You’ve heard of HIPAA, right? HIPAA, the Health Insurance Portability and Accountability Act of 1996, is US-based legislation. It mandates the implementation of data privacy and security provisions to safeguard medical information. HIPAA affects all healthcare providers and their business partners. This includes healthcare-related call centers. Fines for HIPAA violations can range from $100 to $50,000 per incident or per record, with a maximum annual penalty of $1.5 million.
While HIPAA regulations have widespread ramifications in the healthcare industry, let’s focus on the issue of HIPAA training for the healthcare call center industry. HIPAA training should start with each new hire, but organizations must also repeat it regularly. Too many organizations gloss over, or even ignore, the part about providing regular HIPAA training to all employees. Both the lack of HIPAA training, as well as the HIPAA-related errors that untrained employees make, are also subject to financial penalties. This is in addition to the negative public relations nightmare that would occur with a HIPAA breach.
Don’t leave HIPAA compliance to chance. This starts with regular training.
Jennifer Hopkins spent her entire career in the healthcare industry. She started working in a healthcare call center as a high school senior and continued working there through college. She earned her nursing degree and graduated with honors. Many opportunities in the healthcare field awaited her. She chose to work at the ER at a downtown hospital. After several years in the ER, she switched to working as a triage nurse in a call center. She worked her way up to supervisor, then manager, and ultimately its general manager.
Though she wasn’t looking to make a job change, one sought her out. Ironically it was from a healthcare network that now owned the call center where she had worked during college. They ran multiple call centers across their network and needed a hands-on, experienced manager to unify the operation and bring it to the next level. Jennifer jumped at the opportunity to become their director of call center operations.
Jennifer had done her homework and knew the organization’s call centers faced many challenges. But she didn’t know the extent of the work required until after she’d been on the job for a couple months. In one of her first moves, she had implemented a quality assurance program. The deficiencies that the agent assessments revealed worried her. Most troubling was that her frontline agents were lax when it came to safeguarding the personal information of their callers.
The first time Jennifer encountered this she was understandably concerned, but she assumed it was an anomaly. She personally met with the agent and explained what he had done wrong. Shocked, he claimed this was new information to him. Though this alarmed her, she presumed it was unique to him and the training he had received.
Then she encountered a second and a third mishandling of PHI. At this point she asked her training manager to provide all the HIPAA training records. The manager had none but implied it was just a paperwork issue. However, when Jennifer pressed, the training manager admitted that regular, ongoing HIPAA training had never occurred. In fact, HIPAA instruction was even a haphazard part of each agent’s initial training.
Jennifer knew she needed to act to fix this glaring problem and to fix it fast. So far these HIPAA errors had been spotted internally and hadn’t caused any problems with patients or regulators. Her goal was to stop the errors before they became a problem.
Yet it would take months for her training manager to put together a comprehensive program, test it, and then roll it out. And this was time she couldn’t waste. She needed to do something, and she needed to do it now.
Fortunately, Jennifer had a working relationship with a leading call center consultancy that specialized in healthcare call centers. She contacted them for advice. To her surprise and her delight, they had a viable, working HIPAA training and certification program already developed and in place. Healthcare organizations and medical call centers across the country were already using this HIPAA training program. And they could provide this instruction to her agents, as well as supervisor, management, and support staff right away.
Over the next two weeks, Jennifer had her scheduler and her training manager work together so that each call center agent could undergo HIPAA training. The training was an online video course with a live instructor. The course took forty-five minutes to an hour to complete. At the end of each training session, the program provided participation documentation for the training manager. The report provided detailed information to confirm each employee who took part in the class.
With the frontline staff having completed the training, Jennifer repeated the process with all her supervisors, managers, and support staff. She wanted to make sure everyone knew how to properly handle PHI. Again, their completion of the training was fully documented and entered into their employee files.
Now Jennifer turned her attention to her coaches and quality assurance team. She wanted to make sure they incorporated their HIPAA training into their work of evaluating and encouraging the call center agents. Without this important step, Jennifer feared that some agents wouldn’t take the HIPAA training seriously enough or would forget it over time.
Next, Jennifer helped the training manager integrate HIPAA teaching into their initial agent instruction that all new employees went through. Though they could have developed their own internal program to do this, they chose not to reinvent something that already worked so well. They simply integrated their consultant’s HIPAA training program into their new agent training process.
Though Jennifer had prioritized HIPAA training where it was needed most, it took her and her team several months to complete all the appropriate follow-up steps. Though the frequency of “regular” HIPAA training isn’t specified in the regulation, most organizations choose to do it annually. Jennifer wanted to adopt this as a best practice for her call center.
However, she opted to conduct the first follow-up training sooner than one year. This would help reinforce with her entire staff the importance of complying with HIPAA regulations. She also wanted to ingrain the safeguarding of personal PHI into the core of their call center operations. As such, she elected to conduct her call center’s first periodic, follow-up HIPAA training after seven months. Then going forward she would do HIPAA training annually.
By using a third-party HIPAA-training provider, Jennifer was able to gain immediate access to a quality, proven HIPAA training and certification program. This saved her the time and money over implementing one internally. In addition, the consultancy would stay abreast of changes to HIPAA requirements and best practices.
In the end Jennifer was glad she discovered the lack of HIPAA training before it became a major issue. And she was ecstatic for the cost-effective, comprehensive HIPAA training and certification program that the call center consultancy provided.
Is your healthcare call center keeping on top of HIPAA regulations and regularly training staff how to safeguard protected health information? If you can’t give your call center’s HIPAA training and compliance an enthusiastic two thumbs up, then maybe it’s time to seek some expert guidance from an experienced HIPAA training and certification provider. Contact Call Center Sales Pro today at 800-901-7706 to learn more about HIPAA training and certification. You’ll be glad you did.