HIPAA compliance is a concern that structures all medical practices, but what many don’t realize is that medical schools are also covered by this law. So how do medical schools introduce HIPAA in the classroom and throughout administrative structures?
Many medical students are required to participate in HIPAA training programs, but medical schools today face a unique set of challenges. That’s because the current generation of medical students was raised online. Their phones are always on hand and their understanding of privacy may vary from what instructors and future employers will expect. In response, medical schools need to update and underscore the importance of HIPAA compliance education in the classroom.
Of course, it isn’t just the millennial generation that’s guilty of the waning attention span, but with younger individuals estimated to pick up their phones 1,500 times a week – often to overshare on social networks – reiterating the importance of HIPAA regulations should be a high priority in the classroom. One way to do this may be to explain the actual penalties of a privacy breach to students, rather than focusing on the conceptual importance of privacy.
A medical student who unknowingly violates a HIPAA standard may be fined as little as $100, but depending on the severity of that breach, the fine could also be as much as $50,000. Considering that most medical students are carrying a significant debt load already, discussing this type of financial consequence may be what’s needed to reinforce the importance of compliance.
Another important step medical schools need to take, both for their own compliance purposes and to offer additional protections to students in the process of learning the rules, is tech protections. One way to do this is by issuing strict sign-in rules using a system with multiple steps – for example, a strong password plus PIN or security questions to verify user identity. The system should also quickly lock out unauthorized users.
Second, medical school email systems should use an encryption-enabled platform. With proper business associate agreements in place, schools may be able to use standard, collaborative platforms like Google Apps.
Schools shouldn’t just implement the use of these programs, however; they should be sure to discuss with students the reasons for using them. Though it may seem an inappropriate topic for the med school classroom, issues like encryption, business associate agreements, cloud privacy, and EMR use should all be part of orientation, training, and courses related to medical ethics.
Make Use Of Models
If your school is struggling to create effective training practices that translate HIPAA compliance to millennial, it may be worthwhile to network with other schools that have developed compliance programming. Yale University, for example, describes many of their HIPAA compliance practices on their website. Reading other approaches to compliance and speaking with administrators may reveal places where your school could strengthen its practices.
Ultimately, HIPAA needs to be presented as a non-negotiable core of medical education. Millennial technology habits may initially present themselves as a barrier to compliance, but with careful instruction and orientation, students will recognize that failure to work within HIPAA regulations can jeopardize their chances of making a career in the medical sector.
HIPAA, as well as the updates associated with HITECH, stands at the core of medical practice and technology today, and tech-addicted students must alter their habits to comply.