Train your team on HIPAA Privacy Rule, Security Rule, and breach notification requirements. Protect patient information and stay compliant with federal healthcare regulations.
Training Modules
Minutes to Complete
Self-Paced Online
HIPAA requires covered entities and business associates to train all workforce members on policies and procedures for protecting patient health information. This isn't optional—it's federal law.
Training must occur when employees are hired, and refresher training is required periodically. Annual training is the industry standard and is expected by auditors and the HHS Office for Civil Rights.
Our comprehensive HIPAA training covers everything employees need to know about protecting patient health information.
What is HIPAA? History, purpose, and why it matters. Understanding covered entities, business associates, and workforce members.
What qualifies as PHI? The 18 HIPAA identifiers, electronic PHI (ePHI), and examples of protected information in various formats.
Permitted uses and disclosures, minimum necessary standard, authorizations, and when patient consent is required.
Right to access records, right to amend, right to an accounting of disclosures, right to restrict uses, and the Notice of Privacy Practices.
Administrative, physical, and technical safeguards. Password protection, encryption, access controls, and workstation security.
What constitutes a breach, risk assessment, notification timelines, and reporting requirements to HHS and affected individuals.
Practical steps for protecting PHI: secure communications, proper disposal, clean desk practices, and avoiding common mistakes.
Civil and criminal penalties, enforcement examples, personal liability, and how violations are discovered and investigated.
How to report suspected violations internally, whistleblower protections, and what happens when an incident occurs.
Each employee receives a certificate documenting HIPAA training completion. Essential for compliance audits and OCR investigations.
Track employee progress in real-time. See who's completed training, who's overdue, and send reminder emails with one click.
Download audit-ready reports showing training dates, completion status, and certificate details. Keep these for 6 years as required.
Employees complete training at their own pace. Pause and resume anytime—no scheduling conflicts or staff coverage issues.
Real-world examples from clinical, administrative, and IT settings. Employees learn to apply HIPAA rules to situations they actually encounter.
Automated reminders for incomplete and annual refresher training. Stay compliant without manually tracking due dates.
Lack of employee training is one of the most common factors in HIPAA enforcement actions. The penalties are severe—and personal liability is possible.
per violation (up to $1.5M annually)
criminal fines for willful violations
maximum prison sentence
HIPAA requires training for all "workforce members"—not just clinical staff. Anyone who might access, use, or disclose patient information needs to understand the rules.
If your company provides services to healthcare organizations, you likely need HIPAA training:
For healthcare organizations & business associates
For solo practitioners & contractors
Need training for 100+ employees? Contact us for volume pricing.
HIPAA requires training when employees are hired and "periodic" refresher training. While the law doesn't specify exact frequency, annual HIPAA training is the industry standard and is expected by OCR during audits and investigations. New employees should be trained within a reasonable timeframe after starting.
Our HIPAA Compliance Training takes approximately 60 minutes to complete. Employees can pause and resume at any time, completing modules whenever their schedule allows.
Our training covers the core HIPAA requirements that apply to all workforce members. However, HIPAA also requires training on your organization's specific policies and procedures. Many organizations use our training as the foundation and supplement with organization-specific policy training.
HIPAA requires covered entities to retain training documentation for 6 years from the date of creation or the date it was last in effect, whichever is later. Our compliance reports provide the documentation you need for this requirement.
Business associates must train their workforce members on HIPAA requirements applicable to their role. Our training covers the Privacy Rule, Security Rule, and Breach Notification Rule requirements that apply to both covered entities and business associates.
Yes! HIPAA training pairs well with our Security Awareness Training and PII Handling Training for comprehensive workforce protection. Contact us about bundle pricing for multiple courses.
Train your workforce on HIPAA requirements. $15 per employee, all 10 modules, certificates included.
Social Media & Electronic Communications
HIPAA risks with texting, email, social media, and messaging apps. Safe practices for electronic communication about patients.