This document discusses a training on HIPAA and confidentiality. It covers the need to consider all stakeholders to effectively implement health information system security. It also discusses authorization in cross-border eHealth systems and the need to manage privacy, confidentiality, and security of patient health information maintained electronically or on paper. The responsibilities for privacy and security can be assigned to a staff member or contracted to a vendor, and organizations must perform audit trails to document system activity involving protected health information.