Resources
Straight to the point. Link out to primary sources.
What HIPAA actually requires
- Privacy Rule training: Train workforce on policies & procedures for PHI.
- Security awareness: Implement a security awareness and training program.
- Risk analysis: Conduct an organization‑wide Security Risk Analysis and address findings.
Primary sources: HHS.gov summaries for the Privacy Rule, Security Rule, Right of Access, and OCR guidance.
FAQs
What does HIPAA actually require for training?
Privacy Rule requires training on your policies and procedures for PHI. Security Rule requires a security awareness and training program.
Do I need a Security Risk Analysis (SRA)?
Yes. Conduct an SRA and review it periodically, especially after major changes.