.svg)
As someone who's worked extensively with healthcare compliance software, I've noticed a concerning trend: many healthcare professionals think they're HIPAA-compliant after completing a basic online course, when in reality, certified HIPAA training requires much more comprehensive education and assessment.
It's a critical distinction that can make or break an organisation's compliance strategy. Working with healthcare institutions, I've seen firsthand how proper HIPAA certification isn't just about ticking boxes - it's about developing a deep understanding of protected health information (PHI) handling, patient rights, and essential safeguards that protect both patients and providers.
In this guide, I'll walk you through everything you need to know about certified HIPAA training in 2025. We'll explore who needs certification, when they need it, the different types of training available, and how to ensure your organisation meets the federal requirements under HIPAA Privacy Rule (§164.530(b)(1)) and Security Rule (§164.308(a)(5)). I'll also share insights on implementation challenges and emerging trends, particularly around digital credentialing and technology integration, that are shaping the future of HIPAA compliance.
TL;DR:
- HIPAA Training Standards: Comprehensive program with 80%+ passing score required for certification
- Training Timeline: Initial training within first month, annual refreshers mandatory for all staff
- Documentation Requirements: Records must be maintained for 6 years with specific verification details
- Violation Consequences: Penalties range from $100 to $1.5M per violation with potential jail time
- Digital Solutions: Modern platforms offer tamper-proof credentials and automated compliance tracking
What is Certified HIPAA Training?
HIPAA training comes in different forms, but certified HIPAA training is a structured, comprehensive program that goes beyond basic awareness to ensure healthcare professionals truly understand and can apply HIPAA regulations in their daily work. This training is particularly crucial given that 82% of healthcare breaches involve human error, many of which could be prevented through proper training.
The key difference between general HIPAA awareness and certified training is that certified training requires you to demonstrate your knowledge through formal assessments and provides documented evidence of your competency.
| Component | Certified Training | General Awareness |
|---|---|---|
| Structure | Formal curriculum with interactive modules | Basic overview sessions |
| Assessment | Required testing with 80%+ passing score | Often no formal testing |
| Documentation | Official completion certificate | Simple attendance record |
| Content Depth | Role-specific detailed training | General information only |
The federal HIPAA Privacy Rule (§164.530(b)(1)) and HIPAA Security Rule (§164.308(a)(5)) require healthcare organisations to provide comprehensive training to their workforce - it's not optional. These requirements exist because proper training is essential for maintaining patient privacy and preventing data breaches.
These requirements focus on five essential areas that certified training must cover:
- Protected Health Information (PHI) handling and security
- Recognising and responding to HIPAA violations
- Understanding and protecting patient rights
- Proper breach reporting procedures
- Implementation of technical, physical, and administrative safeguards
One important point that's often misunderstood: while certified training is crucial, there's actually no "official" HIPAA certification recognised by the Department of Health and Human Services (HHS). Any training provider claiming to offer "government-endorsed" certification isn't being truthful.
Instead, what makes HIPAA training "certified" is its structured approach, which must include:
- Interactive learning modules tailored to specific job roles
- Formal assessments with a minimum passing threshold (typically 80% or higher)
- Detailed documentation of completion and competency
- Regular updates to reflect changes in regulations and best practices
- Practical scenarios and real-world applications
- Verification of understanding through hands-on exercises
The training also needs to be properly documented - this means keeping clear records of when training occurred, who completed it, and what was covered. This documentation is essential for demonstrating compliance during audits. As of 2024, there are over 370,000 resolved privacy complaints, highlighting the importance of proper documentation and training.
The documentation requirements are quite specific - records must be retained for at least six years and certificates need to include:
- Employee's full name
- Completion date
- Course content description
- Organisation name
- Signature or electronic validation
Different roles require specialised training content. For instance, nurses and clinical staff need focused training on patient privacy and minimum necessary standards, while IT staff require detailed modules on technical safeguards like encryption and network security. Administrative staff need specific training on privacy policies and records management.
Most leading healthcare organisations implement annual retraining requirements, with additional certification needed whenever there are major regulatory updates or policy changes. This ensures staff knowledge stays current with evolving HIPAA standards and emerging security threats.
