Friday, August 19, 2016

Compliance Essentials: Training

Training is one of the essential cornerstones of any effective compliance program.

Training is an investment for any organization. That investment pays great dividends in the form of liability protection when it comes to compliance. However, with that being said, some organizations are still hesitant to train their employees or outright refuse to make this very important investment.

When it comes to Federal and State compliance, the decision to train employees has been taken out of the hands of the organizations. For example, with HIPAA compliance, the Office for Civil Rights (OCR), states:


"§164.530(b)(1) Standard: Training. A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information required by this subpart and subpart D of this part, as necessary and appropriate for the members of the workforce to carry out their functions within the covered entity."

In the event of a HIPAA audit, the auditor will ask him or herself a discovery question:


"Does the covered entity train its work force and have a policies and procedures to ensure all members of the workforce receive necessary and appropriate training in a timely manner as provided for by the established performance criterion?"

In addition, the auditor will take the following action:

"Obtain and review such policies and procedures. Areas to review include training each new member of the workforce within a reasonable period of time and each member whose functions are affected by a material change in policies or procedures. From the population of new hires within the audit period, obtain and review a sample of documentation of necessary and appropriate training on the HIPAA Privacy Rule that has been provided and completed."

And finally, the auditor will:

"Obtain and review documentation that workforce members have been trained on material changes to policies and procedures required by the HITECH Act."

What is the above patter of the auditor?

  1. As a mater of policy, require that all employees are being fully trained
  2. Ensure that each organization has established policies and procedures
  3. Verify that training is being done by obtaining documentation on training and policies/procedures
This similar pattern is followed by other government organizations. Documented compliance training is required in the areas of OSHA, Medicare, and other various areas where compliance is required.

When organizations give their employees the resources and information they need to be compliant with these various regulations, they begin to establish a culture of compliance within the organization. 

Compliance training is not a request or addressable, it is REQUIRED!!!!!

Employee training is an investment worth making. However, compliance training is not just a good investment, it is liability protection that any organization cannot be without.



To subscribe to this blog, enter your email address:


Delivered by FeedBurner