05/03/2007

Table of Contents
1. Project description
2. Situation/context of the project
2.1 Problem description
2.2 The current HIPAA and ISU policies training
3. Problem(s) addressed
3.1 Needs analysis
3.2 Findings from the interview
4. Proposal
5. Course of actions
6. Reflections
7. Future Recommendations
Appendixes
Project contract
Interview questions
Final compilation of case studies for TSHC
Acknowledgement Letter
Closing letter
10
10
11
11
4
5
8
9
13
14
15
16
3
3
4
3
3
2

1. Project description
This project is about developing an online training on Health Insurance Portability and Accountability Act (HIPAA) and ISU Health Information Privacy and Security Policy for the new employees at the Thomas B. Thielen Student
Health Center (TSHC), Iowa State University, Ames, IA.
The main purpose of the training is to provide the employees, especially the new employees at the Center, with the necessary information to protect patients’ personal health care and financial information according to HIPAA and
ISU policies.
2. Situation/context of the project
2.1 Problem description
Previously, the Health Insurance Portability and Accountability Act (HIPAA) and ISU Health Information Privacy and
Security Policy training were conducted by our primary contact, Ms. PMC on one-to-one and face-to-face basis with the Center’s new employees as part of 3 series of training (The other 2 trainings are Safety Issues in
Healthcare Environment and Handling Patients’ Complaints). Each of these training sessions takes between 30 to
50 minutes depending on the employees’ previous background working in healthcare environment, their work needs and positions in the center. The training must be conducted within the first 5 days of employment date and before the employees have direct contact with the patients.
2.2 The current HIPAA and ISU policies training
The HIPAA and ISU policies training, which is the main focus of this project, is the most important and most challenging training experienced by the client due to several reasons:
1.
frequent changes in HIPAA policies
Under the law, every person working in the healthcare environment needs to follow and apply the HIPAA policies in their everyday task. Since the HIPAA requirements changes frequently, it is difficult to keep pace of the current HIPAA policies. In addition, there is no standardized content on HIPAA policies, which made it difficult to be explained for employees who work at different sections in the Center.
2.
no specialized HIPAA training
Since there is no standardized content of the HIPAA policies, the client had difficulties to train each new employee at the Center according to their specific sections. For instance, HIPAA training for clerical tasks will be different from the medical record people. Thus the client ended up with applying general HIPAA policies that will apply to all of the sections in the Center.
3.
employees’ prior knowledge on HIPAA
Employees’ prior knowledge on HIPAA is another challenge for the client. An employee with prior knowledge on HIPAA and has experience working in healthcare environment will not need to be trained so much on
HIPAA policies, thus the client will concentrate more on training him/her in ISU policies compliant with the
HIPAA policies. However, for an employee who has no prior knowledge on HIPAA and does not has prior experience working in healthcare environment, the training will take more time as the client needs to explain
3

both HIPAA and ISU policies.
4.
no further references
Our needs analysis with the new employees on HIPAA and ISU policies also revealed that there are lack opportunities for them to refresh their HIPAA and ISU policies after the training. Even though printed manuals are provided in the Center for references, they seldom use it. Instead, most prefer to update their knowledge on HIPAA based on mouth-to-mouth approach, i.e. asking from someone who has more experienced in the section for guidance if they need help on something related to patients’ privacy issues.
3. Problem(s) addressed
3.1 Needs analysis
To better understand the client’s and her employees’ needs, we have conducted 2 types of needs assessment: a.
Client’s needs assessment
2 meetings were arranged between us and the client. The first meeting was to explore the scope of the project which was also attended by Vanessa Preast, our primary instructor of this project. During the second meeting, we attended and recorded an actual HIPAA and ISU policies training session conducted by our client with one of the Center’s new employees. The second meeting was really helpful to help understand the not only the scope of the project but also the challenges that the client face in her everyday training. b.
Employees’ needs assessment
Based on our client’s suggestions, we contacted 6 newly employed employees who had gone through the training on HIPAA and ISU policies conducted by our client. 4 of the interviewees are in the administrative positions at various sections of the Center, 1 is a clerk working with the Center’s Directors and 1 is a
10-hour working student who is assigned to work at the Medical Records section. All of them have prior knowledge on HIPAA policies and had previous experience working in healthcare environment.
2 focus group and 1 individual interview sessions were conducted with the center’s new employees on Feb.
23 rd , 26 th and 27 th at the Center. The purpose of these interviews was to understand the effectiveness of the training conducted by our client from the employees’ perspectives and to solicit feedback on how we can better address their needs. The interview questions are attached.
Focus group methods was selected to conduct the interviews with the employees due to the fact that this method triggers opinions of each participant as we saw in our interview sessions, thus lead more effective and valuable information regarding with the needs and interests of different people in the sessions. In addition, the way of interviewing 2 or 3 people together helped both us and the employees save time.
3.2 Findings from the interview
The initial findings revealed valuable information and suggestions that are critical in helping us to develop the online training as stated in the Proposal section. Table 1 shows some key points acquired from the analysis of interview sessions with the employees.
4