Think of certified HIPAA training as your practical toolkit for protecting patient privacy and maintaining compliance, rather than just a box-ticking exercise. It's an ongoing commitment to maintaining the highest standards of patient data protection and privacy in healthcare settings. With healthcare accounting for 79% of all reported breaches, to streamline the certification process and ensure secure, verifiable documentation, many organizations are now turning to digital credentialing platforms that offer tamper-proof certificates and efficient bulk issuance capabilities.
Who Needs HIPAA Certification and When
Getting HIPAA training right is crucial for protecting patient information and staying compliant with healthcare regulations. Effective security awareness training significantly improves an organization's security posture and prevents data breaches.
The requirements aren't as straightforward as you might think - they vary depending on your role and organisation.
Mandatory Recipients
Your entire workforce needs HIPAA certification if they work with protected health information (PHI) in any way - and that includes more people than you might expect. This is particularly important given that 34% of healthcare data breaches occur from unauthorized access or disclosure of PHI.
- All employees who might encounter patient data - from doctors and nurses to receptionists and IT staff
- Temporary workers, volunteers, and contractors who have access to health information
- Business associates like billing companies or software providers who handle PHI
- Support staff who might overhear or see patient information, even if it's not part of their main job
- Medical device representatives who access PHI or provide support in clinical areas
- Healthcare marketing professionals handling PHI for marketing purposes
- Medical students and interns prior to any clinical exposure
- Third-party vendors and consultants who may have indirect access to patient data
Certification Timeline Requirements
Timing is everything when it comes to HIPAA training, and there are specific windows you need to hit.
New staff members need their initial training within their first month - no exceptions. This needs to happen before they start handling any patient information.
There are some special considerations for emergency situations though. During declared public health emergencies, new staff might receive abbreviated HIPAA awareness training initially, with comprehensive training to follow when the emergency subsides. The same applies to temporary staff and locum tenens physicians who need rapid onboarding - they can receive initial orientation focusing on organisation-specific HIPAA policies, followed by full training at the earliest opportunity.
After that initial training, here's what you need to know:
- Annual refresher training for everyone, including your management team
- Extra training sessions if someone's been away for more than 90 days
- Additional training when staff move into roles with more PHI access
- Immediate updates when there are significant changes to HIPAA regulations
- For remote workers like telemedicine providers and at-home medical transcriptionists: additional training on remote-specific risks including secure home Wi-Fi, device security, and avoiding household member access
- Supplemental training after any security incidents or breaches
Role-Specific Training Needs
Different roles need different types of HIPAA training - it's not one size fits all. Each position requires tailored training that addresses their specific interactions with PHI.
| Role | Training Focus | Key Components |
|---|---|---|
| Healthcare Providers | Direct Patient Care | Privacy during treatment, secure communication, PHI handling |
| Administrative Staff | Front Office Operations | Phone privacy, scheduling, basic PHI protection |
| IT Personnel | Technical Security | Electronic PHI protection, system security, access controls |
| Management | Oversight & Compliance | Policy implementation, risk assessment, audit procedures |
| Behavioral Health Professionals | Mental Health Records | Specialized privacy rules, 42 CFR Part 2 requirements for substance abuse confidentiality |
| Research Staff | Research Data Handling | Data de-identification, consent requirements, Good Clinical Practice (GCP) |
Sector-Specific Requirements
Different healthcare sectors have their own unique HIPAA training needs. Hospitals need comprehensive training covering everything from emergency room privacy to electronic health records security. Insurance companies focus more on claims processing and payment data protection.
Educational institutions handling student health records need specific training on FERPA regulations alongside HIPAA requirements.
Small healthcare practices with fewer than 10 employees can use alternative training methods like documented one-on-one instruction if formal sessions aren't practical. Large hospital systems typically require structured periodic retraining and often have a dedicated compliance office to manage training records.
Remember, state laws might require additional training beyond federal HIPAA requirements. For instance, Texas requires training within 60 days of hire and every two years after, while California requires additional training on state-specific privacy laws like CMIA and CCPA.
The most important thing is documenting everything - keep records of who completed training, when they did it, and what it covered. These records must be maintained for at least 6 years from creation or last effective use, whichever is later. Your documentation should include:
- The trainee's name
- Training date and time
- Trainer's name
- Content covered
- Signed acknowledgment of completion
- Any assessment results or competency evaluations
You'll need this information if you ever face a compliance audit or need to demonstrate due diligence in protecting patient information. Violations can result in penalties up to $1.5 million per year and even jail time.
