Updated: Apr 25
The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to enhance the effectiveness and efficiency of the American health care system. The HIPAA regulation addresses administrative simplification requirements to establish standards and requirements for the electronic communication of sensitive healthcare information. HIPAA also sets implementation guidelines that organizations exchanging healthcare information must follow.
Types of Organizations Under HIPAA
HIPAA defines two types of organizations in the regulation:
Covered Entities (CE)
CE’s include healthcare providers, health insurance plans, and healthcare clearinghouses. These are the organizations that participate in the direct creation of protected health information (PHI) and must achieve full compliance with the HIPAA regulation.
Business Associates (BA)
These are organizations that engage with a CE (or another BA) and may handle PHI over the course of the work they must perform. Some examples of BAs include IT providers, email encryption companies, and cloud storage providers.
The HIPAA Rules
HIPAA has undergone many changes, revisions, and additions since it was first enacted in 1996. Together, these are known as the HIPAA Rules, and they include:
HIPAA Privacy Rule
The HIPAA Privacy Rule establishes national standards for the privacy, integrity, and availability of PHI. The Rule defines the protections that must be implemented to ensure that PHI is kept private. In addition, the Rule sets forth guidelines regarding patients’ rights to access their medical records.
HIPAA Security Rule
The HIPAA Security Rule establishes national standards for preserving PHI security through a number of Technical, Physical, and Administrative protections that both CEs and BAs must apply.
HIPAA Breach Notification Rule
The HIPAA Breach Notification Rule defines the processes that both CEs and BAs must follow when a data breach occurs. The specific timelines and notification standards are determined by the number of individuals affected by the breach.
HIPAA Omnibus Rule
The HIPAA Omnibus Rule set forth a number of changes to HIPAA. For example, the Omnibus Rule establishes more stringent rules regarding the execution of Business Associate Agreements (BAAs).
HIPAA Compliance Training for Employees
Because HIPAA applies to many different types of CEs and BAs, the HIPAA training is seen as flexible, but mandatory. All employees who handle PHI are required to undergo HIPAA compliance training. Training is an Administrative Requirement of the HIPAA Privacy Rule and an Administrative Safeguard of the HIPAA Security Rule.
The specifics of your training program should be driven by the functions or role of each individual employee. Most organizations choose to develop multiple aspects to ensure the content is relevant to all participants.
In the past, the only real viable option for HIPAA compliance training was through classroom-based sessions. But in recent years, the combination of improved cloud-based technologies with an increasingly remote workforce has made online learning, or “eLearning” a preferred option for many healthcare organizations. And the core technology that supports all types of eLearning programs, including HIPAA compliance training, is a Learning Management System, or “LMS”.
Choosing an LMS for Your HIPAA Compliance Training Program
An LMS is a software application for building, delivering, and monitoring your HIPAA compliance training program. There are several choices available for the implementation of LMS software, but as the technology has evolved, two specific developments to LMS deployment and architecture are seen as valuable options for healthcare-driven trainings:
A cloud-based LMS, offered by a third-party vendor, will enable you to implement your HIPAA compliance training program very quickly, without a need for a large up-front capital investment. Instead, your company accesses an LMS application from the cloud vendor on a subscription basis, and you simply choose a plan that meets the needs of your organization.
Multitenancy is an LMS architecture that has gained a great deal of attention as it allows your organization to launch and manage multiple private eLearning environments (portals) to support your various learning audiences. A multi-tenant LMS gives you the flexibility to create a unique learning experience for each of your audiences, while offering a logical way to segment and scale your HIPAA compliance training program.
LMS Portals: LMS Software for HIPAA Compliance Training
LMS Portals provides a cloud-based, multi-tenant learning management system that allows our clients and partners to launch and manage multiple, private eLearning environments for all types of corporate training, including HIPAA compliance. Using our system, you can launch new eLearning portals on-demand and manage all of your portals from a centralized console. And each portal you launch has its own branding and supporting technologies to ensure the best possible learning experience.