--- In hipaaems@yahoogroups.com, "erin.sansone" <erin.sansone@...> wrote:
>
> HI everyone. My name is Erin and I am actually doing a report on HIPPA rules
and regulations. I am stuck with this question and hope you can help.....
>
> How will employees in the medical office have to be trained regarding
privacy(example who is training and keeping records)? What is reguired if an
employee doesn't follow the privacy policy? When and in what manner must
employees be trained?
>
> I REALLY appreciate any feedback. I am a college student studying to become a
medical biller.
>
> Thank you,
> ERin
>
Erin,

You have asked a large question here.

All employees of a covered entity exposed to, or involved in the handling or
processing of any patient information will be required to participate in a
Security Awareness Training program, as well as Privacy Protection training. It
must be provided prior to the time of initial assignment to tasks where the
employee may have access to such patient information and at least annually
thereafter.

Actions taken against a violator of the 'privacy policy', as you call it are
within the purview of the individual organization. However, any violation of
HIPAA regulations creating a breach of patient privacy triggers a reporting and
remedial process for the covered entity, and could result in civil or criminal
penalties.

This is a quick and dirty answer, but it does cover the major points. If you are
interested in further research, I refer you http://www.asctlive.com. Click on
'Training', then 'HIPAA'. You can do some research there, and it will refer you
to other sites for more information.

Good Luck,

B. Regan
Principal Consultant
Ambulance Service Consultants of TN