Compliance Training Script

# [Regulation/Policy Name] Compliance Training

## Why This Matters
[Brief explanation of why this compliance topic is important]
Non-compliance can result in: [Consequences]

## Who Must Complete This Training
- [Role/department 1]
- [Role/department 2]
- [Role/department 3]

## Key Requirements

### Requirement 1: [Name]
What it means: [Explanation]
What you must do: [Specific action]
Example: [Real-world example]

### Requirement 2: [Name]
What it means: [Explanation]
What you must do: [Specific action]
Example: [Real-world example]

### Requirement 3: [Name]
What it means: [Explanation]
What you must do: [Specific action]
Example: [Real-world example]

## Common Violations to Avoid
- [Violation 1]: [Why it's a problem]
- [Violation 2]: [Why it's a problem]
- [Violation 3]: [Why it's a problem]

## Scenarios

### Scenario 1
Situation: [Describe situation]
Correct response: [What to do]
Why: [Explanation]

### Scenario 2
Situation: [Describe situation]
Correct response: [What to do]
Why: [Explanation]

## Reporting Concerns
If you see a violation:
1. [First step]
2. [Second step]
3. [Third step]

Contact: [Who to contact]
Anonymous reporting: [How to report anonymously]

## Key Takeaways
- [Takeaway 1]
- [Takeaway 2]
- [Takeaway 3]

## Acknowledgment
By completing this training, you confirm that you understand [regulation/policy name] and will comply with all requirements.

Filled Example: HIPAA Training

# HIPAA Compliance Training

## Why This Matters
Protecting patient health information is not just a legal requirement—it's essential for maintaining trust in healthcare.
Non-compliance can result in: Fines up to $1.5M per year, criminal charges, job termination, and harm to patients.

## Who Must Complete This Training
- All healthcare providers and staff
- Administrative personnel with access to patient records
- IT staff managing healthcare systems
- Third-party vendors with access to PHI

## Key Requirements

### Requirement 1: Protected Health Information (PHI)
What it means: Any information that can identify a patient and relates to their health condition, treatment, or payment.
What you must do: Never share PHI without proper authorization or a valid need-to-know basis.
Example: A patient's name combined with their diagnosis is PHI and must be protected.

### Requirement 2: Minimum Necessary Standard
What it means: Only access or share the minimum amount of PHI needed to do your job.
What you must do: Request only the specific information you need, not entire records.
Example: If verifying an appointment, you only need the date and time, not the full medical history.

### Requirement 3: Secure Handling
What it means: PHI must be protected whether it's electronic, paper, or verbal.
What you must do: Lock screens, secure papers, and speak quietly in public areas.
Example: Never leave patient charts visible on your desk when stepping away.

## Common Violations to Avoid
- Sharing passwords: Each person must have their own login credentials
- Discussing patients in public: Elevators, cafeterias, and hallways are not private
- Leaving records unsecured: Paper and digital records must be locked/encrypted

## Scenarios

### Scenario 1
Situation: A patient's family member calls asking for test results.
Correct response: Verify the caller is authorized to receive information before sharing anything.
Why: Family members aren't automatically authorized to receive PHI without patient consent.

### Scenario 2
Situation: You receive an email with patient information sent to the wrong person.
Correct response: Immediately report to your Privacy Officer and do not forward the email.
Why: Misdirected PHI is a breach that must be documented and addressed.

## Reporting Concerns
If you see a violation:
1. Document what you observed (who, what, when, where)
2. Report to your supervisor or Privacy Officer within 24 hours
3. Follow up if you don't receive confirmation of receipt

Contact: Privacy Officer at privacy@hospital.org or ext. 5555
Anonymous reporting: compliance-hotline.com/hospital or call 1-800-555-0123

## Key Takeaways
- PHI includes any identifiable patient information—treat it like your own personal data
- Only access what you need to do your job
- Report violations immediately—early reporting reduces harm

## Acknowledgment
By completing this training, you confirm that you understand HIPAA regulations and will comply with all requirements for protecting patient health information.