hipaa-employee-training
Installation
SKILL.md
HIPAA Employee Training — 45 CFR §164.530(b) and §164.308(a)(5)
Overview
The HIPAA Privacy Rule at 45 CFR §164.530(b)(1) requires covered entities to train all members of the workforce on the policies and procedures with respect to PHI as necessary and appropriate for the members of the workforce to carry out their functions. The Security Rule at 45 CFR §164.308(a)(5)(i) requires implementation of a security awareness and training program for all members of the workforce including management. Workforce includes employees, volunteers, trainees, and persons whose conduct is under the direct control of the entity whether or not paid by the entity (45 CFR §160.103).
Regulatory Framework
Privacy Rule Training — §164.530(b)
- §164.530(b)(1): A covered entity must train all members of its workforce on policies and procedures with respect to PHI as necessary and appropriate for the workforce members to carry out their functions within the covered entity
- §164.530(b)(2)(i): Training must be provided to each new member of the workforce within a reasonable period of time after joining
- §164.530(b)(2)(ii): Training must be provided to each member of the workforce whose functions are affected by a material change in policies or procedures within a reasonable period of time after the change