Maintain awareness of laws and regulations, keeping abreast of current changes that may affect health care systems through seminars, training programs, peer contact, and self-education.
Organizations should augment privacy training for all individuals with creative methods that promote ongoing awareness of privacy and security responsibilities (e.g. mouse pads, placards, weekly tips). Privacy awareness programs usually focus on and enforce broad topics, such as how to identify new risks, how to mitigate privacy risks, and how and when to report privacy incidents. Awareness programs can also be interactive and thematic in order to generate employee interest. For example, organizations can hold privacy weeks or campaigns where employee activities are centered on a relevant privacy theme (e.g., securing PII) and employees engage in activities related to the privacy theme. Awareness training can even include periodic broadcast messages or emails reminding employees of an organization’s privacy policies, addressing a recent incident, or informing employees of a recent change in law that affects privacy.