This document discusses privacy risks for both paper and electronic medical records. It identifies three common risks: inappropriate access to records, tampering with record contents, and record loss due to natural disasters. The document emphasizes that safeguarding personal health information as required by HIPAA is important, and that employees should receive regular HIPAA training and testing to ensure adherence to privacy policies. Consequences for violating HIPAA, such as termination, are also discussed.