Healthcare compliances training and discussion blog

Archive for April, 2011

Tips on PCI DSS Compliance

Too many healthcare organizations have overlooked their obligation to comply with the Payment Card Industry Data Security Standard, says security expert Tom Walsh. Compliance with PCI DSS, designed to help prevent credit card fraud and theft, can help healthcare organizations comply with the HIPAA security rule as well, Walsh stresses. That’s because PCI DSS offers far more security specifics than HIPAA, including, for example, specific password requirements, he notes.

“If an organization can meet all of the requirements of PCI, it’s going to be in great shape when it comes to HIPAA security compliance,” Walsh contends. “The problem is that most organizations just can’t afford right now to invest in their infrastructure as well as all of the controls required to meet all the standards required in PCI. If they could, it would be a great help with HIPAA.”

Large payment card transaction volume merchants, including many hospitals, must have independent audits and frequent vulnerability tests, Walsh explains. Those with smaller payment card transaction levels are required to conduct a self-assessment and complete a “self-assessment questionnaire.” All merchants are required to complete an “attestation of compliance.”

In an interview (transcript below) with Howard Anderson, executive editor of, Walsh offers an overview of PCI DSS and suggests key compliance steps, including:

  • Creating a diagram that shows how credit transactions are handled;
  • Identifying all applications and systems involved and creating an inventory of all card reading devices;
  • Conducting an initial self-assessment and creating a plan to remediate any problems identified;
  • Creating a credit card handling policy and training staff annually on how to carry it out.

On May 18, Walsh will conduct an in-depth webinar on PCI DSS compliance in partnership with Information Security Media Group.

Walsh, CISSP, is president of Tom Walsh Consulting, an Overland Park, Kan.-based firm that advises healthcare organizations on information security in healthcare. He has conducted numerous presentations on PCI and has helped dozens of healthcare organizations conduct PCI self- assessments. Walsh also serves as information security officer at San Antonio Community Hospital on an outsourced basis.

HOWARD ANDERSON: For starters, please briefly describe the Payment Card Industry Data Security Standard and who must comply.

TOM WALSH: … To counter the threat of fraud, and unintentional security breaches, the major credit card companies worked collaboratively to create a common industry standard. … In September of 2006, the five major credit card companies formed the organization called the PCI Security Standards Council, and what the council tried to do was come up with a set of standard data security criteria that they wanted all the organizations that handle or process credit cards to follow.

The standard itself covers both technical and operational system components associated with the card holder data environment. It includes things like the access to credit card data, transferring the information, storage of the information, retention and disposal. They’ve been updating the standard over the years, and the current version of the PCI Data Security Standard is Version 2.0.

…Mainly the goals are to build and maintain a secure network, protect the card holder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test the networks, and then maintain an information security policy. These are all good things and generally considered common practices.

One thing I want to point out is that many people get confused, and they wonder whether this applies to the entire network and to the entire organization. But it really pertains only to those systems or applications that are used for the storage, processing or transmission of cardholder data. That is why a lot of organizations try to segregate out credit card data transactions from their other operations.

Security Controls

ANDERSON: Many healthcare organizations have been focused heavily on complying with HIPAA’s privacy and security rules, while sometimes overlooking other industry standards, such as PCI. So tell us about security controls that PCI requires.

WALSH: Many organizations are worried about complying with HIPAA, and they’ve forgotten that PCI applies globally to any organization that stores or processes or transmits card holder data. So most healthcare organizations accept credit card for payment for co-pays or for paying for their services outright. As part of this, they have to go in and look at these security requirements and they have to do what’s called a self-assessment, and that is a questionnaire form they have to fill out and it has certain criteria. The criteria are based on the environment in which your credit card processing takes place.

While the council is really responsible for managing the data security standards, each of the credit card brands maintains its own separate compliance and enforcement program, which makes it a little bit of a challenge. Each card brand has their own determination for validation of compliance, and most of it is based on reporting, and the reporting is usually a requirement for the acquiring financial institutions or banks, or the merchant service processors that work with the organization when they process credit cards.

Generally they’ll ask for … some kind of a letter to provide evidence or proof that the healthcare organization that is processing the credit cards is, indeed, in compliance with the PCI data security standard.

