from the highest rated and most trusted online training company - since 2008.
This course is designed to help you achieve a general awareness of the HIPAA requirements pertaining to the disposal of protected health information (PHI). This course highlights practices that individuals and organizations can apply to ensure that their disposal of PHI complies with the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
What are the governing regulations? This course presents an overview of the requirements for the disposal of protected health information (PHI) as set forth in the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The course includes practical information about how individuals and organizations can maintain HIPAA compliance.
Who must take this training? HIPAA requires that anyone working for a covered entity who handles PHI must receive HIPAA training. This training requirement extends to volunteer workers, such as a hospital greeter or an art therapist in a nursing home. Business associates of covered entities are also mandated to train their workforce, including employees and subcontractors. Thus, anyone who is involved with the disposal of PHI, or who supervises others who dispose of PHI, must receive training that covers the PHI disposal policies and procedures of the covered entity.
Case Study: In spring of 2015, Cornell Pharmacy, an independent pharmacy in Denver, was fined $125,000 for HIPAA violations related to improper disposal of PHI. The OCR found that this small health care provider, whose primary customers are hospice care organizations, had failed to establish policies and procedures for PHI disposal. Cornell Pharmacy had improperly disposed the medical records of 1,610 patients by placing them in an open trash container accessible to the public. Furthermore, no training had been provided to the Cornell Pharmacy workforce. In addition to the hefty fine, the pharmacy was required to adopt an action plan, implement HIPAA standards, and provide training to its workforce within 30 days.
Key Takeaway: Having a plan in place is not optional. The plan must outline the policies for HIPAA compliance, and provide guidelines for everyone associated with the covered entity who handles materials with PHI. Even more important, the covered entity must train its workforce to ensure that the plan is executed without fail.