logoalt Hacker News

vel0cityyesterday at 10:16 PM1 replyview on HN

> Anyone handling PII needs to be trained in HIPAA compliance

Anyone working at a covered entity needs HIPAA training. A random secretary working for some other random company unrelated to healthcare and isn't potentially a covered entity doesn't need it.

I originally took your comment as secretaries in general, but re-reading makes it more clear to me you're specifically talking about secretaries in a healthcare setting. In which case yes, they would be bound to the same HIPAA rules I agree.


Replies

munk-ayesterday at 10:53 PM

Sorry about that confusion! Yeah, I was going off the example in the linked article which is specifically for note-taking during a physio appointment.