For the average health care provider or health plan, HIPAA requires activities, such as notifying patients about their privacy rights and how their information can be used, adopting and implementing privacy procedures; training employees so that they understand the privacy procedures; designating an individual to be responsible for seeing that the privacy procedures are adopted and followed; and,