Top Menu

HIPAA Security Reminder of the Week

Security Reminders

HIPAA 164.308(a)(4) Security Reminders

Questions an Auditor may ask you (from NIST 800-66):

  • What methods are available or already in use to make or keep employees aware of security, e.g., posters or booklets?
  • Is security refresher training performed on a periodic basis (e.g., annually)?
  • Is security awareness discussed with all new hires?
  • Are security topics reinforced during routine staff meetings?


  • Consider displaying security reminders and warning banners at log-in on all workstations.
  • Screen savers could display random security & privacy hints & tips.
  • Place posters throughout the facility to remind staff about information security and the security of physical assets.  Change these posters periodically to avoid the message going stale.
  • If your company has a newsletter (hard copy or email) have a “Compliance Corner” for news from the Privacy Officer and Information Security Officer.
  • Remind staff to complete their annual security refresher training on time.
  • Keep records of New Employee Orientation, including evidence of HIPAA awareness.
  • Provide evidence that security & privacy are discussed at staff and executive meetings (agendas and minutes).

Do you have any other great ideas for reminding staff about their security and privacy responsibilities?  Let us know!