Current job and roles
Table 1: Interview sessions
Previous training on
HIPAA &ISU privacy policy
Suggestions to improve online training
Learning preferences
Session 1 : Marlene, Pat and Mary
Date : Friday Feb 23, 2007 at TSHC
Marlene
•
Started to work one month ago
•
Medical records supervisor
•
Applying HIPAA guidelines for medical records
•
Transcribing health history and immunization information of the patients
•
Interviewing, hiring the team of medical records
•
Enforcing safety and HIPAA guidelines in medical records
•
Do not have a direct contact with the patients
•
Worked 3 years in a physician office
•
Worked with
HIPAA regulations and ISU privacy policy
(student ID,
Social security number etc.)
•
Remembered more things about the training because of taking the training a few weeks ago
•
Training was appropriate her work needs
•
Learned most of the things about HIPAA and ISU policy by experience
•
Training expectations were met (the training was very through)
•
Questions-an swers (FAQ)
•
Brief quiz at the end of the training to show what and how you understand
•
Bring additional questions to the current trainer can be helpful
(blended approach)
•
Comfortable with using computer
•
Have internet access at home
•
Checking out
CD takes more time, online is preferable
•
Online tour on the web site can be interesting
5

Pat
Mary
•
Started to work 9 months ago
•
Administrative assistant
•
Being the front desk for the administer, taking care of his calendar
•
Hiring a new employee
(human resources functions)
•
Doing paper work for the advertising press
•
Do not have a direct contact with patients (do not handle students’ records)
•
Started to work 6 weeks ago (early
January)
•
Worked 3 years as a clerk in an emergency hospital
•
Well know about HIPAA because of her experience in
ISU for ten years
•
Did not get a comprehensiv e training due to her position in the center
(training was specific to the position of the people in the center)
•
Could not recall anything specific about the previous training
•
Different policies and procedures should be available online in case you forget the information
•
Found current training very clear, got a good understanding
•
Can ask another person if she does not remember a policy or procedure
•
Not linear but provide a flexible navigation
•
Online checklist showing what you done
•
Printing the sign form
•
Audio+visual can be really helpful
•
10 question post test
•
Printing the certification at the end of the training
•
Comfortable with using computer
•
Have internet access at home
•
Do not know the benefits of using which system
•
The online training should be towards employees
(temporary passwords to access the training)
Session 2 : Ray Rodriguez & Lori
Date : Monday Feb 26, 2007 at TSHC
6

Ray
•
Started: 7 month ago
•
Health co-coordinator
(administrative)
•
Conduct workshops and training
(education) eg.
Stress management, drug, fitness etc
Lori
Session 3 : Megan
Date : Tuesday Feb 27, 2007 at TSHC
Megan
4. Proposal
To help overcome the problems presented above, we proposed the development of an online training module specifically for the Health Insurance Portability and Accountability Act (HIPAA) and ISU Health Information Privacy and Security Policy for the new employees.
The proposed online training will have specific features that will eliminate, or at least to minimize, the current problems that the client is experiencing. The suggested features are: c.
Online-based training – our needs analysis revealed that online module is more preferable than any other types of training, for instance, print-based materials and CD. The interviewees stressed that online module will enable them to access the training at anytime at anywhere at their own convenient. It will also provide the employees with an effective way to recall the information they forget or need later.
d.
Interactive elements – Our needs analysis also suggested that the online training to include interactive elements such as videos, audios and animations to be included, not only to motivate the employees to take the training but also to help them better understand how HIPAA and ISU policies looks like in real life situations.
For instance, the employee needs to they can not leave the patients’ files on their desks at anytime during the working hours to avoid other patients and staff looking at it, even accidentally. e.
Online quizzes – Since learning about policies and regulations could be long and tiresome, we decided to include short quizzes in the online training. This element is needed not only to test the employees’ understanding on the content, but also to ‘wake them up’. f.
Breaking down the modules – Based on the needs analysis, we plan to break down the training modules into sub-modules. Each sub-module will take only 20 to 30 minutes time for motivational
7

