From Lorne Lavine The Digital Dentist:
The statistics are alarming. According to a survey conducted by Data Privacy firm CEB, fully 90% of employees admit to rational noncompliance for the sake of convenience. Two thirds say that they regularly email company files to personal email addresses so they can work from home.
The Great Wall of China was breached by the Manchus when they bribed a general to let them in. The wall itself never failed it was the people who were the weak link.
It is the same thing in our dental offices. You can establish a sound HIPAA compliant data security policy but if the staff members do not follow the rules you are still at risk.
People do not follow the rules when they are poorly understood, hard to manage or if they do not believe they are really important. Good data safety is not just a set of rules it is also good training and team buy in.