Frequently Asked Questions

What are the training requirements for the Indiana University School of Medicine?
Do I have to take both Security and Privacy Training?
How is this documented? Will there be proof on record that I've completed training?
Can I take HIPAA Privacy and Security Training online?
Can I take the annual compliance training online?
How many days do I have to complete my New Employee Compliance Orientation Training?
If I am not a new employee and I have not completed my annual compliance or HIPAA training, what should I do?
How do I prove that I've taken my Compliance Training?
What does the Compliance Office do?
Who do I contact if I have a Compliance issue or complaint?
Can anyone retaliate if I file a complaint?
How do I schedule New Employee Compliance training?
What if I've forgotten my password?
Who can I talk to regarding research and a Data Use Agreement (DUA) 15 language?
What is the audit process?
How do I set up training for my department?
How do I get information on student shadowing?
Who is my Compliance Officer?

Q: What are the training requirements for the Indiana University School of Medicine?

A: There are several requirements depending on your status.

All new employees (faculty, staff, part-time etc.) must attend New Employee Compliance Orientation (NECO).
All employees have to complete HIPAA Privacy and Security training (a one time requirement). As a new employee, you will receive this training at NECO.
All medical students must complete HIPAA privacy and security training. This training can be completed online, the information is provided by Medical Student Affairs.
All residents must complete HIPAA privacy and security training. This can be completed through VA Hospital. IUSM will accept VA's training to meet this requirement.
All faculty members must complete one (1) hour of compliance training annually.
All non-physician staff members who render billable services and billing and coding staff must complete one (1) hour of compliance training annually.

Q: Do I have to take both Security and Privacy Training?

A: Yes, BOTH Privacy and Security training must be taken by all new employees, medical students, residents, fellows and faculty. This is a one time requirement.

Q: How is this documented? Will there be proof on record that I've
completed training?

A:
Medical Students
A list of the medical students that have completed training online will be sent to the Medical Student Affairs Office.

New Employees and Faculty
Although the Office of Compliance Services does not track HIPAA training, if taken as part of the New Employee Compliance Orientation, a yellow copy of the attendance sheet will be provided to your department administrator to keep on file. Any training obtained through other sources will require the individual to provide proof of attendance to your department.

Residents and Fellows
HIPAA Privacy & Security training is completed through the program at VA.

Q: Can I take HIPAA Privacy and Security Training online?

A: Medical Students may take their HIPAA Privacy and Security training online

Q: Can I take the annual compliance training online?

A: Faculty members may take their annual compliance training online. There are ten (10) modules that can be completed; you need to complete three (3) modules for one (1) hour of training.

Q: How many days do I have to complete my New Employee Compliance Orientation Training?

A: You have 120 days after your hire date to complete NECO training.

Q: If I am not a new employee and I have not completed my annual compliance or HIPAA training, what should I do?

A: You may still sign up for one of our NECO sessions to fulfill your requirements. If you are a faculty member, you may also complete your annual Compliance training online (3 modules= 1 hour) or a scheduled training session with your department. Other ways include attending a compliance session during a conference or participating in a Compliance Committee meeting as a member. HIPAA Security training ONLY is available on DVD or via video stream, and both Clarian and the VA offer BOTH Privacy and Security HIPAA training to fulfill your requirement.

Q: How do I prove that I've taken my Compliance Training?

A: If you attended our New Employee Compliance Orientation, an attendance sheet will be kept on record for you here in our office, as well as with your department administrator. The OCS will also track the faculty members who have attended training conducted by the OCS personally or via OCS online training. The OCS will send a report monthly to your department administrator, reflecting the online training completed by faculty. Any training obtained through other sources will require the individual to provide materials and verification of attendance to the department administrator.

Q: What does the Compliance Office do?

A: One of the major responsibilities of the Office of Compliance Services is the annual audit of provider documentation. The goal of this program is to ensure the appropriate documentation, coding and billing of professional services in accordance with regulatory requirements. We are available to answer questions related to compliance as well as offer department specific training.

We are involved in HIPAA training for IUSM that is intended to educate and encourage compliance with the Privacy and Security protections of the Health Insurance Portability and Accountability Act of 1996.

The Office of Compliance Services also provides assistance to the IUSM research community as it relates to HIPAA Privacy and Security, 21 CFR Part 11 and other regulatory matters.

Q: Who do I contact if I have a Compliance issue or complaint?

A: You can fill out a form on our Web site under "Inquiries and Complaints". This method ensures that you remain completely anonymous and no information other than what you provide will be sent to our office. You may also choose to call our Confidential Compliance Notification Line at (877)526-6759 which is available 24 hours a day. Or you may reach us at the office at (317) 278-4891 during office hours.

Can anyone retaliate if I file a complaint?

No. As long as you are reporting actual or suspected violations of IUSM policies, regulation or the law, everything will be done to handle your complaint with the utmost integrity and confidentiality.

How do I schedule New Employee Compliance training?

Training is offered the 3rd Tuesday of every month from 8:30 am to 11:30 am. You can sign up for this training online under our "New Employee" tab, or you may contact our office at (317) 278-4893 to schedule training.

Q: What if I've forgotten my password?

A: If you have forgotten your password, you can contact our office and we will be able to help you retrieve it.

Q: Who can I talk to regarding research and a Data Use Agreement (DUA) 15 language?

A: You can call to or email our Compliance and Privacy Officer, Marcia Gonzales. (Office number: (317) 278-4891 or Email Address: marcgonz AT iupui.edu.)

Q: What is the audit process?

A: Our new audit process begins with a desk audit in which our OCS auditors examine each department, categorizing providers into High, Moderate or Low Priority. (This has already been completed for the 2005-2006 calendar year.) High risk audits are in process and should be completed in 2005. For a more detailed review of the audit process, please see Desk Audit Process and Chart Audit Process links under Auditing on our website.

Q: How do I set up training for my department?

A: Please contact our Office Coordinator, Michelle Killosky, at 278-4891.

Q: How do I get information on student shadowing?

A: You can find student shadowing information on our Web site under the Faculty and Staff tabs. The HIPAA column contains a link titled "Shadowing/Preceptorships". A HIPAA Confidentiality Statement and IUSM's Policy for Student Shadowing are both located here.

Q: Who is my Compliance Officer?

A: Contact your administrator to find out who the Compliance Officer for your department is.

Information for:

Frequently Asked Questions