skip to main content

January 23, 2019

By: Susan E. Ziel and Stacy Walton Long

In furtherance of the many safeguards, both the HIPAA Privacy regulations, 45 CFR 164.530(b)(1), and the HIPAA Security regulations, 45 CFR 164.308(a)(5), require orientation and ongoing training programs for the Workforce. 45 CFR 160.103 defines “Workforce” to include all employees, volunteers, trainees, and other persons whose conduct is under the direct control of the particular entity, whether or not paid.  Therefore, HIPAA Covered Entities and Business Associates should implement training programs for all of their “representatives,” including board members. 

To provide a meaningful introduction to the many training program specifications set forth in the HIPAA Privacy and Security regulations, board members of Covered Entities may welcome a “HIPAA Top Ten” overview – at the 10,000 foot view – that sets the stage for the HIPAA Privacy and Security policy review that typically follows.  

As HIPAA Covered Entities and Business Associates update their training materials for the new year, we offer our readers this “HIPAA Top Ten” overview for use as part of upcoming board orientation or annual training programs.   We are also  available to assist in planning and presenting these programs, whether in person or through the use of virtual meeting technology, during a regularly scheduled board meeting.  Feel free to use the attached training materials in your 2019 training programs. Happy New Year.