Section 32: Education and Training of the Health Care Component Workforce
HIPPA requires all current and future Workforce members to receive training on the Use, Disclosure and general treatment of PHI. The HIPAA Privacy Officer is responsible to coordinate training for all students, faculty, employees, contract employees and volunteers who are employed in the Callier Center and any other office or department that is included in the UT Dallas health care component. All staff of any office identified as part of the University Health Care Component shall receive training on privacy policies and procedures with respect to PHI as necessary and appropriate to carry out their duties as assigned.
The Privacy Officer shall determine the policies and procedures to be addressed for each category of Workforce, volunteers and students, as well as the frequency, the methods and materials used to provide privacy training (tailored to the nature of the trainee’s contact with PHI), such as traditional classroom lectures, video presentations, interactive software, role-playing, case studies, seminars and discussions; and the use of competency tests to evaluate training effectiveness.
Business Associates are responsible for providing the training required to ensure that their own Workforces meet the responsibilities under the HIPAA Privacy Rule and their Business Associate Agreements.
All Workforce members will receive privacy training upon employment in a position that requires access to Callier Center PHI. All Workforce members will receive retraining following any material change in HIPAA rules and/or this privacy manual within a reasonable time following a material change. All Workforce members will receive privacy training on an annual basis. The HIPAA Privacy Officer is responsible for maintaining documentation of the following:
- The method by which the training was provided
- The name, title and qualifications of the person presenting the training
- A description of the training and/or a copy of the training materials
- Training attendance records that document each employee that completed the training
- The HIPAA Privacy Officer may document the required information separately for different offices, locations, and Workforce groups as necessary.
- Documentation must be obtained from each Workforce member who receives training that verifies the name, position and date the training occurred. If training occurs online UT Dallas shall develop a process for ensuring that the specific Workforce member actually completed the training.
Failure to complete training within the first day of computer access will result in suspension from access to HIPAA data until training is completed.
HIPAA Regulatory Citation: 45 CFR § 160.103, § 164.530(b) Effective: 04/14/2003
Reviewed: 03/31/2021, 12/08/2015
Donise W. Pearson, HIPAA Privacy Officer
UT Dallas Callier Center