If you work for an organization and your role touches PHI in some way or even has the potential of touching PHI, then you should receive training specific to HIPAA and your organization’s policies and procedures.
At a minimum, HIPAA requires training in two buckets:
All training needs to be documented.
Practicing the bare minimum checks the box on HIPAA training requirements but it is unlikely to be successful at ensuring employees understand and follow privacy policies and procedures. Since following policies and procedures is an essential part of passing audits, ensuring employees comprehend privacy policies is essential. The best way to do that is to through continuous training and exposure to relevant content.
HIPAA prescribes bare minimum training requirements for privacy and security but doing the bare minimum won’t lead to following policies and procedures.