Types and Levels of HIPAA Training Available
Training Categories by Experience Level
Getting started with HIPAA training isn't as complex as you might think. There's a clear pathway based on your experience and role. Annual HIPAA training is required for all staff members who have access to protected health information.
If you're new to handling protected health information (PHI), you'll start with entry-level training. This typically takes 60-90 minutes and covers all the fundamental principles you need to know about HIPAA compliance and patient privacy.
Once you're established in your role, you'll need to complete annual renewal courses. These are shorter - usually 30-45 minutes - and focus on any new regulations or emerging security threats.
For those in high-risk positions handling sensitive patient data daily, there are advanced modules that take 90+ minutes or more. These deep-dive into specific compliance requirements and complex scenarios, often including interactive case studies on:
- Data breach prevention and response
- PHI access request handling
- Secure patient communications
- Risk assessment procedures
- Incident reporting protocols
Department and Role-Based Training Options
| Department | Training Focus | Key Components |
|---|---|---|
| Clinical Staff | Patient Interaction | Direct care protocols, consent management, verbal disclosure guidelines, point of care PHI handling |
| IT Professionals | Technical Security | data encryption, access controls, system security measures, cybersecurity best practices |
| Administrative Staff | Records Management | Billing procedures, documentation handling, information release protocols, minimum necessary standard |
| Business Associates | Third-party Compliance | Contractual obligations, data handling requirements, breach reporting, data use limitations |
| Privacy Officers | Advanced Oversight | Policy development, audit procedures, compliance monitoring, incident response |
Delivery Method Options
Modern HIPAA training adapts to how you work and learn best. Here are the main ways you can complete your training:
- Online asynchronous courses: The most popular option, featuring interactive elements like scenario-based learning and quizzes that you can complete at your own pace. These integrate with major Electronic Health Record systems and HR platforms for automated training assignment and completion tracking. Online training allows healthcare providers to complete courses at their own pace, making it increasingly popular.
- In-person classroom instruction: Ideal for departments with complex needs or specific challenges, providing valuable face-to-face guidance and immediate feedback.
- Hybrid approaches: Combining live training sessions with online assessments, giving you the benefits of both personal instruction and flexible learning.
- Mobile-friendly microlearning modules: Bite-sized lessons that can be completed between shifts or during breaks, typically including short videos, interactive scenarios, and simple quizzes designed for better information retention. This immersive approach reduces employee errors and enhances compliance.
Each training method includes assessment tools to verify your understanding, and you'll receive documentation of completion - essential for compliance records and professional development. For remote workers, additional modules focus on secure remote access, telehealth privacy, device security, and data transmission safeguards.
Modern training platforms are now incorporating advanced technologies like Virtual Reality simulations for privacy breach scenarios and AI-powered adaptive learning that adjusts content difficulty based on individual assessment results, ensuring training focuses on areas where risk is highest.
Certification Standards and Assessment Requirements
HIPAA training has specific standards that you need to know about to ensure your healthcare organisation stays compliant. Proper training is crucial for protecting health information and preventing violations.
Official Compliance Standards
The U.S. Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) have set clear requirements for HIPAA training.
These aren't optional - they're mandatory for all employees of covered entities and their business associates. Failing to provide security awareness training clearly violates the HIPAA Security Rule.
The standards focus on three main areas:
- Privacy Rule implementation and patient data protection
- Security Rule compliance and safeguard measures
- Breach Notification procedures and response protocols
Something that surprises many people is that there's no single "official" HIPAA training certificate from HHS or OCR - instead, organisations need to create comprehensive training programs that meet federal standards.
Assessment and Passing Criteria
The good news is that while the standards are strict, the assessment approach is flexible.
Your organisation can structure its HIPAA training assessments to best suit your specific needs, as long as you meet these core requirements:
| Requirement | Details |
|---|---|
| Documentation | Must record who completed training, when, and what was covered |
| Verification | Training records must be available for audit review |
| Timing | Initial training required "within reasonable period" of hiring + updates when policies change |
| Knowledge Assessment | Regular checks to ensure understanding (format flexible) |
Most effective training programs validate learning through interactive eLearning modules, quizzes, and scenario-based questions. Recent data shows that 76.9% of organizations test workforce HIPAA awareness following reported data breaches. Many organizations now utilize digital credentialing systems that automatically generate and securely store tamper-proof certificates upon successful completion, making documentation and verification more efficient.