and easiness purposes, especially for employees who would like to take the training during their lunch break.
5. Course of actions
We plan to conduct the needs assessment, design and development works, and usability testing within this timeline:
Activity Start Date End Date
1.
2.
identify client’s needs (Needs assessment) conduct needs analysis (Needs assessment)
3.
design content and online module
(Design and development)
4.
develop the prototype of the online module
(Design and development)
5.
pilot test and revise the module (usability testing)
6.
disseminate the online module
29 Jan 2007
5 Feb 2007
26 Feb 2007
19 March 2007 9 April 2007
9 April 2007
23 April 2007
5 Feb 2007
26 Feb 2007
19 March 2007
23 April 2007
3 May 2007
6. Reflections
Based on our experience working with the client in specific and with the Center in general, we found out that they are cooperative and attended to our needs as much as they can. Thus, our relationship with the client was smooth.
The client was helpful and cooperative, shared materials and eager to help.
there was a time when we did not get response from the client.. it turned out that she was sick at the time
we learned that we need to employ other methods of communication other than e-mails including phone calls
In addition, it is clear to see that many employees in the center has positive thoughts about online training and find it effective in learning. They also mentioned a special need and interest to take the training online in order to get necessary information and skills to combat such an important issue in their workplaces.
7. Future Recommendations
Accompanying these findings is a set of recommendations to improve the effectiveness of the online training.
1.
An online quiz can be added not only to test the employees’ understanding on the content, but also to ‘wake them up’.
2.
The development of “Test” and “FAQs” sections can be another mini-project by itself.
3.
Site navigation:
I.
An presentation to orient the employees (can also be put on TSHC website)
II.
A help button can be added with some text explaining the structure of the website with suggestions
8

about navigation through the website.
9

APPENDIXES
1.
Contract with the client
Overview
The Thomas B. Thielen Student Health Center (TSHC) wants to implement online training on Health Insurance
Portability and Accountability Act (HIPAA) and ISU Health Information Privacy and Security Policy for the new employees. This training is intended to educate the employees on their responsibilities to protect patients’ personal health care and financial information according to HIPAA and ISU policies and will be carried out within five working days of their first day of employment.
This contract constitutes an agreement between Ms Penni McKinley and Ms Yasemin Demiraslan and Farrah
Yusop regarding the development of the ‘Handling Patients’ Privacy and Security Issues’ module of this training program. This document will serve as a reference point for discussion about the project and will set forth the expectations of both the client and the consultant. The contract is meant to be a continuously negotiated document that sets the groundwork for the project, and not a rigid set of guidelines that cannot be modified.
Personnel
The client for the project is Penni McKinley, the Quality Improvement Coordinator for the Thomas B. Thielen
Student Health Center. She is currently the trainer of the face-to-face orientation for the ‘Handling Patients’ Privacy and Security’ training program.
The consultanst are Yasemin Demiraslan and Farrah Yusop, PhD students from Curriculum and Instructional
Technology Department of Iowa State University. This project is undertaken by the consultants to fulfill the requirements of the CI 603 – Advanced Instructional Systems Design course. Yasemin and Farrah will work with
Penni during the course duration spanning 29 January 2007 to April 26.
Goal
To develop an online training module on the ‘Handling Patients’ Privacy and Security Issues’ for the TSHC new employees.
Objectives
1.
To identify learners’ needs
2.
To identify learning objectives of the training
3.
To analyze and scope the content of the training
4.
To develop the online training
5.
To pilot test the online training
Expectations and tasks
The client expects the consultants to: a.
Provide expert advice regarding the use of instructional methods and strategies b.
Manage the instructional product development process c.
Share problems and concerns about the project with the client d.
Adhere to agreed project deadlines, unless negotiated otherwise
The consultants expect the client to: a.
Work collaboratively with the consultants for the project b.
Share problems and concerns about the project with the consultants c.
Provide content expertise and appropriate learning materials for the project d.
Locate resources (inclusive of human, financial, material) necessary for the project e.
Adhere to agreed project deadlines, unless negotiated otherwise
Resources
10

