Online Hipaa Training for Early Stage Employees

[ramarkable]

Does anyone have a suggestion for a simple, reputable online HIPAA training course for Business Associates? Ideally <$30 a head? I'm looking for an online course that will be required for all future hires- most of whom will be working with de-identified data.

I came across HIPAAtraining.com and Supremus Group's training, but can't quite figure out what's legit. We're too early stage to warrant creating our own program.

Thanks for any ideas anyone may have!

[paulcole]

Here’s the thing with HIPAA consultants and training: it’s mostly bullshit but people pay for it because they’re afraid. Afraid of what? Who knows.

Remember The Simpsons episode where Homer wants to pay Lisa for her magic rock because it keeps tigers away — “You don’t see any tigers here, so it must work, right?” — that’s HIPAA training and consulting in a nutshell.

There’s no point offering HIPAA consulting/training for anything but exorbitant prices. Get people scared enough and they’ll pay it.

Are you a giant research university or a hospital that’s also a household name? If not, you’ll never have a problem with HIPAA unless you royally fuck up or piss someone off who has the time and energy to follow through on a complaint. Even if you do invest in HIPAA compliance and pay through the nose to become 100% compliant, ask another HIPAA consultant and they’ll find a million more problems you need to fix.

[relaunched]

This isn't legal advice and I'm not a lawyer.

Your advice is kinda true, but your sentiment is dangerous. With all regulatory issues, you can get away with them up until you can't. However, the difference between cripple fines or jail or gross negligence is whether or not you made reasonable or better attempts to do the right thing. As a company, you never know when something terrible is going to happen and telling people not to worry about it is dangerous and irresponsible.

That being said, compliance programs are put together based on best practices and litigation. The more litigation occurs, the better we understand the legislation / guidance that is often poorly written / defined. That's why GDPR / CCPA consultants are just best guessing - but, it always helps to have a reputable, 3rd party attest to the validity of your methodology - it shows that you tried hard to do the right thing. 3rd party audits are even better.

Trying to do the right thing is a cost of doing business - if doesn't have to be prohibitively expensive and it's part of doing business, responsibly.

[DoreenMichele]

I've left two comments and deleted them both. For a lot of reasons, I feel like an idiot for wanting to weigh in here. Those include: no one takes me seriously, I get no respect, I'm compulsively helpful and it doesn't do a fucking thing for me because no one takes me seriously or thinks a woman has any right to make any goddamned money, so sharing what I know on HN absolutely never constitutes "networking" or "establishing a professional reputation for myself" or similar. Also, I'm short of sleep, running a fever and -- in case you can't tell! -- I'm in a really lousy mood.

In addition to my personal crap, I suspect a random question on the internet is not the best way to address this, never mind that it's HN. You are still trusting internet strangers to recommend a thing critical to your business that involves legal compliance.

But I worked at a Fortune 500 insurance giant for over five years. I had annual training in HIPAA, information security, fraud training and Gramm-Leach-Bliley (a different federal regulation that you may not be subject to -- it regulates financial services, like banking, and also applies to insurance). And, well, you aren't getting any good replies. So here I am for the third time.

First, you can't ignore HIPAA. It's a legal requirement, fines can potentially run into the millions and if they decide your handling of privacy is a criminal offense, you can even go to jail for it. (I imagine "Fuck this noise. I can't be bothered." would make it a criminal offense. Have fun with that.)

Having said that, my first-hand experience was that large hospitals had good awareness of HIPAA, but many small medical practices were pretty clueless. If you are a small fry, you may go unnoticed.

If you intend to be a "start up" and pursue rapid ("exponential") growth, absolutely do not act like this does not matter. You need to get this right to grow rapidly in a medical related space.

I no doubt had world class training, what with working at a mega Corp. Yet I routinely bitched to my sons about its shortcomings. I homeschooled them, so under California law I ran a two student private school for years. I also was Director of Community Life for The TAG Project and a low level presenter one year at a conference, probably Beyond IQ.

So I have a background in education and I felt the training sucked. If I ran the company, the annual training would have been done -- because I believe it's a requirement of compliance -- but there would have been much more emphasis on reinforcing best practices and awareness as part of the culture.

Some of my annual training involved an online course of like video and slides followed by a multiple choice quiz. It's a format aimed at proving compliance. But it's a lousy format for actually making sure employees know all this and do the right things consistently.

If I were the bitch in charge, there would be a checklist on the wall with the most common basic practices and every single shift would start with a huddle in front of that sign and a minute reminding people of best practices and why they matter. I would also have a handy reference manual where people could readily look up the key points covered in the annual training.

I think if you work with medical information daily, you ought to be able to pass a quiz on this stuff at the drop of a hat because you do it all day every day, not after your annual refresher course. But I've always had "unreasonable expectations," like actual competence.

However, much of the world literally insists I'm insane, so you are quite free to ignore my whacky opinions. Best of luck in getting an actual recommendation for a course.

(FWIW, I looked at the websites for the two courses you listed and I liked the demo on HIPAAtraining.com. But I know absolutely nothing about who does this well. The company I worked for probably did in house training and it's been several years since I worked there.)

I will add: if you have people making phone calls, they should get phone training. I had my job a few years before I got phone training. I absolutely hated making phone calls. Phone calls are a huge point of vulnerability. It's excessively easy to blurt out the wrong thing on the phone. Ugh.

[fasteddy760]

Bravo! Thanks for sharing.

[DoreenMichele]

Replying to my own comment so the individual saying "Bravo!" can delete their comment if they so desire (you can ask the mods to delete it if you missed the window to self delete). This is absolutely not intended to be personal about them in specific.

For the record, because there is no shortage of people worrying about my fee-fees, I don't need pats on the head or a sticker for the back of my hand like a 5 year old you are trying to mollify. That kind of reply is actually part of the problem. It treats me like I'm an emotional basket case, not like someone with a legitimate criticism of actual sexism and classism.

What I do need is a better income.

I posted a piece in early January called The Hand Licking Incident. [1] It got more than 60k page views and multiple people copied it to their site, one with my permission and proper attribution. What it didn't get is a single fucking tip or Patreon patron.

There are no ads on most of my sites because ads don't do well. A high percentage of people in the world today use ad blockers and bitch vehemently about the evils of ads online. Yet, they won't support good writing with actual money.

I am routinely told by the HN crowd that if I don't like being poor, I should go get a real job, that expecting adequate pay for good writing is just crazy talk. Writing isn't worth any money and should be done for free.

I spent about two weeks on that piece and it's informed by years of experience and education. I would love to do more writing of that sort. I think I have something of value to offer.

But, no, I can't just keep working for free. I need an adequate income. And the entire world seems to think that's just an unreasonable expectation.

So either leave a one dollar tip on one of my sites, become a patron or in some way support/promote my work or just leave me alone. I absolutely don't need people trying to massage my emotions here. If I were that emotionally fragile, I would have committed suicide years ago.

This is a chronic issue where people worry about my feelings and continue to not do a durn thing to help me establish an adequate income. I've been complaining about this for years. It's not remotely a new issue.

Guys here routinely encourage other guys here to use services like Patreon to monetize open source projects or the like. But I'm treated like a beggar and dismissed as asking for a handout for doing the same. And HN is even more hostile towards ads than most of the internet.

When I lay all that out, the next step is people telling me to give up entirely. Yet, at the same time, all of HN expects excellent content to show up here daily and also has a hissy about pay walls.

(Insert disgusted faces of the "Really??!" variety.)

[1] https://raisingfutureadults.blogspot.com/2019/01/the-hand-li...