Training Content Standards
Your HIPAA training needs to cover specific areas to be compliant. Here's what must be included:
- Protected Health Information (PHI): Definition, handling protocols, and permissible uses
- Security Measures: Physical, administrative, and technical safeguards
- Privacy Protocols: Patient rights and minimum necessary standards
- Breach Response: Identification, reporting, and response procedures
- Role-Specific Training: Content tailored to job responsibilities
For 2025, there's increased focus on mobile device security and updated guidance on handling reproductive health information. HIPAA violation fines have increased to between $137 and $63,973 per violation, with an annual cap of $2,000,000.
Different roles require different training focuses:
- Clinical Staff (nurses, doctors): Focus on PHI handling, privacy incident response, and patient communications
- IT Personnel: Emphasis on security safeguards, technical protocols, and incident detection
- Administrative Staff: Concentration on data entry, access control, and document management protocols
The training must be regularly updated to reflect any changes in regulations or your organisation's policies. Online training is particularly effective in providing foundational IT security and privacy concepts to prevent potential breaches.
Best practices now include using Learning Management Systems (LMS) that automatically record course completion, scores, and assessment dates while generating and securely storing training certificates for regulatory audits. Many organisations are also implementing digital signature capture for policy acknowledgment and maintaining periodic audit logs for OCR readiness.
Remember - it's not just about ticking boxes. Your training needs to genuinely prepare your team to protect patient information and handle PHI correctly in real-world situations.
That's why the most effective programs include practical scenarios and examples of actual HIPAA violations, helping staff understand how these requirements apply in their daily work.
Implementation Challenges and Best Practices
Getting HIPAA training right across your organisation isn't always straightforward - but understanding the common hurdles and knowing how to tackle them makes all the difference.
Common Implementation Obstacles
The reality is that implementing effective HIPAA training comes with its share of challenges.
Digital literacy varies significantly across healthcare teams - what's intuitive for your tech-savvy staff might be a struggle for others. This variation in technical ability can create significant training gaps if not properly addressed through adaptive learning approaches.
| Challenge | Impact | Solution |
|---|---|---|
| Staff Completion Tracking | Risk of non-compliance, missed deadlines | Automated tracking systems with reminders |
| Training Engagement | Poor knowledge retention, compliance risks | Interactive, scenario-based learning |
| Remote Team Management | Inconsistent training delivery | Digital platforms with flexible access |
| Documentation Management | Audit preparation difficulties | Centralised digital record-keeping |
Managing training across multiple locations or shifts can feel like herding cats - especially when you're dealing with a mix of full-time, part-time, and contract staff.
Modern Learning Management Systems (LMS) like Paradiso and BrainCert are specifically designed to handle these challenges with features like role-based access control, secure data encryption, and comprehensive audit trails that integrate with existing healthcare systems. These platforms have become essential tools in modern healthcare training management.
Effective Training Programme Elements
The most successful HIPAA training programmes share some key characteristics that really make them stick.
Real-world scenarios are absolute gold - they help staff connect the dots between abstract policies and their day-to-day work. This practical approach ensures that training isn't just theoretical but directly applicable to daily operations.
- Interactive Learning: Quick knowledge checks and immediate feedback keep everyone engaged and help spot any gaps in understanding straight away. Modern platforms now incorporate digital certificates and badges to drive completion and validate achievements
- Leadership Involvement: When senior management actively participates, it sends a clear message about the importance of HIPAA compliance
- Customised Content: Different departments face different risks - your training should reflect that. For example:
- Nurses and clinical staff focus on PHI handling and patient communication
- Administrators concentrate on documentation and policy enforcement
- IT staff prioritise technical safeguards and breach response protocols
- Regular Updates: Healthcare regulations evolve, and your training needs to keep pace. This includes annual reviews and updates to reflect the latest compliance requirements
- Mobile Accessibility: Modern training delivery methods include mobile-optimised platforms that allow staff to complete training from any location, supporting remote and hybrid workforces
- Microlearning Modules: Microlearning Modules accessible on-demand have proven effective for knowledge retention and compliance management
Documentation and Tracking Requirements
Proper documentation isn't just about ticking boxes - it's your safety net when audits come around.
