What Is “Training” For Compliance Purposes?
What’s required when the government mandates that you train your staff on compliance issues? How do you know if your training meets the standard?
If you own a healthcare practice, you’ve likely heard that you need to provide “training” to your employees on a variety of topics — HIPAA, healthcare fraud, sexual harassment, anti-discrimination, and more. You might be wondering, though, how do I do this? What do enforcement agencies consider sufficient? The answer: while the subject matter of training may be based in law, appropriate training is not one-size-fits-all.
What Does Training Look Like?
Training should introduce and periodically remind employees about the regulations, processes, and policies that they must follow to keep the practice compliant with state and federal obligations.
Training can come in various forms. For example, it might consist of written materials for your employees to review, step-by-step programs to complete, example scenarios, or question-and-answer sessions. Successful training is often a mixture of these methods, given that employees may learn differently. Furthermore, different roles in a healthcare practice may require different training.
Hiring an outside company to provide training is not usually required. However, it can help ease the administrative burden of preparing comprehensive training.
Why Is Training Important?
Not only does sufficient training give you more control over your practice, but it also helps combat issues that can lead to healthcare non-compliance. Effective training should prepare employees to react appropriately to situations they may confront while working in a healthcare practice.
A typical example is providing training on the practice’s HIPAA policies and procedures. HIPAA requires covered entities to report certain breaches to PHI within a specific timeframe. Staff who are not trained on how to react to HIPAA breaches could slow down the process. They could even lead to the breach going unreported, resulting in non-compliance. In contrast, trained and prepared staff can help the practice meet HIPAA’s reporting obligations within the required timeframe.
Training should also dissuade employees from engaging in prohibited practices. For example, fraud, waste, and abuse training should emphasize the risks of False Claims Act violations and warn against practices like upcoding. Understanding the implications of illegal business practices can help prevent staff actions that could land your business into big trouble.
What Is “Sufficient” Training?
Some states spell out their standards for certain trainings. For instance, states like California and Illinois have specific requirements for sexual harassment trainings that apply to all employers with a certain number of employees.
For federal healthcare requirements, though, the law is often murky. Many laws require that employers train new and existing employees on components of regulation. But these same laws don’t provide a required training program that employees must complete. They don’t even specify a standard for the “level” of training that should take place.
Take the mandated HIPAA training, for example. HIPAA’s Privacy Rule states that training should be provided “as necessary and appropriate for the workforce members to carry out their functions within the covered entity.” However, while the HIPAA Privacy Rule includes some general deadlines for receiving training, it doesn’t give further guidance to help healthcare practices develop training programs.
The lack of guidelines makes it tempting to do little more than provide a manual or fact sheets explaining your policies and procedures. But the more your practice invests time and effort in training its employees, the more compliance safeguards it will have in place.
At the very least, practices should consider implementing training:
- For newly hired employees, as part of onboarding
- Periodically (such as annually) for current employees
- When practices policies change
- When federal or state laws for healthcare compliance change
Ideally, training should be an interactive process that allows staff to ask questions. In addition, the training level should be sufficient for employees to know the boundaries of the laws they work under, the penalties for wrongdoing, and how to troubleshoot situations in the workplace. As a result, training might look different for each practice, depending on its size, staff makeup, risk tolerance, and function.
Even when training guidelines are not specific, healthcare practices should provide staff training that enables the practice to stay compliant. Practice and business owners should not think of training as another legal requirement to check off the list. Instead, design your training to educate staff members and prevent them from unknowingly crossing the line into non-compliant behaviors.
An experienced healthcare attorney can help you create practice policies and establish reasonable, applicable training goals. If you operate in one of the states where Jackson LLP has licensed attorneys. If so, you can schedule a free consultation to get to know us and find out what we offer.
This blog is made for educational purposes and is not intended to be specific legal advice to any particular person. It does not create an attorney-client relationship between our firm and the reader and should not be used as a substitute for competent legal advice from a licensed attorney in your jurisdiction.