Yes, to varying degrees.
An employee that acts contrary to written policies, procedures, and data security training that he or she has received can be held personally liable for a non-conformity to HIPAA data regulations.
Keeping this in mind it is important for organizations to have clear written guidelines and documented training of all stakeholders and applicable agents. In the event of a failure to comply with HIPAA an organization that has a well documented data protection program will be better protected and will face less severe consequences.
Can't find what you're looking for?Ask us here and we will be in touch within one business day.