The information is NOT received from a HIPAA-covered entity AND the person receiving the information is NOT a staff member of a HIPAA-covered entity, The information is part of the employment records ...

Therapists handle sensitive patient information, so they require secure communication channels to shield such records.

Providers or institutions found violating HIPAA may require corrective actions, including implementing new policies, conducting staff training, or changing operations and IT infrastructure.