A centralised digital system makes everything smoother - from tracking completions to generating compliance reports. Having all your training records in one accessible place can save countless hours during audit preparations and help identify compliance gaps before they become issues.
- Essential Documentation Elements:
- Training completion dates and scores
- Certificate verification details
- Policy acknowledgments
- Refresher course completions
- timestamped training logs
- Assessment scores and certifications
- Course-specific details and expiration status
Integration with HR systems helps ensure no one falls through the cracks, especially during staff changes or role transitions. Modern platforms offer APIs or built-in connectors to sync data with HR systems, EHRs, and credential management systems for unified audit preparation.
The key is making your documentation both comprehensive and accessible - you need to be able to pull up records quickly when auditors come calling. Leading organisations use platforms that support automatic documentation of training activities with rapid report generation capabilities for regulatory reviews.
Remember - good HIPAA training isn't a one-and-done deal. It's an ongoing process that needs regular attention and updating to stay effective and compliant. The most successful healthcare organisations view HIPAA training as a continuous journey rather than a destination, constantly evolving their programmes to meet new challenges and requirements.
Consequences of Inadequate HIPAA Training and Compliance
HIPAA compliance isn't just a box to tick - the consequences of inadequate training can be severe, affecting everything from your organisation's finances to its reputation.
Regulatory and Legal Penalties
The financial impact of HIPAA violations can be staggering.
Civil penalties can range from £100 to over £2 million per violation, depending on the severity and whether the breach was intentional.
For the most serious violations, like wilful neglect or malicious disclosure of patient information, criminal charges could lead to fines up to £250,000 and even prison sentences of up to 10 years.
| Violation Type | Penalty Range | Additional Consequences |
|---|---|---|
| Unknowing Violation | £100 - £50,000 per violation | Mandatory corrective action |
| Reasonable Cause | £1,000 - £100,000 per violation | Enhanced monitoring |
| Wilful Neglect (Corrected) | £10,000 - £250,000 per violation | Criminal charges possible |
| Wilful Neglect (Uncorrected) | £50,000 - £1.5 million per violation | Criminal prosecution likely |
Beyond the immediate financial penalties, organisations typically face a range of additional consequences:
- Mandatory corrective action plans requiring years of enhanced oversight
- Regular audits and compliance monitoring
- Potential suspension from Medicare and other federal health programmes
- Professional sanctions for individual healthcare providers
- Independent compliance expert monitoring for 18-36 months
- Quarterly submission of training completion logs and random workforce interviews
- Mandatory encryption protocol adoption and restricted system access
Operational Impact Assessment
The ripple effects of inadequate HIPAA training extend far beyond just monetary penalties, creating significant disruptions to daily operations and patient care.
Studies show that organisations with poor HIPAA training programs experience more frequent data breaches and security incidents, leading to operational disruptions that affect patient care quality.
Recent real-world cases highlight these severe consequences. In 2025, a Houston imaging center faced a £380,000 fine when staff's lack of technical security training led to exposed patient data. A Miami billing clerk's unencrypted email resulted in a £250,000 fine and mandatory annual security retraining. These incidents required extensive corrective actions, including comprehensive retraining, implementation of technical controls, and prolonged compliance monitoring.
Here are the key operational challenges that inadequate HIPAA training can create:
- Slower patient care delivery due to compliance-related bottlenecks
- Resource drain from managing breach investigations (which can take 30-90 days, or 6-12 months for complex cases)
- Staff time lost to corrective action plan implementation
- Increased costs for external compliance consultants (£10,000-£50,000+ per engagement)
- Temporary restrictions on PHI access for affected departments
- Workflow disruptions from new approval processes for digital communications
In contrast, organisations that invest in robust HIPAA training programs experience numerous benefits:
- Significantly reduced breach incidents
- Faster response times when issues do occur
- Better audit outcomes
- Enhanced patient trust and satisfaction
- Lower long-term compliance costs
- Improved staff confidence in handling PHI
- Streamlined compliance documentation through digital tracking systems
The bottom line? Investing in comprehensive HIPAA training isn't just about avoiding penalties - it's about maintaining efficient operations, protecting patient trust, and ensuring the long-term success of your healthcare organisation.
HIPAA Training Requirements
So now you understand what can go wrong with inadequate training, but what exactly does HIPAA require when it comes to staff education?
