A common frustration for many providers is the fact they keep dealing with the same types of HIPAA issues over and over. It seems no matter what type of training staff receive they continue to have conversations in public places, post photos on social media or leave protected health information out where it can be viewed by anyone who may walk by. It calls to mind the common definition of insanity – doing the same thing over and over and expecting a different result. When it comes to HIPAA, taking a different approach can pay huge dividends in terms of compliance.
Let’s take a look at how HIPAA is presented in many agencies; new employees receive 30 minutes of training during the on-boarding process (when about the only information they retain is when payday is and where the bathrooms are!), if there is subsequent training it is likely the same video over and over again each year. Basically staff are trained not to say anything to anyone about anybody, which in reality, simply isn’t feasible. Because staff don’t understand why HIPAA is important, to them it is just another set of rules that don’t make sense, make their job more difficult and get in the way.
Changing how HIPAA is presented within the organization can have a nearly immediate impact on the level of compliance. Rather than presenting HIPAA as another set of negative rules to be followed, by explaining why protection of identifiable information is important, especially in this industry, can work to weave HIPAA into the culture of the organization as a component of quality of care. No one wants to have anything “done to them” but when the “why”, the reason behind the activity, is conveyed and is relevant, no longer is HIPAA something “we have to follow”, rather it is just something we do as part of the care we provide.
Will there still be HIPAA violations? Absolutely. When those violations happen it is essential they be dealt with quickly and appropriately because failure to enforce the HIPAA program sends the message that HIPAA is not important in the organization. Organizations that integrate HIPAA into operations as a component of quality of care experience far fewer violations primarily because staff understand the “why” and no longer feel HIPAA is just another set of silly rules they have to follow.
Change your thinking to change your world.