Privacy & Security Training

I am interested to know what your policy is for timing of new employee privacy training or for re-training of employees that have transferred to another position with different EHR access rights. HIPAA just states "within a reasonable period of time...". I am curious how others of you define "reasonable".

I am doing some auditing of different HR processes relative to new, transferred and terminated employees and want to determine if we should modify our current definition of "reasonable". Perhaps "reasonable" is different for a small rural hospital (which we are) compared to a larger organization??

Your input is appreciated.

Marianne Dailey, RHIT, CHP, CPHQ
Director HIM & Privacy Officer
Central Peninsula Hospital
Soldotna, Alaska 99669
(907) 714-4563


  • edited May 2016

    We have new staff orientation once a month and I present HIPAA.
    Annually I am scheduled to 'refresh' every department and design the
    presentation according to the department. If a staff 'transfers' to
    another department, it is covered either by the manager when they orient
    to the particular department, or during the annual refresher. I also
    send out monthly emails of HIPAA scenarios, cartoons, or reminders.

    Our IT department handles the Electronic permissions, the manager will
    fill out a form for different securities to be given or removed.

    Respectfully, Diane

    Diane Dolan

    Director Health Information Management

    Patient Access Services

    Privacy Officer

    Copley Hospital

    Morrisville, Vermont 05661


  • edited May 2016
    My facility is a 450 bed acute care hospital.
    All new employees must attend a 2 day orientation at our facility which includes my 30 minute presentation on privacy. This occurs within the first week of their employment.
    Annually, the hospital has several on-line training modules that must be completed by each employee at the time of their annual evaluation. This on-line training is tracked electronically. Managers can access status of training via on on-line report.
    Our HIPAA team evaluates the training material every year to ensure the info covered is up to date and addressing the important current issues. We have a module for privacy and a separate module for information security.

    Norma Knipp, MSA, RHIA
    Manager, Health Information Department
    Privacy Officer
    North Kansas City Hospital
    2800 Clay Edwards Drive
    North Kansas City, MO 64116

Sign In to comment.