Social Engineering -
Employees be aware of suspicious people, emails and phone calls. Social engineering tactic is "Appear to fit in or know someone to get access"
Good Old Common Sense Security - Be mindful of your surroundings, if you see someone you do not know "Approach and ask them if you can help"
Get management involved if you are unsure about a person, email or phone call.
Employ the "Need to know principle" Who is asking, What are they asking, Verify what the Doctor said
Peace Medical Center enforces "No Soliciting and Being Solicited"
HIPAA How to Manage Business Associate Risk - Security Metrics Webinar Link
HIPAA for Professionals - HHS.gov (Government Links)