Keeping HIPAA Education Fresh

Get hip with HIPAA.

That’s just one of the taglines attached to Sharp Healthcare’s HIPAA education modules. Photos from the age of hip—the late 1960s and early 1970s—permeate the online HIPAA training modules. Musicians Jimi Hendrix and Bob Dylan and era-TV icons like the Get Smart cast mingle with privacy requirements and confidentiality factoids.

The hip-themed training is just one theme in a series of HIPAA privacy, security, and confidentiality training modules at the San Diego-based facility.

The incorporation of a new theme each year assures that Sharp’s staff of 12,000 employees learn more than how to fall asleep during training, says Paul Belton, RHIA, Sharp’s vice president of corporate compliance and creator of the unique training programs.

“All this is to just try and keep this fresh,” Belton says. “You come up with something that would be tasteful and flavorful to them to [avoid] the dry and boring education modules that are so typical.”

Keeping a facility’s HIPAA education program interesting year after year can be a challenge for privacy officers. They must develop interesting, comprehensive programs that stick for new employees as well as fresh refresher programs for current staff.

Follow up with “Privacy Rounds”

Andrea Thomas-Lloyd, RHIA, CHPS, MBA, CPHIMS, used AHIMA’s 2008 Health Information Privacy and Security (HIPS) Week to reintroduce HIPAA and other privacy regulations to the staff at Lancaster General. The senior director of information management and privacy at the Lancaster, PA-based healthcare organization, Thomas-Lloyd handed out compliance tip sheets with water bottles at her major facilities during HIPS week. She offered prizes for correctly completed privacy regulation quizzes. Within two days, 1,100 people had taken the quiz, and five people with correct answers were randomly selected to receive VISA gift cards.

Many privacy officers would like to conduct in-person training sessions, but the cost and time involved in visiting every department and facility to provide training can make that goal unrealistic. While Lancaster General’s employees complete their orientation and annual reminder training online, in January 2008 Thomas-Lloyd began supplementing that training with personal visits to three different departments each month.

During the “privacy rounds” Thomas-Lloyd discusses privacy regulations, addresses classic privacy bloopers like unprotected laptops, and fields questions from staff. The rounds, which are also conducted by Lancaster General’s full-time privacy analyst, freshen up the HIPAA training and bring the employees personal stories of why HIPAA regulations are important to follow.

“It is really a sort of grassroots effort to, one, develop awareness that there is a privacy official and a privacy department they can contact,” Thomas-Lloyd says, “and two, to try and address any questions and concerns that they have while we are there… It has to be personal for them to understand it.”

Make It Personal

Know your audience, advises Staci Coy, RHIA, CHPS, CCS, the HIM director and privacy officer at Willamette Valley Medical Center, based in McMinnville, OR. Go beyond Powerpoint slides. If your audience is full of emergency room nurses, she says, talk about the privacy implications of law enforcement officers following patients into the ER. Customize presentations to the particular audience and tell HIPAA violation horror stories to keep them alert.

“The housekeepers, they don’t think that they come in contact with

Member Login

,” she says. “I have to make sure that they know how they can help prevent [privacy violations].”

Cartoons also liven up HIPAA education at Willamette Valley Medical Center. Coy created HIPAA the Hippo as a lighthearted representation of the regulations on the informational HIPAA posters that are displayed during her 600-employee organization’s annual education day.

Add Variety

Belton’s training modules have changed themes every year since the privacy rule took effect in 2003. In the past he has weaved privacy, security, and compliance rules through themes like Star Wars and American pride. This year’s theme, “The Art of Compliance,” juxtaposes classic works of art with HIPAA training materials.

The “Get Hip with HIPAA” training program is comprised of six increasingly detailed training modules, which must be completed by all new employees within 30 days of their hire. A person’s position with the company determines how many of training modules they must complete. For variety, each level contains a different motif in the late ’60s and early ’70s, from popular musicians to TV shows to era toys.

Staff reaction to the training has been very positive, Belton says, and he encourages other privacy officers to get creative with their programs.

“The material seems to be a little bit easier when you have a theme to run with,” he says.

Chris Dimick ( is staff writer at the Journal of AHIMA.


    • Beverly,

      If you’re a member of AHIMA, the Communities of Practice are one place that colleagues share resources. You can log in at

      Post a Reply
  1. I am a recent HIT graduate. I have been given the task of getting a podiatry office with 4 employees and 5 extern student HIPAA compliant. I need a good starting point. What do you suggest?

    Post a Reply
  2. If you are preparing for the AAPC iretifccation exam, you will .not be disappoitment. It breaks the words words down. There are alot of exercises to do; Thank you for including an answer key..Watch when purchase books for practice make sure there is an answer key for student

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Share This

Share This

Share this post with your friends!