Remember that the HIPAA privacy and security rules require you to provide regular HIPAA training for all work force members. But there is no requirement that work force members receive a specified number of hours of training annually. However, HIPAA requires organizations to provide training for new work force members. It also requires periodic refresher training. General work force refresher training doesn’t need to be longer than one-and-one-half to two hours as long as the training covers all the aspects of HIPAA that work force members need to know to adhere to required privacy and security policies, procedures, and practices. Training should also include information about additional HIPAA privacy and security resources or training that might be available.