Banner

News

Article

More than half of employees don’t understand HIPAA rules

Author(s):

Todd Shryock

Even when provided with annual training, employees still fail their HIPAA assessments

Most employees don't understand HIPAA rules: ©Onephoto -stock.adobe.com

Most employees don't understand HIPAA rules: ©Onephoto -stock.adobe.com

A report from The HIPAA Journal, in collaboration with ComplianceJunction, indicate a significant shortfall in HIPAA compliance among health care staff. The data reveals that over 50% of employees in the health care sector failed their HIPAA assessments, highlighting a crucial knowledge gap in adhering to vital HIPAA regulations.

Notably, more than 80% of organizations provide HIPAA training only once a year or less, with the majority of staff (74%) receiving training annually—a practice considered "best practice." However, the high fail rates suggest the need for more frequent and comprehensive training sessions.

The top challenging areas for staff include HIPAA violation consequences (66% fail rate), HIPAA and social media (61% fail rate), computer safety rules (61% fail rate), and HIPAA in emergency situations (54% fail rate).

A survey of 245 health care sector employees revealed that one in 10 did not receive HIPAA training within their first three months of hire, a legal requirement. While 74% received annual training, 5% received training only once when starting their job. More than two-thirds (67%) of staff reported witnessing a suspected HIPAA violation within their workplace.

When asked about the main reasons behind HIPAA violations, participants cited lack of knowledge (35%), lack of care (31%), and lack of regular training (14%), as the top three factors, according to the report.

“It is the responsibility of the organization to ensure that their staff receive regular HIPAA training, so they feel confident in their knowledge and internal data breaches are minimized,” said Steve Alder, editor-in-chief of HIPAA Journal, in a statement. “Our findings paint a concerning picture of inadequate HIPAA training across the board from health care organizations, of which the consequences can be significant for staff, businesses and most importantly, patients.”
Alder pointed out that the majority of employees who work with PHI receive annual HIPAA training, and though that’s the minimum requirement, it may not be enough.
“Although there is no legal requirement to conduct training more often, it is strongly advised that organizations should run training as often as is necessary to mitigate the risk of a HIPAA violation or data breach,” Alder said.

Related Videos
Jay W. Lee, MD, MPH, FAAFP headshot | © American Association of Family Practitioners
Related Content
Trump picks RFK Jr. for HHS Secretary
November 14th 2024

Trump picks RFK Jr. for HHS Secretary

Ep 43: The physician's guide to running for office
November 4th 2024

Ep 43: The physician's guide to running for office

© Halfpoint - stock.adobe.com
November 14th 2024

Study finds higher levels of burnout among LGBTQ+ physicians and residents

Ep 42: Patient management challenges with Eve Cunningham, MD, of Providence
October 21st 2024

Ep 42: Patient management challenges with Eve Cunningham, MD, of Providence

Patients still want human interaction in health care: ©Photo Plus - stock.adobe.com
November 14th 2024

Three out of four patients see U.S. health care as broken but optimistic about technology’s role, survey finds

© Dz Lab - stock.adobe.com
November 14th 2024

Children with rare spinal condition regain ability to walk; STI epidemic may be slowing; newly discovered molecule helps treat cardiovascular disease – Morning Medical Update