Q: My brother claims he read in his dentist's HIPAA statement that information was disclosed to CIA and other government agencies. I suspect that his dentist was editorializing, but wanted to check. Could you explain what should be included in a HIPAA statement that should be in physician/dentist offices? Can you direct me to the official statement?
The HIPAA Security Rule preamble reinforces training "criticality" and restates the standard, "We require training of the workforce as reasonable and appropriate to carry out their functions in the facility." Security training is essential.