Information Privacy & Security (IPS)

IPS covers the principles of data protection, focusing on the healthcare-related privacy and information security requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the educational records and data-related requirements of the Family Educational Rights and Privacy Act (FERPA).

Organizations

LEARN MORE

New Subscribers Current Subscribers

Learners EXPLORE COURSES

Questions? Contact Us

About these Courses

Augmented penalties, audits, and required breach notifications under the Health Information Technology for Economic and Clinical Health (HITECH) Act's amendments to HIPAA have raised the stakes for healthcare organizations' compliance. IPS is designed to help ensure HIPAA compliance, quality assurance, and risk reduction.

IPS consists of three courses on Health Privacy (focusing on HIPAA), Information Security, and the Family Educational Rights and Privacy Act (FERPA), which can be utilized based on organizational needs. Each course includes content for individuals who only need basic information, as well as content tailored to specific roles, applications, devices, and settings. It is suitable for anyone who works with individually identifiable health data (HIPAA-defined "PHI"), or FERPA-covered educational records and data, or has responsibilities for setting policies and procedures with respect to these types of data.

The Health Privacy and Information Security courses were authored by Reid Cushman, PhD, of CITI Program and peer-reviewed by experts.

The Family Education Rights and Privacy Act (FERPA) course was authored by Thomas W. Gold, PhD, of Network for Teaching Entrepreneurship and peer-reviewed by experts.

Upcoming Subscription Changes: Effective April 1, 2023, a new HIPAA series that is separate from the IPS series will be available. As such, after April 1, the Health Privacy (HIPAA) course will no longer be part of IPS, and the current Health Privacy modules will be part of the new HIPAA series. After April 1, IPS will contain the Information Security course, FERPA course, and five IPS-focused webinars.

Language Availability: English, Korean

Suggested Audiences: Administrators, Educators, Individuals Working with Identifiable Health Data (HIPAA-defined “PHI”), Instructors, IRB Administrators, IRB Members, Researchers, Students, Teachers

Basic Courses

Health Privacy (HIPAA)

CME/CEU

This course is intended to cover the core elements of the federal Health Insurance Portability and Accountability Act (HIPAA) requirements.

view course

Information Security

CME/CEUUpdated

This course provides information on basic techniques for data and device security, including email and mobile devices.

hand unlocking smartphone with fingerprint security feature

view course

Family Educational Rights and Privacy Act (FERPA)

CME/CEU

This course covers the core requirements of the federal Family Educational Rights and Privacy Act (FERPA).

Child student holding tablet in front of face

view course

FAQs

What subject areas does IPS training cover?

The Health Privacy course addresses legal-regulatory requirements for data protection by subject area. Currently, the focus is on HIPAA-related requirements for health data. FERPA-related content focused on education records is also available. The Information Security track discusses protection of information in any context, regardless of the subject matter.

What privacy topics are addressed?

The Health Privacy course includes content on the basics of the federal HIPAA requirements, and touches on state and local requirements. This foundation is supplemented by content that focuses on healthcare roles and types of activities, because HIPAA’s requirements are largely conditioned by the purpose behind a use or disclosure of health information. Learn more.

The Family Educational Rights and Privacy Act (FERPA) course includes content on the basics of federal FERPA requirements, which also touches on state and local requirements. An introductory module is complemented by audience-specific modules.

What information security topics are addressed?

The Information Security track is organized to provide a basic foundation of data and device security techniques, supplemented by more detailed information relevant to the particular activities and context of the learner. Learn more.

What is the recommended course setup?

For a basic course in Health Privacy, we recommend that the “Basics” module be required as a foundation, along with at least one of the role-specific modules, depending on the type of learner.

For a basic Information Security course, we recommend that the two “Basics” modules be required as a foundation. A subset of the remaining modules could be used as electives, or as purely supplemental (optional) modules.

