California Office of HIPAA Implementation
POLICY MEMORANDUM
TO: Department Chief Deputy Directors
Department HIPAA Coordinators
Department HIPAA Privacy Officers
FROM: CALIFORNIA OFFICE OF HIPAA IMPLEMENTATION (CalOHI)Title:
HIPAA Privacy Training
Number:PM 2003-23
Subject:Tools and Templates to Assist in Training Workforce Members as Required in the HIPAA Privacy Rule
Issue Date:March 4, 2003
Reference(s):CalOHI Policy Memorandum 2002-02 State Laws
CalOHI Policy Memorandum 2002-08 Privacy Schedule
CalOHI Policy Memorandum 2002-13 Mapping PHI
CalOHI Policy Memorandum 2002-15 Business Associate
CalOHI Policy Memorandum 2003-18 Complaint Process
CalOHI Policy Memorandum 2003-22 Access Process
Expiration Date:N/A
PURPOSE To provide tools and PowerPoint training templates that you may use to provide HIPAA privacy training to workforce members.
BACKGROUND As part of our support and direction in the implementation of HIPAA, CalOHI has issued generic templates and tools you may use in implementing the HIPAA regulations. On September 25, 2002, we issued CalOHI Policy Memorandum 2002-08, which provides an Implementation Schedule for the HIPAA Privacy regulations. The templates provided with this policy will assist you in meeting Item 6C of the HIPAA Privacy Implementation Schedule. On January 14, 2003, we issued CalOHI Policy Memorandum 2003-18, which provided the tools and templates to assist in implementing the portion of HIPAA privacy that requires covered entities to receive complaints.
BACKGROUND
(Continued)
On February 24, 2003, we issued CalOHI Policy Memorandum 2003-22 that provided tools and templates to assist in implementing the access requirements of privacy that allows individuals to access and amend their protected health information (PHI).
These products were developed by a sub-workgroup of the Privacy Workgroup and represent collaborative efforts of both State and county representatives. We thank the following members of that sub-workgroup for their knowledge, skill and dedication in developing these products.
Susan Fanelli, Department of Health Services David Nelson, Yolo County Cheryl Esters, Solano County Vonnie Behm, Department of Mental Health Bobbie Holm, California Office of HIPAA Implementation
___________________________________________________________
ACTION To be compliant with Federal Privacy Regulations, Departments are required to complete a wide variety of tasks before April 14, 2003. One of the most important of these tasks relates to training members of your workforce about your department00 Privacy Policies and Procedures. While departments are responsible for completing their own training, this policy memorandum provides the tools and templates to help you achieve compliance.
The basic training package requires your customization to reflect your organization00 Privacy Policies and Procedures. The tool is not intended for use as is. Exhibit 5 (Conversion Tool) will assist you in your customization efforts.
The templates and tools include the following Exhibits:
Training Process Templates Overview The Training Process The Sanctions Process Basic HIPAA Privacy Training Training Instructions and Conversion Tool Privacy Basic Training Glossary Employee Privacy Basic Training Acknowledgement Certificate of Attendance Attendance Tracking Tool Federal and State Law and Regulation Citations
ACTION
(Continued)
The Training Templates Overview provides a detailed description of the purpose and use of each template and tool. These tools and templates are available on the CalOHI website and are provided for your adaptation to your business practices, as you deem appropriate.
As always, CalOHI liaison staff members appointed to each department are available to assist you should you have any questions.
NEXT STEPS Finish reading the Privacy Rule and familiarize yourself with your program00 federal and State laws. Finalize your preemption analysis (see CalOHI Policy Memorandum 2002-17 and our website under Legal Issues). Finalize your department00 Privacy Policy and Procedures. Customize the basic HIPAA privacy training templates to reflect the federal and State laws and regulations that affect your program(s). Determine whether any workforce members in your organization need more detailed training related to business processes specific to your department or program. If so, you may determine that a department workgroup should be organized to develop and present this training. Determine if you will be using your existing employee disciplinary process for HIPAA violations and meet with appropriate employee representatives, as needed. Track your progress toward meeting the April 14, 2003 compliance date using your Implementation Schedule. The templates referred to in this memorandum, as well as the tasks listed in the Implementation Schedule provided with Policy Memorandum 2002-08, provide your department with the tools necessary to initiate and complete major required activities within your department.
____________________________________________________________
RESOURCE AVAILABILITY These tools and templates are available on the CalOHI website at www.ohi.ca.gov. The Office of Civil Rights00Privacy Rule Guidance is available at: www.hhs.gov/ocr/hipaa/privacy.html.
Due to the need to customize HIPAA privacy training to reflect each organization00 Privacy Policies and Procedures, departments will also be responsible for any further technological support of the training, such as making it a web-based interactive tool.
CONTACT
For more information or questions, please contact:
Bobbie Holm, Privacy and Program Management
California Office of HIPAA Implementation
1600 Ninth Street, Room 460
Sacramento, CA 95814
(916) 651-6910 bholm@ohi.ca.gov
Original Signed by Burt R. Cohen
BURT R. COHEN
Acting Director
California Office of HIPAA Implementation
Exhibits: Refer to CalOHI00 website,
California Implementation
c: HIPAA Steering Committee Members
Kevin Collins, Department of Finance
Peter Harbage, Health and Human Services Agency
