Thursday, May 28, 2015

Confidentiality Training

Keep training sessions short to hold your audience's attention.


Confidentiality training is necessary for any staff handling confidential information. Whether the information is about a patient, student, family or internal business or financial data, staff must understand how confidentiality is applied. Many organizations require mandatory confidentiality training at least annually or more frequent for positions that deal with sensitive data on a daily basis. Management must understand confidentiality policies and procedures and enforce them with random audits, in addition to staff training.


Instructions


1. Develop privacy policies and workflows regarding confidentiality, privacy and security. Include definitions of confidential data and records, when situations require confidentiality, consent and authorization to release confidential information, HIPAA, FERPA and usage of confidential data.


2. Create PowerPoint presentations based on your company's confidentiality policies and procedures as well as state and federal regulations. Create cheat sheets and quick reference guides for staff to use.


3. Train all new hires on your company's confidentiality policies and procedures during orientation. Offer refresher training on an annual basis to all staff. Deliver training in a classroom setting, via conference calls and through web-based videos. Distribute the cheat sheets and guides for staff to study on their own time.


4. Provide examples of how confidentiality relates to your workplace and specific roles during training. Staff may better understand confidentiality concepts if you give case scenarios showing real-life situations that may occur.


5. Train on handle a confidentiality breach. Show recognize a breach and explain your company's internal process for reporting the breach. Train staff on action plans used to avoid a breach and requirements for formally reporting a violation of HIPAA or other applicable laws. Inform staff of consequences and legal action resulting from a confidentiality violation.


6. Post training materials on a shared site such as your company's intranet site or a shared network drive. Provide your contact information along with any privacy and compliance officers' contact information. Make yourself available for questions during and after training.