Keeping HIPAA Education Fresh
Get hip with HIPAA.
That’s just one of the taglines attached to Sharp Healthcare’s HIPAA education modules. Photos from the age of hip—the late 1960s and early 1970s—permeate the online HIPAA training modules. Musicians Jimi Hendrix and Bob Dylan and era-TV icons like the Get Smart cast mingle with privacy requirements and confidentiality factoids.
The hip-themed training is just one theme in a series of HIPAA privacy, security, and confidentiality training modules at the San Diego-based facility.
The incorporation of a new theme each year assures that Sharp’s staff of 12,000 employees learn more than how to fall asleep during training, says Paul Belton, RHIA, Sharp’s vice president of corporate compliance and creator of the unique training programs.
“All this is to just try and keep this fresh,” Belton says. “You come up with something that would be tasteful and flavorful to them to [avoid] the dry and boring education modules that are so typical.”
Keeping a facility’s HIPAA education program interesting year after year can be a challenge for privacy officers. They must develop interesting, comprehensive programs that stick for new employees as well as fresh refresher programs for current staff.
Follow up with “Privacy Rounds”
Andrea Thomas-Lloyd, RHIA, CHPS, MBA, CPHIMS, used AHIMA’s 2008 Health Information Privacy and Security (HIPS) Week to reintroduce HIPAA and other privacy regulations to the staff at Lancaster General. The senior director of information management and privacy at the Lancaster, PA-based healthcare organization, Thomas-Lloyd handed out compliance tip sheets with water bottles at her major facilities during HIPS week. She offered prizes for correctly completed privacy regulation quizzes. Within two days, 1,100 people had taken the quiz, and five people with correct answers were randomly selected to receive VISA gift cards.
Many privacy officers would like to conduct in-person training sessions, but the cost and time involved in visiting every department and facility to provide training can make that goal unrealistic. While Lancaster General’s employees complete their orientation and annual reminder training online, in January 2008 Thomas-Lloyd began supplementing that training with personal visits to three different departments each month.
During the “privacy rounds” Thomas-Lloyd discusses privacy regulations, addresses classic privacy bloopers like unprotected laptops, and fields questions from staff. The rounds, which are also conducted by Lancaster General’s full-time privacy analyst, freshen up the HIPAA training and bring the employees personal stories of why HIPAA regulations are important to follow.
“It is really a sort of grassroots effort to, one, develop awareness that there is a privacy official and a privacy department they can contact,” Thomas-Lloyd says, “and two, to try and address any questions and concerns that they have while we are there… It has to be personal for them to understand it.”
Make It Personal
Know your audience, advises Staci Coy, RHIA, CHPS, CCS, the HIM director and privacy officer at Willamette Valley Medical Center, based in McMinnville, OR. Go beyond Powerpoint slides. If your audience is full of emergency room nurses, she says, talk about the privacy implications of law enforcement officers following patients into the ER. Customize presentations to the particular audience and tell HIPAA violation horror stories to keep them alert.
“The housekeepers, they don’t think that they come in contact with
Cartoons also liven up HIPAA education at Willamette Valley Medical Center. Coy created HIPAA the Hippo as a lighthearted representation of the regulations on the informational HIPAA posters that are displayed during her 600-employee organization’s annual education day.
Belton’s training modules have changed themes every year since the privacy rule took effect in 2003. In the past he has weaved privacy, security, and compliance rules through themes like Star Wars and American pride. This year’s theme, “The Art of Compliance,” juxtaposes classic works of art with HIPAA training materials.
The “Get Hip with HIPAA” training program is comprised of six increasingly detailed training modules, which must be completed by all new employees within 30 days of their hire. A person’s position with the company determines how many of training modules they must complete. For variety, each level contains a different motif in the late ’60s and early ’70s, from popular musicians to TV shows to era toys.
Staff reaction to the training has been very positive, Belton says, and he encourages other privacy officers to get creative with their programs.
“The material seems to be a little bit easier when you have a theme to run with,” he says.
Chris Dimick (firstname.lastname@example.org) is staff writer at the Journal of AHIMA.