HIPAA Training Policy and Procedure

Title

University of North Carolina at Chapel Hill HIPAA Training Policy and Procedure

Policy

UNC-Chapel Hill provides an education program ("HIPAA training") relating to the requirements of the Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HIPAA"). This HIPAA training is updated annually to reflect changes any changes in the law, and/or changes in UNC-Chapel Hill policies and procedures as these relate to HIPAA compliance. Each covered University unit has a designated Privacy Liaison and designated Security Liaison who work with the University's Privacy Officer and Security Officer to ensure that all employees, students, and volunteers in covered University units, and Business Associates complete HIPAA training in accordance with this policy. The University's Privacy and Security Officers may consider and recommend training for additional individuals. Completion of HIPAA training is documented and maintained by the Research Compliance Program and UNC-Chapel Hill.

Procedure

1. Initial Training

New UNC-Chapel Hill employees, students, and volunteers who work or train with covered University units must complete HIPAA training within thirty (30) days of initial employment, enrollment, or placement.

  1. Business Associates who participate on site in UNC-Chapel Hill sponsored work are required to complete HIPAA training.

2. Annual Training

  1. UNC-Chapel Hill employees, students, and volunteers in covered University units must complete HIPAA training annually. Additional training may be required as necessary for some or all listed individuals, as determined by the University Privacy Officer and/or Security Officer.
  2. Business Associates who participate on site in UNC-Chapel Hill sponsored work are required to complete HIPAA training.

3. Ongoing Awareness Training

  1. UNC-Chapel Hill employees, students, and volunteers will receive periodic awareness privacy/security training. This training may include any/all of the following:
    • Overall privacy/security awareness
    • Periodic HIPAA regulation reminders
    • Virus awareness
    • Password management
    • Security Incident Reporting
    • User-specific topics necessary for individual workstation security
  2. Ongoing training may include (without limitation) meetings, University or departmental newsletters or memoranda, e-mail communications, and posters.
100% helpful - 1 review

Details

Article ID: 132087
Created
Thu 4/8/21 9:23 PM
Modified
Wed 2/7/24 9:08 AM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
07/14/2020 4:23 PM
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Chief Privacy Officer and Associate University Counsel
Last Review
Date on which the most recent document review was completed.
07/14/2020 4:23 PM
Last Revised
Date on which the most recent changes to this document were approved.
08/01/2013 12:00 AM
Next Review
Date on which the next document review is due.
09/30/2021 12:00 AM
Origination
Date on which the original version of this document was first made official.
08/01/2013 12:00 AM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Institutional Privacy Office

Related Articles (1)

Adams School of Dentistry: Infection Control Manual - Chapter 04: Immunizations, Trainings, and Infectious/Communicable Disease Requirements
Chapter 4 of the Adams School of Dentistry's (ASOD) Infection Control Manual details immunization and training requirements for ASOD personnel (including faculty, staff, and residents) and students, with guidance on infectious / communicable diseases.