HIPAA Privacy & Security Awareness Training
The Health Information Portability and Accountability Act (HIPAA) was enacted by Congress in August 1996 with the primary purposes of:
- Protecting people from losing their health insurance if they change jobs or have pre-existing health conditions
- Reducing the costs and administrative burdens of healthcare by creating standard electronic formats for many administrative transactions that were carried out on paper, and
- Developing standards and requirements to protect the privacy and security of personal health information.
Policy Statement:
Regulations
With the passage of HIPAA, the Department of Health and Human Services (DHHS) issued two separate regulations referred to as the Privacy Rule and the Security Rule. These Rules require HIPAA-regulated organizations to adopt processes and procedures that specifically address the privacy and security of personal health information. The processes include administrative, physical and technical safeguards to help ensure that medical information is stored, transmitted and received in a safe and secure manner.
Compliance
The HIPAA Privacy and Security Rules dictate that all who may come into contact with protected health information undergo annual training on HIPAA policy, and that there is documentation to prove that the training has been completed. The program offered by Northwestern IT’s Information Security Office (ISO) meets the compliance requirements as stated under HIPAA, and is specifically geared towards individuals who may be exposed to HIPAA-regulated data in performance of assigned duties (e.g., network & telecomm engineers, datacenter staff, desktop support, et al.).
Training
Members of the Northwestern community can receive HIPAA certification by completing one of two training modules. Please see the IT Knowledge Base for further instructions
Additional Information:
Important Dates
Last Review Date:
- December 2017
Original Issue Date:
- April 2015