Staff training (HIPAA security standards)

October 8, 2004

Do the security standards require that I conduct staff training?

Q:

Do the security standards require that I conduct staff training?

A: Yes. First identify who in your office has access to electronic medical information. For these staff members, conduct a training session in which you discuss the HIPAA standards, identify your security policies and procedures, and address such issues as password management and use, recognizing viruses, and reporting security breaches. Training should be updated regularly and the date and content of each session should be documented.