The client will provide:
 materials for the online training
 resources for data collection and disseminating the online training
The consultants will provide:
 data on the requirements of the online training
 expertise in the instructional design of the online training
Work Schedule
Activity
7.
identify client’s needs
8.
conduct needs analysis
9.
design content and online module
10.
develop the prototype of the online module
11.
pilot test and revise the module
12.
disseminate the online module
Start Date
29 Jan 2007
5 Feb 2007
26 Feb 2007
End Date
5 Feb 2007
26 Feb 2007
19 March 2007
19 March 2007 9 April 2007
9 April 2007 23 April 2007
23 April 2007 3 May 2007
Renegotiation
Any part of this agreement may be revised at any time by mutual consent.
11

2. Interview questions
1.
Demographic background a.
Can you briefly describe your current job and roles in this center? b.
previous knowledge on HIPAA & ISU privacy policy
•
Did you ever heard about Health Insurance Portability and Accountability Act (HIPAA)?
What do you know about it?
•
How does it relate to your job?
2.
Training a.
previous training on HIPAA & ISU privacy policy
• have you taken the training? Where and when?
b.
Training expectations
•
What were your expectations? Did the training meet your expectations?
•
What do you know now about protecting privacy of health information that you wish you knew at the time of training?
•
What was particularly helpful about the training you received?
3. Suggestion to improve training
We are developing new online training about protecting privacy of health information.
•
What advice would you give us to make this training more effective and enjoyable for trainees?
4.
Learning preferences
•
Are you comfortable using computers?
•
Do you have access to computer and internet?
•
If you were given options to take the training online, print-based, CD which one would you prefer? Why?
5. Could you write one or two questions about protecting privacy of health information that you really want to learn the answers?
12

3. Final Compilation of case studies for TSHC
Module Case
2.2
PHI basics
I work in the TSHC Medical Record section. A friend of mine who works in the Yellow Pod section told me that she just saw her
ISU Teaching Assistant get on to the TSHC. My friend is curious about this person. She read in the Iowa State Daily paper that the
TA has cancer. My friend asked me if I could find out the TA’s medical records and show it to her.
2.3
PHI use and disclosure
2.2.c
Disclosing
PHI to family & friends
(Adapted from University of California, San Diego’s Department of Psychiatry at http://psychiatry.ucsd.edu/forms/HIPAA%20Mandatory%20Trainin g.pdf
)
Passing through a check-in area, Nurse Betty overhears Adam, the clinic check-in clerk telling a patient on the phone that he needs a follow-up appointment because his HIV test just came back positive. She notices waiting patients are listening intently to the phone conversation.
(Adapted from UNC School of Medicine at http://www.med.unc.edu/ois/hipaa/training/genprivacy_mod1/slide
15.html
)
Joe McCleod, who is a junior, was seen by a doctor at the TSHC for treatment of a broken leg. He is 19 years old.
Unable to learn what is happening with their son, Mr. & Mrs.
McCleod ask their friend, Betty, who works in the Business
Office, to review Joe's records. Betty reviews the records and informs Joe's parents that Joe broke his leg in two places after he fell over the curb coming out of the bars.
What we need from TSHC
•
2 people from the
Medical record section:
•
Talking to each other
•
1 person will act thinking of something
•
1 person will looking at the camera and puzzle
•
1 person from the front desk (talking on the phone)
•
1 nurse (passing by the desk)
•
2-3 people waiting in the waiting areas
•
1 woman (as the mom)
•
1 man (as the dad)
•
1 doctor (reading the patient’s record to the couple)
(Adapted from UNC School of Medicine at http://www.med.unc.edu/ois/hipaa/training/genprivacy_mod1/slide
12.html
)
3.2
Securing
PHI on your computer workstation
A physician leaves his tablet which is open to a patient’s visit notes, on the counter of the back lobby. The laptop did not have a automatic screen saver set. As the physician is on the phone, looking away the patient intentionally looks at the information on the laptop.
(Adapted from UNC School of Medicine at http://www.med.unc.edu/ois/hipaa/training/gensecurity_mod2/slid e21.html
)
•
1 person (using his/her laptop at
TSHC)
•
Back lobby counter
4. Acknowledgement Letter
May 4, 2007
Farrah Dina Yusop
Yasemin Demiraslan
Center for Technology in Learning and Teaching
N031 Lagomarcino Hall
Iowa State University
Ames, Iowa 50010
13

