All members of a covered entity’s workforce are required to receive training in the dental practice’s policies and procedures required under HIPAA Privacy, Security, and Breach Notification. Train new workforce members within a reasonable time after they join the workforce. If someone’s job is affected by a change in your HIPAA policies or procedures, provide training on the change within a reasonable time after the change becomes effective. In addition, periodic re-training and training updates can help ensure compliance and reduce the likelihood of a breach. The frequency of such training is up to the individual dental practice to determine, but training should be ongoing and timely, with updates, notices, and reminders issued in a manner that reduces risks associated with existing and newly identified threats. An annual training session may or may not be appropriate, depending on your Security Official’s ongoing risk analysis and training objectives identified by your Privacy Official.
