Hipaa Ethics Program

HealthPrivacy ™ Education, Training and Policy Development for HIPAA Compliance

As the Department of Health and Human Services released its Final Rules on HIPAA Privacy Regulations in December 2000, it became clear that a lot of changes needed to occur for organizations to achieve and maintain compliance. 

Certainly, departments that deal with electronic data, including admissions, medical records, patient accounting, member enrollment, personnel, and IT would bear the brunt of the new regulations; but compliance will be more costly and complex than originally thought and impact virtually every area of the Covered Entity.

The Final Rules call for an expansion of 'Protected Health Information' (PHI) to include information transmitted or maintained in any form or medium, including oral communications in any Covered Entity, not just the electronic information that was originally proposed. This means that a lot of information and a lot of employees that use that information will be impacted by the new regulations. Indeed, HIPAA compliance costs could easily exceed Y2K preparations and could reach as much as US $25 billion. 

The Final Rules require Covered Entities to establish a framework to achieve organizational compliance, including the appointment of a privacy officer, implementation of policies and training of staff. Failure to comply will have significant civil and criminal penalties for the organization as well as the individual involved in violation of the privacy rules. There is also a whistleblower provision that allows any person to report the Covered Entity for failure to comply.

Sanctions for non-compliance, as established in Section 1177 of the legislation, will range from:

  • $ 50,000 and/or imprisonment for one year for wrongful disclosure


  • $250,000 and/or imprisonment for ten years for any offense committed with intent to sell information.


What does this mean to you and your organization?

The administrative requirements demand that you establish internal policies for your organization to accomplish the following: 1) Protect PHI from accidental or intentional misuse or disclosure; 2) Establish a procedure for handling grievances for violations of the privacy policies; 3) Impose sanctions against individuals and employees that violate privacy policies; 4) Mitigate errant disclosures by the organization or business associate; 5) Prevent retaliation for complaints about non compliance.

Covered Entities must train employees on their privacy policies and are required to re-train them if material changes are made to such policies. The rules call for employee certification of the required training, with re-certification taking place every three years. The scope and magnitude of this training may vary by organization, but it will be a significant and central endeavor for all Covered Entities to establish, implement and track for compliance. 

Such training should serve to enhance both the personal decision-making skills as well as the organizational awareness of privacy and confidentiality issues among your management team, employees and professional staff. Indeed your new IT systems, security measures, policies and procedures will only be as effective as the people exercising their personal judgments on a day-to-day, case-by-case basis.

How can we help?

Professional Services Source [www.ethicsedge.com] provides web-based, interactive training and education on a number of regulatory, compliance-oriented and other ethics-based topics for diverse professional associations and industry groups worldwide. Our principals have been assisting healthcare organizations address legislative redirection for nearly two decades. We can assist you in developing your privacy policies and will incorporate those policies into a customized program to educate and train your employees in an efficient and cost effective manner. In addition, we will provide the certification of training and provide electronic prompting for re-certification as required by the rules.

Programs are delivered in an 'eLearning' format designed to move participants through the policies and issues in a self-paced, interactive process. Each participant will be scored and certified with full documentation going to the Privacy Officer for compliance with the training provision of the HIPAA Privacy Requirements.

Our HealthPrivacy™ programs are designed to satisfy regulatory requirements as well as identify and mitigate ethical, professional or other interpersonal issues that could lead to potential non-compliance. The program focuses on establishing and communicating appropriate policies and procedures, raising the general level of ethical awareness around privacy and confidentiality issues, as well as building a corporate culture of responsible decision-making in order to minimize potential problems and alert management to prospective trouble spots.

Hipaa consulting and ethics


Our HIPAA HealthPrivacy Offerings

HealthPrivacy PolicyBuilder™ An interactive process to help you and your organization develop a set of privacy policies as required in the Final Rules.

HealthPrivacy Training™  A cost effective interactive tutorial that incorporates basic ethical considerations along with your policies and the HIPAA Privacy requirements. The online format can accommodate any number of employees at their convenience. It provides documentation and certification as well as electronic notifications for re-certification requirements.

Beyond Compliance: HealthPrivacy for Medical Professionals and Executives™  A 'web-based' course designed to help your medical and executive teams understand the policies as well as the ethical and legal implications of the HIPAA Privacy regulations and assist them in building effective decision-making strategies.