Which of the following is NOT a responsibility of covered entities under HIPAA?

Covered entities under HIPAA have specific responsibilities aimed at safeguarding the privacy and security of protected health information (PHI). One of their primary duties is to protect the privacy of PHI, ensuring that patients' health information is handled with confidentiality and only disclosed according to allowed regulations. They are also required to report any breaches of PHI to the affected individuals and the Department of Health and Human Services, which is crucial for maintaining trust and upholding patients' rights.

Additionally, training staff on HIPAA regulations is essential for ensuring that all employees understand their responsibilities regarding PHI and comply with the law. This training helps foster a culture of compliance and awareness within the organization.

Monitoring employee internet usage, while it may relate indirectly to HIPAA compliance in terms of safeguarding data, is not explicitly mandated as a responsibility of covered entities under the HIPAA regulations. Therefore, it is the correct choice that does not fall under the defined responsibilities of covered entities concerning the protection of PHI.