them to have comprehensive HIPAA security training then you want them to go through the Certified HIPAA Security Expert (CHSE) http://hipaatraining.net/hipaa-certific ... .htm&nbsp;

All consultants or companies providing temp staff are the business associate of covered entity. All BA have to comply with the HIPAA regulation. If you have temporary employee, they are still part of your organization and your organization will be responsible if there is HIPAA violation caused due to their action. The key is that the person has to be trained based on their job role.

If you are covered entity, download this questionnaire of  HIPAA compliance status of the business associates. This helps you to ensure that BA meets the HIPAA standards.  http://www.compliancehome.com/whitepape ... 11982.html

Feel free to ask if you have any other questions.

Return to Compliance, Regulations &amp; Standards

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software