For a basic course in Family Educational Rights and Privacy Act (FERPA), we recommend that the “FERPA: An Introduction” module be required as a foundation, along with at least one of the role-specific modules, depending on the type of learner.

What is the recommended training frequency?

Neither HIPAA or FERPA regulations nor the federal agencies administering them offer specific guidance on the frequency of HIPAA-related or FERPA-related training. It is up to each organization to determine when a “refresher” is appropriate. Sometimes state laws or organizational policies may provide a standard. Absent other considerations, we recommend retraining of some kind at least every three to four years.

Standards for the frequency of information security training are also elusive. Generally, it is up to each organization to determine when a “refresher” is appropriate, except where a controlling law or regulation provides a standard. Absent such a standard, or a requirement from the organization’s own policies, we recommend some kind of retraining at least every three to four years.

What changes are in place for the IPS series?

Effective April 1, 2023, the Health Privacy (HIPAA) modules that were included in the Information Privacy and Security (IPS) series will no longer part of the IPS series.

A new HIPAA series will include the Health Privacy (HIPAA) modules as well as a new HIPAA Basics for Healthcare Professionals course. Organizations that have Health Privacy (HIPAA) modules in their gradebooks will have the new HIPAA series added to their renewal invoices (for an additional fee).

The IPS series will continue to include Information Security and FERPA courses. The series will also be expanded to include five topic-focused webinars. Organizations that subscribe to IPS will have access to these five webinars for no additional charge.

The added webinars include:

The HIPAA series will have three courses:

HIPAA for Education and Research
HIPAA for Marketing and Fundraising Professionals
HIPAA Basics for Healthcare Professionals (Note: This is a NEW course and is in development. Expected to be released in March 2023)

We are also retiring the Health Privacy Issues for Clinicians module (ID 1418), which was previously part of the Health Privacy (HIPAA) (retirement effective April 1, 2023).

Cookie	Duration	Description
BUY_NOW		This cookie is set to transfer purchase details to our learning management system.
CART_COUNT		This cookie is set to enable shopping cart details on the site and to pass the data to our learning management system.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
XSRF-TOKEN	session	The cookie is set by Wix website building platform on Wix website. The cookie is used for security purposes.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-33803854-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gat_UA-33803854-7	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjIncludedInSessionSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.
BrowserId	1 year	This cookie is used for registering a unique ID that identifies the type of browser. It helps in identifying the visitor device on their revisit.
CFID	session	This cookie is set by Adobe ColdFusion applications. This cookie is used to identify the client. It is a sequential client identifier, used in conjunction with the cookie "CFTOKEN".
CFTOKEN	session	This cookie is set by Adobe ColdFusion applications. This cookie is used to identify the client. It provides a random-number client security token.
CONSENT	16 years 5 months 4 days 4 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
MUID	1 year 24 days	Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
_app_session	1 month	No description available.
_gfpc	session	No description available.
_uetvid	1 year 24 days	No description available.
_zm_chtaid	2 hours	No description available.
_zm_csp_script_nonce	session	No description available.
_zm_cta	1 day	No description
_zm_ctaid	2 hours	No description available.
_zm_currency	1 day	No description available.
_zm_mtk_guid	2 years	No description available.
_zm_page_auth	session	No description available.
_zm_sa_si_none	session	No description
_zm_ssid	session	No description available.
AnalyticsSyncHistory	1 month	No description
BNI_persistence	4 hours	No description available.
BrowserId_sec	1 year	No description available.
CookieConsentPolicy	1 year	No description
cred		No description available.
f	never	No description available.
L-veVQq	1 day	No description
li_gc	2 years	No description
owner_token	1 day	No description available.
PP-veVQq	1 hour	No description
renderCtx	session	This cookie is used for tracking community context state.
RL-veVQq	1 day	No description
twine_session	1 month	No description available.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
web_zak	past	No description
wULrMv6t		No description
zm_aid	past	No description
zm_haid	past	No description