HIPAA Compliance

Training employees to ensure patient privacy is just one step of HIPAA compliance.

Patient Experience

HIPAA Compliance

When training new employees, make sure you thoroughly review patient privacy rights as mandated by the federal HIPAA regulations.


Ideally, this should be addressed in your office procedures manual.

What Is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996 and involves the protection of patient information - including privacy and security of that information.

To be HIPAA compliant you must:

  • Develop policies and procedures addressing HIPAA's requirements
  • Train all current and future employees on HIPAA-compliant policies and procedures
  • Appoint a privacy officer to oversee the practice's compliance
  • Develop a notice of privacy practices for distribution to all patients
  • Enter into contracts with all business associates having access to patient information

Developing HIPAA Policies and Procedures

Your practice's HIPAA compliance manual should contain your HIPAA policies and procedures involving patient privacy and security. It should include copies of the forms, notices, and disclosures your practice utilizes for patient privacy notification and overall HIPAA compliance.

Your practice's policies and procedures should include information such as:

  • use and disclosure of protected health information (PHI)
  • patient rights in regards to PHI
  • consent and authorization requirements
  • notice of privacy practices
  • and much more.

There are also a number of forms and notices that should be included in your HIPAA compliance manual such as:

  • Notice of Privacy Practices
  • Patient Acknowledgement/Receipt of the Notice
  • Business Associate Agreement
  • Consent Form
  • Authorization Form

Training New Employees on HIPAA

Much of the training you do with a new employee involves simply reviewing your practice's manuals (e.g., the employee handbook and office procedures manual), but HIPAA training involves more than those basics.

HIPAA regulations include the following staff requirements:

  • Training for all current and future staff on the HIPAA policies and procedures.
  • Proof of the training - documenting what was included in the training and the date it was completed.
  • Acknowledgement of review of your practice's HIPAA compliance policies and procedures. This is a form signed by employees that states they are aware of those policies and procedures.

HIPAA Resources

For valuable information, visit the official HIPAA website.

HIPAA compliance training is offered to members of the National Business Association for Chiropractors (NBAC) at a discounted rate. For more information, visit www.nbac.com.


The information in the NCMIC Learning Center is offered solely for general information and educational purposes. It is not offered as, nor does it represent, legal or professional advice. Neither does this information constitute a guideline, practice parameter or standard of care. You should not act or rely upon this information without seeking the advice of an attorney familiar with the specific legal requirements of the state(s) in which you practice. If there is a discrepancy between the site and an insurance policy you have with NCMIC, the policy will prevail.