HIPAA for solo-practicioners, HIPAA Training for Employees

HIPAA Training for Your Employees


April 2, 2017 | Reading Time: 1 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Behavioral health professionals face annual HIPAA training requirements as mandated by federal regulation.

Not only is HIPAA training for employees essential to function, it also fulfills a significant requirement outlined by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

According to the law, employees need to be trained annually on the following items:

  • HIPAA 101 Training: Employees must undergo HIPAA 101 Training to ensure that they’re fully aware of the security and privacy obligations they must maintain under the law. HIPAA 101 Training cannot be fulfilled by continuing education credits and must be attended by all staff members.
  • HIPAA Policies and Procedures: Once your behavioral health organization has implemented effective policies and procedures that address the full extent of the HIPAA regulatory standards, you must ensure that employees are trained on them. Each employee must read these policies and procedures so that they understand how to properly handle and maintain protected health information (PHI) to keep your practice safe.

HIPAA Training for Employees: Documented Attestation

After your staff has undergone HIPAA training, you must also ensure that you have documentation.

All employees must attest that they’ve performed the required training. Additionally, employees must document that they have read and understood the HIPAA Policies and Procedures in your organization that they have received training on. This documentation must include the date and time that they signed off on this training in order to protect your organization from liability in the event of a data breach or HIPAA violation.

Documentation must be retained by your office and made accessible to auditors or federal investigators in the event of an OCR investigation.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...