NRPM: Standards for Privacy of Individually Identifiable Health Information. 6. Training. (§164.518(b))


All members of covered entities’ workforces who have contact with protected health information would be required to have some sort of privacy training about the entity’s policies and procedures and to sign a certificate indicating that they had such training. For a small entity, this could simply mean the privacy official briefly discussing how they handle privacy concerns and going over the entity’s notice of information practices.