One of the questions found in the
Security Risk Analysis asks,
"Have your employees been provided formal information security training?"
Current Federal and State of Texas training requirements
HIPAA §164.308 Administrative safeguards.
(a) A covered entity must, in accordance with §164.306:
(5) (i) Standard: Security awareness and training. Implement a security awareness and training program for all members of its workforce (including management). The last two words “including management” are in the Federal rule.
TEXAS HOUSE BILL 300 (AS AMENDED BY TEXAS SENATE BILL 1609) 9/1/2013
Everybody knows that all persons who provide services for Covered Entities or Business Associates must receive HIPAA training but Texas has its own training requirement.
SUBCHAPTER C. ACCESS TO AND USE OF PROTECTED HEALTH INFORMATION
Sec. 181.101 TRAINING REQUIRED:
(a) Each covered entity shall provide training to employees of the covered entity regarding the state and federal law concerning protected health information as necessary and appropriate for the employees to carry out the employee’s duties for the covered entity.
(b) An employee of a covered entity must complete training described by subsection (a) not later than the 90th day after the date the employee is hired by the covered entity.
(c) If the duties of an employee of a covered entity are affected by a material change in state or federal law concerning protected health information, the employee shall receive training described by subsection (a) within a reasonable period but not later than the first anniversary of the date the material change in law takes effect.
(d) A covered entity shall require an employee of the entity who receives training described by subsection (a) to sign, electronically or in writing, a statement verifying the employee’s completion of training. A covered entity shall maintain the signed statement until the sixth anniversary of the date the statement is signed.
Don’t let the 90-day requirement keep you from being compliant in Texas!
OUR TRAINING PROGRAM:
NO CONTRACT NO UPFRONT PAYMENT NO MINIMUM USAGE
COVERS BOTH HIPAA AND TEXAS HOUSE BILL 300
INTERNET BASED ONE HOUR
PROOF OF TRAINING PROVIDED TO BOTH, THE STUDENT AND THE PRACTICE
Offices must now keep documented proof of training on file for six years.
TRAINING SHOULD BE CONVENIENT AND VERIFIABLE!
- Is your current training program only enough to just say you’ve provided it?
- Did they really watch that video or were they texting or up doing something else?
- Were they tested to assure YOU that they now know what to be mindful of?
- Did they learn anything about protecting YOUR patients and YOUR practice?
The stakes are too high not to be taken seriously!