Know what you need to know?
You don’t know what you don’t know, which is why compliance training is so important for your compliance officer.
Unfortunately for you, ignorance of the rules is not a defense. Actually, it used to be, but that’s a story for another day. You also don’t want to say, “It’s not a problem if I don’t get caught.” Wishful thinking isn’t a defense either. And neither is thinking that your business is too small to get hacked. Smaller businesses are low-hanging fruit for cyber thieves because they’re less likely to employ deep levels of data security.
Data breaches can happen at any time. It could be as simple as a misplaced device or as complex as a data hack, but the potential consequences are the same for your business. Proper training will get you beyond thinking it can’t happen to me.
Think about it this way: it’s not about compliance, it’s about patient care and caring for your business, as well. You wouldn’t hire someone to do your taxes if they didn’t understand accounting, would you? But that’s exactly what happens to compliance officers. The boss taps someone and “Poof!,” suddenly that person is a compliance officer.
Compliance training is part of the regulations, and your compliance officer needs a deeper level of training than the rest of the staff. (But remember that every staff member should be trained on how to safeguard protected data.)
Even if you use a vendor to handle the majority of your compliance efforts, your compliance officer still needs training. Knowing what to do and when requires training. Even if we are on your speed dial, we can’t help if you don’t think to call us when something happens.
Convinced, yet? I hope so.
Not just a quick webinar
Now let’s turn our attention to the type of training your compliance officer needs. Training should be done at one time, so the person gains a deep understanding of the expectations. An annual 30-minute luncheon webinar doesn’t cut it because: 1) there’s not enough time to cover all of the necessary materials; and 2) the person likely will still be in the office and get interrupted.
Just like your car, your compliance program needs regular maintenance. And just like using the car’s warranty requires the proper documentation, your compliance officer must document the plan, audits and assessments.
That’s why training should encompass not only the expectations but also the down-in-the-trenches work of compliance (plans, procedures, audits and what to do in the event of a breach). If the training just explains the law, great. But, if there isn’t any explanation about HOW to do the work of HIPAA you will still have to figure that part out.
Some companies outsource compliance, which can be a viable option. But you must realize that according to the law, the security or privacy office must have the authority to implement policies across the organization, develop sanctions and enforce the policies. Can you imagine giving your outsourced compliance the authority to sanction everyone from the CEO or company president to the part-time office staff?
In most of our compliance engagements, we help companies develop their plans, their checklists, their maintenance schedules and their incident response plans. We’re the coaches, helping put the right players on the field with the right game plan.
But you still have to play the game. And you still must win. Don’t field a team at the last minute with players who have never even used the equipment before. Get compliance officer training on a regular basis using a wide variety of sources.