Re: Online training on the Health Insurance Portability and Accountability Act (HIPAA) and Iowa State
University (ISU) Privacy Policy for Thielen Student Health Center (TSHC)
On behalf of Thielen Student Health Center (TSHC) at Iowa State University (ISU) I would like to thank both of you for designing and developing an online training on Health Insurance Portability and Accountability Act (HIPAA) and ISU
Privacy Policy for our new and current employees.
The online training you designed and developed is very helpful to introduce our new employees to the HIPAA Privacy
Policy, a federal law that requires every healthcare personnel to protect patients’ personal health information and how
TSHC acts in accordance with the law. At the same time it also functions as a refreshing reference for our current employees. This is the first time that an online training on HIPAA and ISU Privacy Policy has ever been developed specifically for TSHC employees. The online training was very well done and we compliment you on its professional presentation.
I appreciate the time and effort you spent assisting our organization. I also appreciated the opportunity to get to know both of you. We look forward to future collaborations.
Sincerely,
Penni McKinley, RN, BA
Quality Improvement Coordinator
Iowa State University
2260 Thielen Student Health Center
Ames, IA 50011-2260
515.294.1059 (Work)
515.294.5457 (Fax)
14

5. Closing Letter
04/03/2007
Yasemin Demiraslan
Farrah Dina Yusop
Center for Technology in Learning and Teaching
N031 Lagomarcino Hall
Iowa State University
Ames, Iowa 50010
Penni McKinley, RN, BA
Quality Improvement Coordinator
Iowa State University
2260 Thielen Student Health Center
Ames, IA 50011-2260
Phone:15152941059 (work)
Fax:15152945457 pmckinle@iastate.edu
Dear Ms. McKinley,
You have requested developing an online training on Health Insurance Portability and Accountability Act (HIPAA) and ISU
Health Information Privacy and Security Policy for the new employees at the Thomas B. Thielen Student Health Center
(TSHC). The main purpose of the training was to provide the employees, especially the new employees at the Center, with the necessary information to protect patients’ personal health care and financial information according to HIPAA and ISU policies.
The enclosed materials were designed and developed to meet the objectives of the project such as identifying learners’ needs, identifying learning objectives of the training, analyzing the scope and the content of the training, developing and pilot testing the online training.
The results of the interviews conducted with 6 newly employed employees revealed that online module is more preferable than any other types of training, for instance, print-based materials and CD. The interviewees stressed that online module will enable them to access the training at anytime at anywhere at their own convenient. Our needs analysis also suggested that the online training including interactive elements such as videos, audios and animations, not only to motivate the employees to take the training but also to help them better understand how HIPAA and ISU policies looks like in real life situations. In addition, based on the needs analysis, we planed to break down the training modules into sub-modules for motivational and easiness purposes.
These findings informed us in developing the online training which will eliminate, or at least to minimize, the current problems in HIPAA training that you are experiencing. Accompanying these findings is a set of recommendations to improve the effectiveness of the online training.
Please feel free to send us e-mail if you have any questions about these materials or if we can provide any additional information to assist you in the implementation process. You may reach us via e-mail. Our e-mail addresses are: yasemind@iastate.edu
, fdyusop@iastate.edu
Thank you for this opportunity and we will be looking forward to future collaborations.
15

Sincerely,
Yasemin Demiraslan Farrah Dina Yusop
16