Now sometimes a breach may occur, and that is when these organizations will get involved, and then they’ll want to see proof that you’ve been compliant over the years. …

One of the things I’ve seen, which is a trend, is that the banks or merchant service processors are now sending letters to [certain] organizations and they are asking them to prove that they’re compliant by going online to a website and completing their self-assessment questionnaire. …

The other part about this that can be difficult is that when you go on the website to complete the self-assessment questionnaire, many times what is included in that registration process is a vulnerability scan that will be conducted by the organization that the bank or merchant service processor has contracted to go out and conduct the scan. …

The other thing is, who gets these letters? Generally it’s not going to end up with IT or information security; it usually will end up with whoever in the organization has the relationship with the bank or the credit card company. So the bad news is, somebody could be getting this letter and not know what to do with it, and either hold on to it or ignore it. And meanwhile, the folks who really know what they should be doing about it aren’t getting the word.

So as far as a compliance audit … you should be doing it on an annual basis. … In most cases, my clients, when they go through this, they’ll hold on to the result of it and won’t turn it over unless they are asked to produce it.

PCI Compliance

ANDERSON: So what are a few of the steps that an organization can take to assess whether they are PCI compliant now?

WALSH: Well some of the things that they need to look at is to figure out who in their organization is handling or processing credit cards. So you’ve got to look at the various departments. Now in a hospital, it will typically be the departments such as admitting, registration or patient access … where the patient first checks in and pays for a co-pay. It could be the cashier at the hospital. Patient financial services, which does the patient billing, handles credit cards [as do the] gift shops, cafeteria, any of the outpatient services, such as the pharmacy … or clinics or urgent care centers or if the organization sells or rents medical equipment and supplies. So those would be areas where credit cards are being handled. So the first step is really getting a handle on the environment itself.

The next step would be to determine who really owns the PCI project. … They need a high-level executive to take ownership of it. You need to determine what merchant level and type you are -based on the number of transactions you process, and the environment that you process it in – are you using just point-of-sale terminals or are you using some secure website for processing transactions. Then create a transaction work flow map or a diagram that shows how credit card transactions take place in the organization, and where all the data may reside so you have an idea then of what you need to assess. Then identify the applications and systems associated with the processing, storage and transmission of the credit card data. You might want to do an inventory of any of your point-of-sale terminals or cash register systems, or card readers that attach to a workstation.

Then you would conduct your initial self assessment, filling out the self assessment questionnaire. Sometimes [those doing this for the] first time … may want to call upon a vendor for some help with that. Once they have done the assessment, they will probably find some shortcomings, and that would be something you would put in a report of findings to your executive management to make a determination of the next steps through some type of an action plan, and what is it going to cost to remediate these. What kinds of resources do we need?

Some simple things … that need to be done include creating a credit card handling policy and then conducting awareness training for all your employees. Now the requirement is to train everyone who is handling credit cards when they are newly hired and then annually. And part of that annual training is that the employee has to acknowledge that they received a copy of the credit card handling policy and understand what their responsibilities are. So those are some of the key steps that need to be taken right away.

HIPAA, PCI Overlap

ANDERSON: And is there any overlap between what HIPAA requires and what PCI requires? WALSH:Well there is some overlap. The HIPAA security rule is kind of vague. It was written that way so it could be scalable. So it doesn’t give you a lot of detail, whereas the PCI Data Security Standard is very specific and detailed in its requirements. So for example … within the HIPAA security rule there is really no specification for passwords other than under the standard of security awareness training that we have to conduct password management training and we have to teach people how to manage their passwords. But when you look under the technical safeguard section, it talks about authentication but it doesn’t specify passwords, which is probably the most commonly used method today in healthcare of authenticating a user. When you look at PCI, they have eight specific requirements on passwords. So they specify things like minimum password length and complexity, history and password expirations; it’s very detailed.

So, if an organization can meet all of the requirements of PCI, you’re going to be in great shape when it comes to HIPAA security compliance. The problem is that most organizations just can’t afford right now to invest in their infrastructure as well as all the controls that are required to meet all the standards in PCI. If they could, it  would be a great help with HIPAA.

ANDERSON: Finally, you’ll be offering a webinar on PCI compliance strategies May 18, so tell us what information you are planning to provide in that event.