2025 Industry Context and Emerging Trends
The healthcare sector is experiencing a significant shift in how we approach HIPAA compliance training and verification.
Technology has transformed what was once a tick-box exercise into a dynamic, continuous process that better protects patient data. The integration of advanced systems and digital solutions has fundamentally changed how healthcare organisations manage and verify compliance.
Current Regulatory Updates
The regulatory landscape is evolving rapidly to keep pace with new technologies and emerging threats.
Healthcare organisations are now required to implement enhanced privacy measures for mobile devices, particularly as remote work becomes more prevalent. This includes:
- Mandatory multi-factor authentication for all users accessing electronic protected health information (ePHI), requiring at least two factors:
- Something known (like a password)
- Something possessed (like a token)
- Something inherent (like biometrics)
- Technical safeguards including:
- AES-256 encryption for all data at rest and in transit
- automated audit logging of ePHI access
- Continuous asset inventories
- Remote lock and wipe capabilities for lost devices
- Enforced mobile device management (MDM) software
Several states have introduced stricter privacy training requirements that go beyond federal standards - making it crucial to stay current with both state and federal regulations. For example, California's Confidentiality of Medical Information Act requires additional training on state-specific patient rights and consent processes, while New York mandates specific HIV-related confidentiality training under Public Health Law Article 27-F.
| Key Regulatory Change | Impact |
|---|---|
| Shortened Breach Reporting | Organizations must now report breaches more quickly, requiring better incident detection and response training |
| AI Compliance Requirements | New guidelines on using AI with patient data, including specific training on AI ethics and data handling |
| Enhanced Mobile Security | Stricter requirements for securing patient data on mobile devices and remote workstations |
Technology Integration Trends
Healthcare organisations are increasingly adopting integrated compliance platforms that combine training, tracking, and risk assessment into single, user-friendly systems.
These platforms are designed to be mobile-friendly, allowing staff to complete training on their own devices and at their own pace - a crucial feature for busy healthcare professionals. The flexibility has led to higher completion rates and better retention of compliance information.
Key features of modern compliance platforms include:
- analytics-driven personalised training that identifies knowledge gaps
- Real-time monitoring with automated alerts for compliance issues
- Automated tracking and reporting of completed trainings
- Role-based assignment of modules
- Secure document management
- Real-time compliance dashboards
The impact has been significant - one large regional health system reduced their compliance audit preparation time by 80% through automated record-keeping and user notification features.
Digital Credentialing Solutions
The move towards digital credentials represents a major shift in how we verify and track HIPAA compliance training.
Blockchain technology is being used to create tamper-proof digital certificates, ensuring that compliance credentials cannot be falsified or altered. Major healthcare institutions like Mayo Clinic and Cedars-Sinai have piloted blockchain-based systems to verify healthcare professional credentials and training completions.
Healthcare professionals can now store their HIPAA certifications in secure digital profiles, making it easier to maintain and share their compliance status when changing roles or organisations. These digital credential systems integrate with facility EHR and HR systems for real-time status updates and provide detailed analytics on credential usage and verification.
Benefits of digital credentialing include:
- Verifiable proof of ongoing professional development
- Seamless integration with HR systems
- Quick compliance verification during audits
- Comprehensive compliance records maintained for the required six-year period
- Easy tracking of content, attendee lists, dates, and completion evidence
Modern healthcare requires modern solutions - and these technological advances are making HIPAA compliance more robust, more efficient, and more effective at protecting patient privacy.
Certified HIPAA Training: Your Guide to Healthcare Data Protection
In summary, certified HIPAA training is a federally mandated program requiring structured coursework and formal assessment with 80%+ passing threshold for healthcare workers handling PHI. It includes comprehensive modules on privacy rules, security protocols, and breach reporting, with certification documentation upon completion.
Throughout my research into HIPAA certification requirements, I've been struck by how crucial proper training is in protecting patient data and maintaining trust in healthcare services.
What I found particularly interesting was how the training landscape is evolving with technology, yet the core principle remains unchanged: ensuring everyone in healthcare understands their role in protecting patient privacy.
Whether you're new to healthcare or updating your certification, remember that this isn't just about compliance – it's about being part of a system that safeguards sensitive information for millions of patients.
- Yaz
.png)
