HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TRAINING

 

INTRODUCTION

Training create an important opportunity for FAU to convey its organizational values, including its commitment to ethical and legal conduct, as well as to help ensure compliance with various HIPAA privacy and security rules and standards.  Both role and job-based training provide individuals who may/will come in extensive contact with protected health information (PHI) the appropriate resources and training to carry out their duties and responsibilities (e.g., how to handle and use PHI, as well as to understand the principles of administrative, physical and technical safeguards to protect PHI). 

APPLICABILITY

Training in the Privacy Rule and Security Standards of Health Information is required for all members of FAU’s workforce in the Covered Components as well as those working on their behalves.  Human Resources is responsible for the administration of the training program. 

SCOPE

All members of FAU’s Workforce in the Covered Components and other areas as identified by Human Resources, including faculty, staff, students, and volunteers, are required to complete appropriate training modules during the onboarding process and annually thereafter.  Additionally, individuals working with the Covered Components, as well as individuals who may come into extensive contact with PHI because of the nature of their position, role or job category, will also be required to complete the HIPAA training modules.

DEFINITIONS

Covered Component  – health care components of a Hybrid Entity, named and designated by the Hybrid Entity, that engage in Covered Functions, and any component that engages in activities that would make it a Business Associate of a Covered Component if the two components were separate legal entities.

Covered Entity  – A health plan, health care clearinghouse, or health care provider who transmits any health information in electronic form in connection with a transaction covered by the Privacy Rule; the Covered Entity refers to the health care components of FAU that engage in Covered Functions.

Covered Functions  - activities of a Covered Entity, the performance of which makes the entity a health plan, a health care clearinghouse, or a health care provider subject to the Privacy Rule.

Hybrid Entity  - A single legal entity that is a Covered Entity, performs business activities that include both Covered and non-Covered Functions, and that designates its health care components in accordance with the Privacy Rule.

Workforce Members  – Employees, volunteers, trainees, and other persons whose conduct in the performance of work for a Covered Component, is under the direct control of such component, whether or not they are paid by that component.

TRAINING REQUIREMENTS

All Workforce Members in the Covered Components, individuals working extensively with the Covered Components, and individuals, identified by Human Resources, who may significantly come into contact with PHI because of the nature of their position, role or job category (e.g., office of information security, accounts payable, financial aid, etc., must fulfill the core training requirements annually.

Individuals falling into the above categories must fulfill their training requirements as follows:

  1. Within 15 days after an individual joins the workforce, and prior to accessing any PHI;
  2. Within 15 days after a role, job or position change that either places an individual within a Covered Component, working extensively with a Covered Component, or places the individual in a role, job or position where he/she comes into contact with PHI; and
  3. Annually (i.e., refresher training) by all Workforce Members, individuals working with the Covered Components, and individuals who may come into contact with PHI because of the nature of their position, role or job category.


In addition to the core training requirements identified above, Workforce Members in Covered Components, individuals working with Covered Components and individuals who may come into contact with PHI because of the nature of their position, role or job category may be required to take additional training modules in the event of:

  1. A significant regulatory change;
  2. A material change in FAU’s compliance program or Notice of Privacy Practices; or
  3. Technology changes impacting privacy or security.

Research: Workforce members of a Covered Component may also be investigators conducting research involving PHI and as such must adhere to additional training requirements.  Researchers using PHI must complete the mandatory CITI HIPS training in addition to FAU required training under this policy. 

PROCEDURE

To access the training course, please follow these instructions:

HIPAA training is available online via the Collaborative Inter-Institutional Training Initiative (CITI) site. CITI's Information Privacy and Security (IPS) materials cover the principles of data protection, focusing on the healthcare-related privacy and information security requirements of the Health Insurance Portability and Accountability Act (HIPAA).

  1. Go to http://www.citiprogram.org.
  2. Create a new account by clicking REGISTER at the top right of the login.
  3. Type "Florida Atlantic University" in the Participating Institutions field and click SUBMIT.
  4. On the subsequent pages, follow the prompts to enter a username, password (different from your FAU NetID), and your personal information (first name, last name, e-mail, gender, degree, etc.).
  5. When asked to select which curriculum, choose “Information Privacy and Security (IPS)”.
  6. Choose your institutional role (e.g. Student, Clinician, Investigator).
  7. To start the training, from the training courses menu choose the listed “CITI Information Privacy and Security (IPS)” course.

For enrollment and security-related questions, Please contact  security-training@danieldaverne.com.

For technical assistance with training, please contact the FAU Helpdesk by visiting:  http://helpdesk.danieldaverne.com.

 

Covered Components


 

Resources


 

Contact


For general HIPAA or privacy questions or concerns, please contact the Chief Privacy Officer at
561-297-3004
Email: privacy@danieldaverne.com
To enter a request for technical assistance, please enter a service request at http://helpdesk.danieldaverne.com/.