WALSH: In that webinar, I’m going to go into more detail about the PCI Data Security Standard. I’ll also be talking about some of the common mistakes that I’ve seen in healthcare organizations as far as addressing the standard. We’ll provide a more detailed action plan. …

This article was originally posted at

AAFP Calls for ‘Robust Investment’ in Primary Care Physician Workforce

Federal investment in health careis necessary to “transform health care to achieve optimal, cost-efficient health for everyone,” said the AAFP in recent written testimony (4-page PDF; About PDFs) to the House Appropriations Committee. That is why the Academy is urging the committee to make a robust investment in the nation’s primary care physician workforce by financially supporting programs critical to building and strengthening the nation’s primary care physician pipeline.
“We recognize the difficult decisions (that) our nation’s budgetary pressures present,” said the AAFP. However, the Academy urged the House Appropriations Subcommittee on Labor, Health and Human Services, and Education “to make a robust fiscal year 2012 investment in our nation’s primary care physician workforce … to ensure that it is adequate to provide efficient, effective health care delivery addressing access, quality and value.”
Specifically, the Academy called on the committee to provide at least $449.5 million for training programs covered by Title VII of the Public Health Service Act and administered by the Health Resources and Services Administration, including at least
  • $140 million for primary care training and enhancement as authorized by Title VII, Section 747 of the Public Health Service Act;
  • $10 million for development grants for teaching health centers; and
  • $4 million for rural physician training grants.
Failure to provide adequate funding for Title VII programs “would destabilize ongoing efforts to increase education and training support for family physicians, exacerbating primary care shortages and further straining the nation’s health care system,” said the AAFP.

“We urge the committee to increase the level of federal funding for primary care training to reinvigorate medical education (and) residency programs, as well as academic and faculty development in primary care to prepare physicians to support the patient-centered medical home.”

The AAFP called for other funding increases, as well, including President Obama’s requested funding of $418.5 million for the National Health Services Corps and at least $405 million for the Agency for Healthcare Research and Quality, or AHRQ.

“AHRQ’s investment in patient-centered outcomes research will help Americans make the informed decisions we must make to focus on paying for quality rather than quantity,” said the AAFP. “By determining what has limited efficacy or does not work, this important research can spare patients from tests and treatments of little value.”

Among other programs that are critical to the primary care physician pipeline, according to the AAFP, is the teaching health center program, which provides resources to qualified, community-based, ambulatory care settings that operate as primary care residency programs. These settings include federally qualified health centers, rural health clinics, community mental health centers, health centers operated by the Indian Health Service and centers that receive Title X grants.

In addition, the Academy continues to call for reforms to graduate medical education programs that encourage training of primary care residents in nonhospital settings, which is where most primary care is delivered.

“We were pleased that the Patient Protection and Affordable Care Act authorized a mandatory appropriations trust fund of $230 million over five years to fund the operations of teaching health centers,” the AAFP said. “However, if this program is to be effective, there must be funds for the planning grants to establish newly accredited or expanded primary care residency programs.”

The Academy also addressed rural health needs in its testimony. For example, the Rural Physician Training Grants Program helps medical schools recruit students who are more likely to practice medicine in rural communities. “This modest program … will help provide rural-focused training and experience and increase the number of recent medical school graduates who practice in underserved rural communities,” the AAFP said.

Mobile Learning: The Next Evolution

Learning leaders can take several steps to ensure mobile learning programs are successful.

With the introduction of new mobile products such as the iPad, iPhone 4, Droid and Windows Phone 7, it is not surprising that mobile technology growth rates have quickly surpassed other digital technologies such as radio, television, personal computers and even the Internet. Statistics from the 2010 Tomi Ahonen Almanac show that more than two-thirds of the planet’s population has a mobile phone subscription, and the adoption of user-generated mobile content and applications is exploding.

The almanac also estimated that there were 5 billion cell phone subscriptions worldwide at the end of 2010, meaning the opportunities for m-learning are seemingly endless. IDC estimates more than 35 percent of the workforce will be considered mobile workers by 2013 — some 1.3 billion. Combine those statistics with the fact that the millennial workforce prefers mobile phones over any other personal technology, and the opportunities for learning and development organizations to offer mobile learning seem to be limitless.

Ideally, m-learning should be viewed as a complement to a company’s learning and development strategy, not a replacement for it. Identifying the problem to be solved is the first step in creating an m-learning strategy, and gathering information and measuring results play equally important roles in the process. Often, a pilot or phased approach with a small subset of users is the easiest way to gain momentum for these projects.

