How will employees in the medical office have to be trained regarding privacy(for example, who is responsible for training and record keeping)?
What is required if an employee doesn't follow the privacy policy? When must employees be trained? In what manner?