Indiana University has responsibility under the HIPAA Privacy and Security Rules for providing and documenting training for University workforce members who access protected health information. This policy describes the training requirements for workforce members in the IU HIPAA Affected Areas.
Education and Training Requirements
Workforce members of the IU HIPAA Affected Areas shall be trained on policies and procedures required by the HIPAA Privacy and Security Rules so that each person is able to carry out his or her duties in compliance with IU’s policies, HIPAA and changes promulgated under the HITECH Act.
Training shall include information about applicable federal and state regulations regarding the privacy, security and confidentiality of individually identifiable health information.
Training shall be provided for workforce members of each IU HIPAA Affected Area upon initial employment, volunteer work, student orientation, or third party contract; and annually thereafter or upon material changes to any university or areas’ policies and procedures regarding the privacy, security and confidentiality of individually identifiable health information. Training may also be required as part of a corrective action plan.
The University HIPAA Privacy and Security Officers will develop and provide basic HIPAA Privacy and Security training for workforce members of the designated IU HIPAA Affected Areas.
The University HIPAA Privacy Officer will ensure training materials are updated to reflect changes in University policies and procedures and regulatory changes as necessary.
The HIPAA Liaisons will compile and maintain a list of new and current workforce members who require HIPAA training.
The HIPAA Liaisons are responsible for documenting training compliance for workforce members in a manner and frequency established by the University HIPAA Privacy Officer. Written documentation of training must be retained for a period of six years from the date of its creation.
07/01/2015 Effective Date
10/13/2015 Updated scope