Case Study: HIPAA Training Requirements – Neurotech

The need

Neurotech LLC is a leading provider of in home and at facility EEG monitoring services and has been serving the Healthcare industry since 2006. They have a wide variety of employees, all of whom need HIPAA training and information security awareness training appropriate to their roles.

Healthcare is a highly regulated industry with multiple documentation and reporting requirements, including HIPAA and SOC 2 + HITRUST. Neurotech’s initial goal was to investigate online HIPAA training.

The solution

The Center for Information Security Awareness (CFISA) online HIPAA compliant employee training course, that combines HIPAA regulations and information security best practices. The CFISA solution also provided Neurotech with a valuable mechanism to deliver policies and procedures to their employees.

CFISA delivers online training using one of three options: Click and train on-line service, SCORM files for existing customer LMS (Learning Management System) and a customized branded LMS hosted by CFISA for its customers who need a structure and increased flexibility for their training programs.

Neurotech HIPAA Training Requirements:

1. HIPAA compliant training lessons;
2. Information security awareness training lessons;
3. A way to ensure that employees know, read and sign off on company policies and response procedures;
4. A structured method of configuring a selection of lessons for specific operational groups;
5. Instant access dashboard where they can generate auditable reports of employee policy acceptance, lesson progress and completion.
6. And of course, it need to be easy for employees to take their training on their own time from their own locations.

Outcome

Because Neurotech realized it needed multiple program elements, policy delivery and customized course delivery options to train its employees they selected the CFISA hosted branded LMS solution.

David Gilligan, Director of IT at Neurotech, says

“Once we talked with CIFSA about what we were trying to do, they worked with us to design a highly flexible solution that delivers the training content along with best practices of how to implement the training content in real life situations.”

“We quickly learned that by using the Branded LMS structure, we could easily configure the CFISA HIPAA training program to deliver content specific to each of our operational areas. It also enabled us to add our company policies to the structured training so we can prove that we have documentation and auditing controls in place to meet our SOC 2 + HITRUST reporting needs.”

“I also cannot say enough about how supportive the CFISA team was from beginning to end. They far exceeded my expectations. They patiently helped us work through our unique implementation, and more than confirmed the wisdom of our investment in CFISA training programs. Their stellar reputation is well deserved.”

Summary:

Neurotech chose CFISA’s comprehensive HIPAA training program because it combined the unique requirements of training employees about HIPPA regulations, security awareness best practices with company policies.

CFISA’s training solution which included Neurotech’s policies on safe handling of patients protected health information (PHI), along with response procedures in case of a breach, was a perfect fit for Neurotech’s compliance needs.

Why HIPAA Training for Employees is Important:

• A patient’s PHI is handled time and again during a typical shift. Employees need to understand what compliance with the HIPAA law requires.
• Staff training is not an option. It is required by the law. And it is an important tool for ensuring the correct handling of PHI.
• HIPAA compliance training helps to ensure that your staff understands the risks involved with careless handling of PHI. CFISA HIPAA training provides specific instructions about how to keep patient records safe, thereby protecting the privacy and security of individual patient information.
• HIPAA training for employees also minimizes the liability an organization can face should a breach occur. This training fosters an environment in which everyone has a common understanding of the correct way to handle patient information. This helps to identify errors or misconduct before any patient records are compromised.
• In addition, HIPAA training minimizes security breaches and patient complaints. This is important as complaints often trigger an audit by the U.S. Department of Health & Human Services (HHS).
• Recent headlines of cyber security breaches have highlighted the risk associated when customer records are not properly handled. With HIPAA training for employees, trained staff members are more likely to notice and respond to problems and reduce the risk of a data breach. HIPAA regulations now include specific rules governing the use and dissemination of PHI and electronic protected health information (ePHI).

---

In 2007, Michael Levin founded the Center for Information Security Awareness – CFISA (https://www.cfisa.com) to help businesses educate employees on ways to protect against cybercrime. In our training, Michael stresses the need for employees to protect customer data as they would want their information to be protected.

The Center for Information Security Awareness has been providing online and in-person security awareness training for the past eleven years.

For more information on CFISA and its offerings please visit us at www.cfisa.com or email sales@cfisa.org.