Back to Blog

What Does Compliance Training Look Like?

Image of Elizabeth Phillips
Elizabeth Phillips

It’s test day. You are sitting in class. (No this is not a dream; you are wearing clothes. Simmer down.) You pull out your blue book and your mind goes blank. You didn’t study. You may be dressed, but you will still fail. Compliance training is like studying. No one wants to do it. There are a million other things to do and places to be. But you’ll be glad you did it when you are tested.

Training should not be thought of as merely a box to be checked off for compliance. It is best to think of compliance training as an investment in protecting your clients, protecting your business reputation, and empowering your employees. An effective training protocol is one that not only addresses the information your employees need to know, but is tailor made for your business so that your employees digest the material in such a way that they are able to implement the lessons learned. This tailor-made approach to training also ensures that your staff can acknowledge the areas in which they are already excelling and identify their areas for growth.

Compliance training should include:

  • Identification of the rules, regulations, industry requirements, and areas of risk specific to the training required,

  • A qualified teacher/trainer – someone whose specialty or area of expertise is the based in the area of rule, regulation, or risk identified,

  • Training that includes all relevant employees (which usually is ALL OF THEM), and

  • A record of the training that includes the objectives, summary, and qualifications of the trainer.


CentraVance Consulting provides training programs to meet your needs. CentraVance offers initial training for new employees and annual training for staff to help ensure you meet the tenets of compliance rules. CentraVance’s team of experts can provide training in a face to face environment, as a live webinar from wherever you have computer access, or as a recorded training for access 24/7.


CentraVance has training protocols that meet most small business, medical, and dental compliance needs. CentraVance has training programs available in OSHA, Infection Control, Hazard Communication, HIPAA, and Information and Cyber Security Management.


OSHA training for the medical or dental practice should cover the tenets of the Bloodborne Pathogen Standard. This training helps entities understand their requirements to employee safety. This training is required within 10 days of hire for all new potentially exposed employees and, at least, annually.


Effective OSHA compliance training includes:

  • Definitions of blood borne pathogens,

  • Recognition of OSHA standards related to blood borne pathogens, workers who are at risk of exposure to blood borne pathogens, identification of key aspects of a Blood borne Pathogen Exposure Control Plan,

  • Identification of appropriate personal protective equipment (PPE) based on performed tasks,

  • A list of work practice and engineering controls in use by the practice,

  • A description of the steps to take when exposed to blood borne pathogens,

  • Identification of emergency plans of the practice, and

  • Identification of employer responsibilities related to compliance with OSHA standard.

Infection Control is about protecting both the patient and the employee. This training is an in-depth exploration of not just the tenets of Infection Control, but what medical and dental practices can do to help minimize the risk of exposure for their employees and the community at large. Ensuring employees are trained in the tenets of infection control helps reduce the likelihood of bad outcomes that can increase risk exposure for any practice.


Infection Control training should include:

  • A description of the chain of infection as it applies to infection prevention and control,

  • Explanation of methods to prevent the spread of infection,

  • A summary of the engineering, work practice and environmental controls that protect against healthcare-associated infections,

  • Identification of barriers and PPE for protection from exposure to potentially infectious material,

  • Discussion of efforts designed to minimize the risk of occupational exposures to infectious diseases,

  • Understanding of sterilization and disinfection protocols, and

  • Recognition of CDC guidelines for single and multiple use.

OSHA and Infection Control training is generally for clinical employees only, but sometimes those lines get blurred. It is a good idea for the front desk to have an idea of the tenets of infection control to help prevent patients who should delay treatment based on “X” infection from being seen, unless that condition is the purpose of the visit. For example, if a patient has fever blisters, he or she should not be seen for treatment in a dental practice. If the front desk understands that, they can help protect the clinical employees from confrontation and avoid upset patients.


Hazard Communication is another OSHA rule. It requires that employees are trained about the hazards they face in working with the various chemicals they encounter during their workday. 2013 saw a change to the Hazard Communication Standard, in which Global Harmonization became the new rule. Under that new legislation, all medical and dental practices were required to train all employees on the new changes to the Standard.


HIPAA training covers the major tenets of the Privacy and Security rule, and how both the employer and employee's play in a role in protecting patient information. HIPAA compliance training is required for anyone who handles personal health information (PHI). This includes doctors, dentists, hygienists, front desk personnel, etc. Anyone and everyone within a practice or organization is required to complete compliance training, regardless of the organization’s size. Both the large healthcare conglomerate and the country doctor with a pig for an admin must complete the training. Yes, even Wilber the pig needs training. He may be “some pig” but if he handles personal health information, he must be “some trained pig”.


The objectives of effective HIPAA compliance training should include:

  • A list of the components of the HIPAA Privacy Rule,

  • A list who and what is covered by the Privacy Rule,

  • A description of covered entities’ responsibilities under HIPAA,

  • A description of how Individuals’ Rights are protected under HIPAA,

  • A description of the rules about using and disclosing PHI,

  • Discussion of the Security Rule and good security practices,

  • Coverage of breach notification requirements, and

  • Recognition of the HIPAA penalty and enforcement provisions.


Information and Cyber Security Management training applies to ANY business. All industries gather data. Because of this, we must be aware of the risks to that data. We are no longer in the era of Bonnie and Clyde where bank robberies are in person and pose real risk to human life. Today, bank robberies, and other data siphoning crimes occur from the comfort of the bad actor’s home, someone's basement, or in a warehouse, and the bad actor can be anywhere in the world. Understanding the importance of what we protect and how are two very key pieces to this training. This training is for EVERYONE!


Information and Cyber Security Management training should include:

  • A demonstration of basic knowledge of cyber security, identify and implement best practices to protect privacy and safeguard Controlled Unclassified Information (CUI) and other sensitive data,

  • Recognition of cyber threats to information systems,

  • Identification of methods of mitigating insider threats to information systems,

  • Discussion of methods of mitigating outsider threats to information systems,

  • Identify and report potential cyber security and privacy incidents to the appropriate authority within the organization.

Thankfully, the team at CentraVance knows how to make this training bearable. This training can occur on site at your office, a library, or even a restaurant where you want to feed your staff. It truly doesn't matter. We will train you where you are, at whatever time best suits your needs. Furthermore, the team at CentraVance knows how to make sometimes dry subject matter bearable.


With more than 22 years of healthcare experience, CentraVance principal consultant, Angela Simmons is a Certified HIPAA Professional (CHPC) and a Certified Cyber Security Architect (CCSA). Angela’s clinical, managerial and teaching experience make her a great choice to provide employee safety and patient privacy training for CentraVance clients. Her experience in both the clinical and educational settings provides her the insight and ability to identify safety and privacy issues that can occur in both medical and dental offices. As part of ongoing education, Angela attends several courses and summits each year to ensure that she stays on top of compliance issues as they are happening. She and the CentraVance team are more than ready to provide your business and/or practice with the comprehensive compliance training it needs. Angela and the CentraVance team will help your small business be fully dressed and prepped for test day!

Related Posts

Security Does Not Equal Compliance

Image of Elizabeth Phillips
Elizabeth Phillips

In the past 30 years, the medical and dental worlds have changed drastically.  In fact,...

Read more

5 Steps Towards OSHA Compliance

Image of Elizabeth Phillips
Elizabeth Phillips

Let’s face it: for the healthcare worker in a medical or dental office, the risk of exposure to...

Read more