HIPAA's final Privacy Rule and Security Rule independently address training requirements. Like the majority of the standards, the training requirements are non-prescriptive, giving organizations flexibility in their implementation. Both rules require that CEs provide ongoing training to both new and existing employees to ensure that all employees understand both the importance of protecting PHI and the means by which they must do so.
Well-trained and aware employees are key to ensuring the protection of PHI, obviously the focus of the training that the employees receive under each of these rules have a different focus and content that is complimentary
Both rules recognize the need for ongoing training to ensure that all employees are kept up to date with changing requirements and are kept reminded of existing security and privacy requirements