Health Insurance Portability and Accountability Act (HIPAA)

Covers the core elements of the federal Health Insurance Portability and Accountability Act (HIPAA) requirements.


About these Courses

This series provides information on the core elements of the federal Health Insurance Portability and Accountability Act (HIPAA) requirements. The three courses that comprise the HIPAA series focus on healthcare roles and types of activities since HIPAA’s requirements are largely conditioned by the purposes behind the collection, use, or disclosure of health information. Courses include:

Augmented penalties, audits, and required breach notifications under the Health Information Technology for Economic and Clinical Health (HITECH) Act's amendments to HIPAA have raised the stakes for healthcare organizations' compliance. The HIPAA courses are designed to help ensure HIPAA compliance, quality assurance, and risk reduction. The courses cover the HIPAA Privacy Rule, Security Rule, Omnibus Rule, and HITECH Act.

These courses are suitable for anyone who works with individually identifiable health data (HIPAA-defined "PHI") or has responsibilities for setting policies and procedures with respect to these types of data.

Language Availability: English, Korean

Suggested Audiences: Clinicians, Fundraisers, Healthcare Providers, Individuals Working with Identifiable Health Data, Instructors, IRB Administrators, IRB Members, Marketers, Researchers, Students, Teachers


Basic Courses

HIPAA Basics for Healthcare Professionals
CME/CEU

Introduces healthcare professionals to the basic concepts and expectations of HIPAA.

tablet with stethoscope on top
HIPAA for Marketing and Fundraising Professionals
CME/CEU

This course is intended to cover HIPAA requirements as applicable for marketing and fundraising.

Icon of a face with a lock off to the side
HIPAA for Education and Research
CME/CEU

This course is intended to cover the core elements of HIPAA requirements as applicable for education and research roles.

cap and gown on a lock icon


FAQs

Who should take the HIPAA courses?

The HIPAA courses are designed for individuals working with identifiable health data. HIPAA requires that covered entities provide training to their employees. Business associates must also provide training to their employees that work with identifiable health data.

How long does it take to complete a HIPAA course?

The HIPAA Basics for Healthcare Professionals course consists of six modules, the HIPAA for Education and Research course consists of three modules, and the HIPAA for Marketing and Fundraising Professionals course consists of three modules.

Each module contains detailed content, images, supplemental materials (such as case studies), and a quiz. Modules vary in length, and learners may require different amounts of time to complete them based on their familiarity and knowledge of the topic. However, they can complete them at their own pace. Modules are each designed to take about 30 to 45 minutes to complete.

Are HIPAA courses eligible for CME credits?

This course does not currently have CE/CME credits available.

What privacy topics are addressed?

The HIPAA courses include content on the basics of the federal HIPAA requirements and touch on state and local requirements. This foundation is supplemented by content that focuses on roles and types of activities, because HIPAA’s requirements are largely conditioned by the purpose behind a use or disclosure of health information.

What is the recommended course setup?

For the HIPAA Basics for Health Professionals course, we recommend that all modules be set to “Required”.

For the HIPAA for Education and Research course, we recommend that the “Basics” module be required as a foundation, along with at least one of the role-specific modules, depending on the type of learner.

For the HIPAA for Marketing and Fundraising Professionals course, we recommend that the “Basics” module be required as a foundation, along with at least one of the role-specific modules, depending on the type of learner.

What is the recommended training frequency?

HIPAA regulations nor the federal agencies administering them offer specific guidance on the frequency of HIPAA-related training. It is up to each organization to determine when a “refresher” is appropriate. Sometimes state laws or organizational policies may provide a standard. Absent other considerations, we recommend retraining of some kind at least every three to four years.