25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

More Than 50% of Healthcare Employees Fail a HIPAA Assessment, New Data Reveals

Posted By on Oct 27, 2024

Businesses in the healthcare sector have a responsibility to minimise the risks of HIPAA violations, for the sake of their patients, staff and the organization as a whole.

One way in which organizations can mitigate internal breaches is by ensuring that staff receive regular HIPAA training. However the number of internal breaches recorded each year would suggest that more needs to be done to ensure employees are HIPAA compliant.

To investigate the standards of HIPAA training in the healthcare sector, The HIPAA Journal researchers have examined HIPAA assessment fail rates, the percentage of staff who have witnessed HIPAA violations, and how frequently training is being conducted in 2023.

How many employees working with PHI fail a HIPAA assessment?

More than half of employees working in the healthcare sector fail a HIPAA assessment.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The data suggests that more than 50% of staff working with PHI do not have a comprehensive understanding of HIPAA regulations, and therefore require more training.

More than half of employees working with PHI fail a HIPAA assessment

Which area of HIPAA training sees the highest fail rates?

During a HIPAA assessment in 2023, the most common areas of failure are:

  • HIPAA Violation Consequences – 66% fail rate
  • HIPAA and Social Media – 61% fail rate
  • Computer Safety Rules – 61% fail rate
  • HIPAA in Emergency Situations – 54% fail rate

“HIPAA Violation Consequences” was found to be the most common area of failure within HIPAA assessments.

Anyone working with PHI must be aware of the consequences of violating HIPAA standards, for many reasons. Primarily, a lack of understanding of the significant repercussions implies that the individual is unaware of the weight and importance of protecting PHI.

A HIPAA violation can have personal implications, which staff must be made aware of.

HIPAA Training Survey

How often do staff in the healthcare sector witness HIPAA violations?

More than two thirds (67%) of staff have witnessed a suspected HIPAA violation, according to The HIPAA Journal’s recent survey of 245 employees who work in the healthcare sector.

The most common types of HIPAA violations that staff believe they have witnessed were found to be:

  1. Failure to log off – 56%
  2. Unauthroised access – 49%
  3. Gossip – 43%
  4. Snooping – 41%
  5. Improper disposal of records – 39%
  6. Lack of employee training – 36%
  7. Sharing passwords – 34%
  8. Unauthroised release of records – 32%

Staff perception on HIPAA violations

Why do employees violate HIPAA regulations?

According to the survey data, employees believe that the main reasons that staff violate HIPAA are:

  1. Lack of knowledge – 35%
  2. Lack of care – 31%
  3. Lack of regular training – 14%

Although the data reflects staff opinions, it indicates that employees themselves are aware that HIPAA compliance standards are not where they should be, and many believe that infrequent training is a leading cause of HIPAA violations.

How often do staff receive HIPAA training?

The majority (74%) of staff receive training annually, according to the survey data. Providing training at least annually is considered to be best practice, however the aforementioned assessment fail rates indicate that organizations should be more proactive in assessing the need for more frequent internal training.

Out of the survey participants, one in ten did not receive HIPAA training within the first three months of their role. This is a legal requirement, according to The HIPAA Privacy Rule.

Similarly, 5% of staff in the healthcare sector only received HIPAA training once, which was when starting their job. Regular HIPAA training is key to ensure compliance standards are met.

How frequently do staff receive HIPAA training?

Summary

It is the responsibility of any organization in the healthcare sector, to ensure that staff receive regular HIPAA training. Regular training improves employees’ confidence and understanding of HIPAA regulations, in turn helping to minimise internal violations.

However, it appears that more regular HIPAA training needs to be undertaken in the healthcare sector, based on the high HIPAA assessment fail rates and staff reporting witnessing internal breaches.

Organizations should assess their staff to gain a comprehensive understanding of how well employees currently understand HIPAA, to ensure that they are providing training frequently enough for the needs of their workplace.

Methodology

Survey data was collected in October 2023, and reflects 245 participants who work in the healthcare sector.

View the full survey statistics here.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com