PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

What Are the Requirements for HIPAA Training?

HIPAA Training Requirements - TeachPrivacy 01

HIPAA training is an specific requirement of HIPAA. HIPAA requires that covered entities (CEs) and business associates (BAs) provide HIPAA training to members of their workforce who handle protected health information (PHI).  This means administrative and clinical personnel need to be trained.  Business associates — and any of their subcontractors — must have training.  Basically, […]

Read More…

What Are the Requirements for CCPA Training?

What are the requirements for California Consumer Privacy Act (CCPA) training?  At Section 1798.135(a)(3), the CCPA requires that businesses “ensure that all individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with this title are informed of all requirements in Section 1798.120 and this section and how to direct […]

Read More…

What Should Privacy Awareness Training Include?

Privacy Awareness Training 01

Privacy awareness training educates an organization’s workforce about the way that the organization protects privacy and the workforce’s role in this endeavor. In this post, I explain what privacy awareness training should include. Privacy awareness training typically covers the following things: […]

Read More…

The Failure of HIPAA’s Right of Access

HIPAA Right to Access PHI - TeachPrivacy 02

One of the biggest sore spots in HIPAA compliance has been providing individuals with their right to access their medical records. In addition to the countless anecdotal accounts about the painful process of getting medical records, a recent study demonstrated just how far there is to go for providers to be in compliance.  More than […]

Read More…

Strategic Privacy by Design: An Interview with Jason Cronk

Privacy by design — or “Data Protection by Design” as it is referred to in the General Data Protection Regulation (GDPR) — is essential to meaningful privacy protection. Yet, it is often quite thin and incomplete. As I wrote a few years ago about privacy by design, “The ‘privacy’ the designers have in mind might be […]

Read More…