There are no hard rules or best practices for implementing m-learning initiatives as part of an integrated learning and development strategy yet. But the following steps will help develop an m-learning initiative that will complement an existing talent management program.

Step 1: Identify business challenges and define strategy. For any learning initiative to be effective, leaders first need to identify what problem that initiative is going to solve. An m-learning initiative is no different, and due to its relative infancy as a learning delivery method, this is an important step to ensure an organization is adopting it for a reason and not just because everyone else is doing it. Common business challenges where m-learning may have value include:

• Enabling access to training content and services across a globally dispersed workforce.
• Offering performance support services to field or sales agents in a rapidly changing industry.
• Delivering just-in-time learning.
• Implementing on-boarding training.
• Delivering straight-to-the-point compliance training.

The second important piece is to define the m-learning program strategy: “Where do we want to be?” As part of strategy definition, learning leaders also should be sure to establish success criteria for any pilots. Those success criteria should address the question “How do we get there?”

Step 2: Define the solution. When defining a solution to address business challenges and fulfill strategic vision, it is important that learning leaders consider specific areas within the organization related to the elements of an m-learning ecosystem. These areas include:

1. Technology or infrastructure: Choose among the countless mobile devices and mobile authoring tools available and consider how they integrate with other learning technologies.
2. Culture: Consider different workforce groups. Millennials prefer mobile phones over any other technology, social learning and just-in-time learning.
3. Content: Consider content conversion strategies for mobile devices and how to make modifications to instructional models to support m-learning programs.
4. Instructional design: Modify traditional instructional design processes to effectively deliver m-learning.

It is easy to overengineer an m-learning solution. When defining a strategy, remember that m-learning is not simply converting e-learning content and making it accessible on a mobile device. This training content can be delivered in multiple modalities, such as handheld computers, MP3 players, notebooks, iPads, iPods, USB drives or mobile phones. M-learning is about the mobility of the learner interacting with portable technologies and enabling learning that focuses on society’s and its institutions’ need to accommodate and support an increasingly mobile population.

As a learning delivery method, m-learning enables a shift away from larger e-learning courses in which content is presented in 30- to 60-minute segments to smaller, bite-sized learning experiences. These smaller learning chunks can be anywhere from three to five minutes and allow learners to retrieve specific information relevant to their immediate tasks, whether on the sales or factory floor. Further, these smaller learning experiences allow content to be easily digested on the mobile device.
M-learning offers many options besides viewing courses on mobile devices. Short message service (SMS) and informal learning are prime examples.

SMS: Consider the ability to conduct a synchronous training session, whether virtual or in person, and allow people to actively participate via text messages with the instructor on course content. SMSs, such as Poll Everywhere, allow for that by displaying live responses in programs such as Keynote, PowerPoint or over the Web. SMS is one of the most basic technological elements for mobile phones. While often overlooked, leveraging it as the first part of the m-learning strategy can provide a quick win for a learning program. Other possible SMS solutions include surveys, questionnaires, polls and voting.

Informal learning: While there is some debate over how to define informal learning, many agree that offering informal learning via mobile device is a good approach. One of the most notable areas of informal learning is social media: social learning, networking and collaboration. In an August 2010 report, Ambient Insight predicted the second generation of m-learning largely will be about mobile collaboration. Organizations that allow for open collaboration have reaped benefits in productivity and efficiency for years. Expanding that collaboration with an m-learning program could enable even greater benefits.

Ultimately, when considering an m-learning solution, it is most important to consider the type of learning the organization is trying to accomplish. Certain types are appropriate for mobile, others are not. Many experts refer to Conrad Gottfredson, senior partner and chief learning officer at TRClark, and his Five Moments of Learning Needs when discussing when to use m-learning:

1. When learning for the first time.
2. When wanting to learn more.
3. When trying to remember.
4. When things change.
5. When something goes wrong.

While organizations can leverage m-learning in any one of these cases, the last three provide the best fit. Consider using job aids, performance support or other just-in-time training when learners are trying to remember something.

Step 3: Pilot the m-learning solution. Using a pilot approach can help to ensure program success. This has become a best practice in the learning industry. M-learning initiatives are no exception, especially given the lack of lessons learned and guidance currently available.

