Scroll Down Arrow

Information Privacy & Security (IPS)

IPS covers the principles of data protection, focusing on the healthcare-related privacy and information security requirements of the Health Insurance Portability and Accountability Act (HIPAA).






Contact Us

About these Courses

Augmented penalties, audits, and required breach notifications under the Health Information Technology for Economic and Clinical Health (HITECH) Act's amendments to HIPAA have raised the stakes for an organization's compliance. IPS is designed to help ensure HIPAA compliance, quality assurance, and risk reduction.

It consists of two courses on Health Privacy and Information Security, which can be utilized based on organizational needs. Each course includes content for individuals who only need basic information as well as content tailored to specific roles, applications, devices, and settings. It is suitable for anyone who works with individually identifiable health data (HIPAA-defined "PHI") or has responsibilities for setting policies and procedures with respect to such data.

These courses were authored by Reid Cushman, PhD of CITI Program and peer-reviewed by experts.

Language Availability: English, Korean

Suggested Audiences: Individuals Working with Identifiable Health Data (HIPAA-defined “PHI”)

Basic Courses

New/Updated Badge CME/CEU Badge
Information Privacy & Security (IPS)

Health Privacy

View Details
New/Updated Badge CME/CEU Badge
Information Privacy & Security (IPS)

Information Security

View Details


Toggle ContentWhat subject areas does IPS training cover?

The Health Privacy track addresses legal-regulatory requirements for data protection by subject area. Currently, the focus is on Health Insurance Portability and Accountability Act (HIPAA)-related requirements for health data. FERPA-related content focused on education records will be available soon. The Information Security track discusses protection of information in any context, regardless of the subject matter.

Toggle ContentWhat privacy topics are addressed?

The Health Privacy track includes content on the basics of the federal HIPAA requirements as well as touching on state and local requirements. This foundation is supplemented by content that focus on healthcare roles and types of activities, since HIPAA’s requirements are largely conditioned by the purpose behind a use or disclosure of health information. Learn more.

Toggle ContentWhat information security topics are addressed?

The Information Security track is organized to provide a basic foundation of data and device security techniques, supplemented by more detailed information relevant to the particular activities and context of the learner. Learn more.

Toggle ContentWhat is the recommended course setup?

For a basic course in Health Privacy, we recommend that the “Basics” module be required as a foundation, along with at least one of the role-specific modules, depending on the type of learner. For a basic Information Security course, we recommend that the two “Basics” modules be required as a foundation. A subset of the remaining modules could be used as electives, or as purely supplemental (optional) modules.

Toggle ContentWhat is the recommended training frequency?

Neither HIPAA’s regulations nor the federal agencies administering them offer specific guidance on the frequency of HIPAA-related training. It is up to each organization to determine when a “refresher” is appropriate. Sometimes state laws or institutional policies may provide a standard. Absent other considerations, we recommend retraining of some kind at least every three to four years.

Standards for the frequency of information security training are also elusive. Generally, it is up to each organization to determine when a “refresher” is appropriate, except where a controlling law or regulation provides a standard. Absent such a standard, or a requirement from the organization’s own policies, we recommend some kind of retraining at least every three to four years.