HIPAA Training Policy and Procedure

Summary

UNC-Chapel Hill provides an education program ("HIPAA training") relating to the requirements of the Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HIPAA"). This HIPAA training is updated annually to reflect changes any changes in the law, and/or changes in UNC-Chapel Hill policies and procedures as these relate to HIPAA compliance.

Body

Title

The University of North Carolina at Chapel Hill Policy and Procedure on HIPAA Training

Policy

The University of North Carolina at Chapel Hill ("UNC-Chapel Hill") provides an education program ("HIPAA training") relating to the requirements of the Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HIPAA"). This HIPAA training is updated annually to reflect changes any changes in the law, and/or changes in UNC-Chapel Hill policies and procedures as these relate to HIPAA compliance. Each Covered Component works with the University's Chief Privacy Officer and Chief Information Security Officer to ensure that all employees, students, and volunteers in Covered Components, and Business Associates complete HIPAA training in accordance with this Policy. The University's Chief Privacy Officer and Chief Information Security Officer may consider and recommend training for additional individuals. Completion of HIPAA training is documented and maintained by the Research Compliance Program and UNC-Chapel Hill.

Procedure

1. Initial Training

New UNC-Chapel Hill employees, students, and volunteers who work or train with Covered Components must complete HIPAA training within thirty (30) days of initial employment, enrollment, or placement.

  1. Business Associates who participate on site in UNC-Chapel Hill sponsored work are required to complete HIPAA training.

2. Annual Training

  1. UNC-Chapel Hill employees, students, and volunteers in Covered Components must complete HIPAA training annually. Additional training may be required as necessary for some or all listed individuals, as determined by the University's Chief Privacy Officer and/or Chief Information Security Officer.
  2. Business Associates who participate on site in UNC-Chapel Hill sponsored work are required to complete HIPAA training.

3. Ongoing Awareness Training

  1. UNC-Chapel Hill employees, students, and volunteers will receive periodic awareness privacy/security training. This training may include any/all of the following:
    • Overall privacy/security awareness
    • Periodic HIPAA regulation reminders
    • Virus awareness
    • Password management
    • Security Incident Reporting
    • User-specific topics necessary for individual workstation security
  2. Ongoing training may include (without limitation) meetings, University or departmental newsletters or memoranda, e-mail communications, and posters.

Details

Details

Article ID: 132087
Created
Thu 4/8/21 9:23 PM
Modified
Mon 7/29/24 2:29 PM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Institutional Privacy Office
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Katherine Georger
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Chief Privacy Officer and Associate University Counsel
Next Review
Date on which the next document review is due.
07/29/2027 12:00 AM
Last Review
Date on which the most recent document review was completed.
07/29/2024 4:23 PM
Last Revised
Date on which the most recent changes to this document were approved.
07/29/2024 12:00 AM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
07/14/2020 4:23 PM
Origination
Date on which the original version of this document was first made official.
08/01/2013 12:00 AM

Related Articles

Related Articles (1)

Adams School of Dentistry: Infection Control Manual - Chapter 04: Immunizations, Trainings, and Infectious/Communicable Disease Requirements
Chapter 4 of the Adams School of Dentistry's (ASOD) Infection Control Manual details immunization and training requirements for ASOD personnel (including faculty, staff, and residents) and students, with guidance on infectious / communicable diseases.