It is vital to match the structure and approach of an m-learning pilot to an organization’s unique needs and requirements. “No two m-learning pilots are alike; one size does not fit all,” said Robert Gadd, president and chief mobile officer of m-learning solutions provider OnPoint Digital. “We have enterprise customers — who actually operate in the exact same markets delivering identical yet competitive services — approach mobile learning in completely different ways. One organization might seek to provide just-in-time training to sales professionals via their ever-present smart phones. Another would look to deliver mobile performance support to field engineers. What’s common in both scenarios is the need to seamlessly deliver, accurately track and securely manage all the device-side interactions back into a centralized LMS platform.”

While there may be significant differences in approaches or implementation related to the pilot, the important takeaway is to understand that pilots limit risk and cost and ensure the m-learning strategy is refined to be successful at the program or enterprise level.

Step 4: Gather information and measure results. Most successful high-impact learning organizations implement strategies to measure learning effectiveness. M-learning pilots should do so as well.
Strategies to measure training program effectiveness are available in a number of formats. Organizations that have been successful with other training initiatives likely have measured the effectiveness of those programs and made adjustments as necessary. The same successful methods can be put to use for m-learning programs. Bersin & Associates’ Primer for the Measurement of Corporate Training framework contains nine measurement areas that allow organizations a structure within which to evaluate training program effectiveness. Understanding the effectiveness of mobile training programs from an individual, as well as organizational, improvement standpoint is a key area of focus when gathering information and measuring results.

Return to the agreed-upon success criteria for the program or pilot during this step. Total enrollments, student hours, completion rates and user satisfaction surveys are all basic areas to focus on with regard to individuals participating in an m-learning pilot. To transition from pilot to program, CLOs need to tie training program measurements to organizational objectives.

Step 5: Adjust the program as necessary. Thoroughly walking through Step 4 should provide the information needed to adjust the m-learning strategy if necessary. Adjustment is not a negative, but rather an integral part of the process to ensure enterprise program success.
Organizations looking to add m-learning as a complement to their existing learning strategies will benefit the most from such initiatives. Simply put, m-learning will not, and should not, replace other learning initiatives, such as traditional e-learning content development workflows and processes or enterprise learning technologies.

Success in m-learning cannot be enjoyed without first understanding common hurdles that exist for organizations embarking on this journey. According to Gary Woodill’s The Mobile Learning Edge: Tools and Technologies for Developing Your Teams, the three main obstacles are:

This article was originally posted at

New Mobile Learning Case Studies

As part of their Value of Investment initiative, the Washington-based Consortium for School Networking has posted two new case studies of mobile learning initiatives in two Texas school districts.

The Rockdale Independent School District recently handed out 150 iPod Touches to 6th graders to use in school in order to increase student achievement and engagement, as well as teacher satisfaction and retention. The school district is also implementing a bring-your-own technology project in its high school to achieve the same benefits with older students.

The Katy Independent School District is in its second year of a pilot program that has put 3G smartphones into the hands of one 5th grade class to use out of school for homework and collaborative projects, the press release says. So far, the pilot program has adjusted the type of phone the students are using as well as the mobile operating system, and has expanded the initial program to 10 more 5th grade classrooms in the district. Like Rockdale ISD, the pilot program has spurred a bring-your-own-technology program in the district’s high schools as well.

To read more about the case studies, which detail the implementation of the mobile devices as well as the direct and indirect costs of the projects, check out CoSN’s website. You must be a CoSN member to receive the full versions of the case studies, but you can read the summaries for free.

This article was originally posted at

A Trend That’s Keeping Students Safe from Budget Cuts

Gabe Jackson – IT or Information Technology seems to be the only department that some Nebraska educational districts are protecting from upcoming budget cuts. The learning of information is what any school experience boils down to.

What’s key to many educational leaders in Nebraska’s rural area schools is making sure information gets to their students just as fast, if not faster than their larger counterparts. The integration of the World Wide Web with learning and teaching software has certainly brought information to our fingertips like no way before. Nevertheless, schools are making no cuts to ensure that information gets to their students faster.

Today, the learning experience of the average student is drastically different than that of a student ten years ago. Middle schools and especially high schools are looking to tablet computers like Apple’s Ipad to replace the once popular laptop computer. When it comes to communication, 1,000 mbps (mega bit per second) fiber optic networks are being proposed to schools to replace their once cutting edge twenty to fifty mbps high speed cable systems. As a result, schools and their budgets have adapted to stay apace with tech innovation. In America’s heartland, the state of Nebraska is keeping abreast despite the struggles of limited local tax resources and the condition of the American economy. Interviewed high school principals and superintendants of Nebraska’s ESU 15 district understood that if students are not provided with an educational experience consisting of readily available tech tools and advanced class offerings, they simply are not preparing students for college or the job market.

