This document provides an overview of confidentiality and security training requirements under HIPAA. It defines protected health information as any patient information regarding their health status, care, or payments. The HIPAA Privacy Rule aims to protect the privacy of individually identifiable health information and requires covered entities to obtain patient consent before disclosing health information. The HIPAA Security Rule establishes standards for safeguarding electronic protected health information and defines different penalty levels for violations. All employees must complete training at hire and annually through an online computerized system.