According to a survey by the Ponemon institute, 73% of health and pharmaceutical employees admitted to having access to confidential patient information. Another recent report by IS Decisions has indicated that 63% of health care staff can log on using multiple devices and desktops at the same time, indicating that employees may not be adequately trained in exercising caution and due diligence when handling sensitive patient records. This could result in serious breach of HIPAA rules. HIPAA, as you may know, stands for Health Insurance Portability and Accountability Act and provides rights to privacy and security of individual health information for patients.
How can Covered Entities Comply with HIPAA
Health care providers, health insurance companies, and health care clearing houses (jointly referred to as covered entities) are obliged to comply with the HIPAA rules. They are required to implement and analyze risks and enforce security measures to reduce risks and vulnerabilities.
Two important measures are required for this purpose.
- They have to ensure that the software that is used for processing and storing Electronic Health Records (EHR) has all the required security features. Security features such as role-based access into the system, audit trails, password protection, data encryption are some of the recommended security features.
- Specify clear guidelines for practices and procedures when handling patient data information. Ensure the physical records and electronic records are secure. Have a good anti-virus and firewall installed.
However, there is another most important third element that goes along with these two and that is training.
No matter how strong your software or product, if your employees do not know how to use it correctly, it will fail. Therefore, your employees have to be trained and reminded on important aspects that have to be kept in mind while using the software that processes EHR.
Similarly, you may have clearly laid out guidelines about how data has to be handled and processed for each situation. However, if the employee forgets or overlooks a small step (such as failing to log out of the system or accessing the system from a public unsecured Internet connection), it could lead to data breach. The problem is compounded with an extensive use of mobile devices and Wi-Fi networks. Employees could inadvertently risk divulging patient records to unauthorized persons. So, how can you train employees such that the information sticks and results in the desired behavioral change?
A single training session when the employee first joins the organization may not be adequate. Constant reinforcement of security measures, roles and responsibilities is extremely important. Thankfully, while technology does bring in a new set of problems, it also provides solutions. Training and training reinforcement can be successfully done using technology.
Custom E-learning for Patient Data Security Training
E-learning is an ideal solution for software training. It enables you to train your employees on how to use the software that captures and stores EHS. It enables you to assess the extent to which your employees have understood their roles and responsibilities through formative and summative assessments. Additionally, it offers the following benefits:
Ease of training on the software program in a safe environment
New employees can be trained to use the EHR system safety in a simulated environment without access to the actual system. Software simulation training modules can be created to teach employees on how to use the EHR system without the having to experiment on the live software. This way, employees are free to learn in a safe environment without compromising on data security. Once employees successfully complete the assessments, they can be given access to work on the actual system.
Ability to roll out training to new employees without delay
New employees can get authentic and accurate information right on the first day. This ensures that they get right information, at the right time even if there is delay in formal orientation or face to face classroom training. Important data security aspects such as logging out of the system, using of passwords, basic due diligence to be taken when handling patient data – such simple yet important aspects can be taught through small modules right when employees get into the system. It is important because it takes only a fraction of a minute for data breaches to occur.
Sharing simulated scenarios and case studies for longer content retention
Handing out a “do’s and don’ts” leaflet is required, but the contents may not have a lasting impression on the employee. However, a small video or an interactive module presented to the learner showcasing a scenario and situation taken from the actual work environment about WHY a certain procedure is important and WHAT are the consequences of noncompliance is likely to be remembered by employees for a longer time.
Updating of training content and refresher training
New guidelines or recommendations are released by the US Department of Health and Human Services. How do you share this information with your employees? You would of course share the guideline, circular with them by mailing it to them or putting up on the notice board in the premises. At the same time, this information will have to be updated in the training content. When the e-learning method is used to train employees and you have opted for custom e-learning, you have the source files and you can update the course content any time based on the changes in the curriculum. You can also take the opportunity to conduct refresher training programs to existing employees to update as well as refresh their knowledge.
Provides options to access training via mobile devices
Typical doubts that employees are likely to have can be compiled and answers provided in the form of information bites – they could be small videos, learning modules, or apps that answer a specific question. These can be made accessible via mobile devices. Employees can access them using their smartphones. Such opportunity is possible when you implement e-learning. It gives your employees options for obtaining performance support and just-in-time learning. They will now have no excuse for erring!
Technology can be a boon as well as a bane. It really depends on how we use it. Covered entities can ensure patient data security through education and training to a large extent because most data breaches are due to lack of awareness or oversight.