With statewide budget cuts and funding losses, public schools are turning to federal grant programs to soften the blow. The one department that Nebraska schools are making sure stays on track is their IT departments. All the schools in ESU 15 share a similar point of view on the importance of the role of IT in the classroom. Focusing on the ESU 15 school district, which is composed of ten high schools, its superintendants and principals all agree keeping tech safe is keeping students first.

ESU 15’s supervisor, Paul Calvert states “Our ESU unit that assists each individual school in the district is now providing over one-hundred online classes to meet students needs.” He agrees trends must be continued that better equip students to access information. “Many of our schools are looking at integrating Apple’s Ipad and similar devices to put tools in the hands of students that better equip them to learn about art, science, math and everything in between.”

Through Nebraska’s entire ESU 15, not one school planned to cut their IT budgets. In fact, most plan to expand their budgets to ensure their students have access to information as quickly and safely as possible. It seems that these leaders are unwilling to budge and for good reason. No one can count the cost of a short-changed student, but the price will have to be paid eventually. With this social salient fact in mind, Matt Fisher of Chase County Schools adds, “Despite state funding cuts, we don’t see ourselves going anywhere near our IT departments. Once you start giving your students a tool like this, you don’t want to take it away.” Chase County is also one out of three schools in the district that boasts a 1-1 program, meaning they have one laptop for every student that attends school.

The schools in the ESU unit have a wide variance in budgets. Ranging from the small ($2,600) to the large ($200,000+). Medicine Valley Principal Norm LiaKos who works with a limited but effective tech budget and is always looking for ways to provide his students and staff with better access to information. He states, “Technology is no longer the future, it’s the present. Without the proper tools in place, our students will fall behind. We do the best we can with what we have but we aren’t settling. We always strive to do better and are looking to grants and outside funding to offer our students more.”

Jeff Koehler of Maywood schools stands firm on what technology does for students. In Koehler’s eyes, technology provides the tool that unlocks the secret of true education by teaching students to discover what they want to know. “We teach students, you won’t know everything, but you have to know where to find it. Every student is different and making sure that a diverse and flexible resource like the internet is available on 1 to 1 structure allows students to inform themselves on a much broader scale. Our students love the one to one system. Always having access to class materials no matter where they are gives them ability to always be prepared for upcoming tests.” According to Koehler, Maywood schools made their budget cuts six years ago to make room for more learning resources. Maywood is also a “1 to 1” school providing every single student access to technology resources.

There are the positive points of an economic recession. When programs and budgets are stripped down to the bare essentials, institutions must check themselves on what they really need. The educational system in Nebraska is showing that the educational experience means nothing without productive and informed students.

This article was originally posted at


Cost Effective OSHA Compliance Training Programs

Implementing effective OSHA compliance training isn’t an expense. It’s an investment in your company’s greatest asset: your people. But that doesn’t mean your OSHA compliance training can’t be cost effective. emPower eLearning Solutions provides online OSHA Training courseware and campaign management tools that is less costly than traditional safety training methods.

emPower eLearning Solutions offers the most comprehensive online OSHA compliance training delivery and management solution in the industry. General industry employers must address a variety of safety topics with their workforce. emPower eLearning Solutions’s OSHA essentials library will enable you to effectively educate employees on subjects such as:

  • Hazard Communication
  • Electrical Safety Training Course
  • Personal Protective Equipment

Are you looking for safety training materials? Visit our store and shop online for OSHA

For More

Cost Effective HIPAA Compliance Training Programs

emPower eLearning Solutions is excited to offer a training solution that will help organizations train their entire work population in a timely and cost effective manor. emPower eLearning Solutions Compliance Training is devoted to helping organizations meet the Administrative Simplification Act section 164.530(b)(1). This section requires employers to provide HIPAA Training awareness and Job Role policy training. Our course is designed to reach all level of employees from providers to billing clerks to housekeeping.

HIPAA’s intent is to reform the healthcare industry by reducing costs, simplifying administrative processes and burdens, and improving the privacy and security of patient’s information.

For More

Tag Cloud