Information Privacy & Security (IPS)

IPS covers the principles of data protection, focusing on the healthcare-related privacy and information security requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the educational records and data-related requirements of the Family Educational Rights and Privacy Act (FERPA).

Questions? Contact Us
Scroll Down Arrow


About these Courses

Augmented penalties, audits, and required breach notifications under the Health Information Technology for Economic and Clinical Health (HITECH) Act's amendments to HIPAA have raised the stakes for healthcare organizations' compliance. IPS is designed to help ensure HIPAA compliance, quality assurance, and risk reduction.

IPS consists of three courses on Health Privacy (focusing on HIPAA), Information Security, and the Family Educational Rights and Privacy Act (FERPA), which can be utilized based on organizational needs. Each course includes content for individuals who only need basic information, as well as content tailored to specific roles, applications, devices, and settings. It is suitable for anyone who works with individually identifiable health data (HIPAA-defined "PHI"), or FERPA-covered educational records and data, or has responsibilities for setting policies and procedures with respect to these types of data.

The Health Privacy and Information Security courses were authored by Reid Cushman, PhD, of CITI Program and peer-reviewed by experts.

The Family Education Rights and Privacy Act (FERPA) course was authored by Thomas W. Gold, PhD, of Network for Teaching Entrepreneurship and peer-reviewed by experts.

Upcoming Subscription Changes: Effective April 1, 2023, a new HIPAA series that is separate from the IPS series will be available. As such, after April 1, the Health Privacy (HIPAA) course will no longer be part of IPS, and the current Health Privacy modules will be part of the new HIPAA series. After April 1, IPS will contain the Information Security course, FERPA course, and five IPS-focused webinars.

Language Availability: English, Korean

Suggested Audiences: Administrators, Educators, Individuals Working with Identifiable Health Data (HIPAA-defined “PHI”), Instructors, IRB Administrators, IRB Members, Researchers, Students, Teachers


Basic Courses

Health Privacy (HIPAA)

CME/CEU

This course is intended to cover the core elements of the federal Health Insurance Portability and Accountability Act (HIPAA) requirements.

shield representing information security
view course

Information Security

CME/CEUUpdated

This course provides information on basic techniques for data and device security, including email and mobile devices.

hand unlocking smartphone with fingerprint security feature
view course

Family Educational Rights and Privacy Act (FERPA)

CME/CEU

This course covers the core requirements of the federal Family Educational Rights and Privacy Act (FERPA).

Child student holding tablet in front of face
view course


FAQs

What subject areas does IPS training cover?

The Health Privacy course addresses legal-regulatory requirements for data protection by subject area. Currently, the focus is on HIPAA-related requirements for health data. FERPA-related content focused on education records is also available. The Information Security track discusses protection of information in any context, regardless of the subject matter.

What privacy topics are addressed?

The Health Privacy course includes content on the basics of the federal HIPAA requirements, and touches on state and local requirements. This foundation is supplemented by content that focuses on healthcare roles and types of activities, because HIPAA’s requirements are largely conditioned by the purpose behind a use or disclosure of health information. Learn more.

The Family Educational Rights and Privacy Act (FERPA) course includes content on the basics of federal FERPA requirements, which also touches on state and local requirements. An introductory module is complemented by audience-specific modules.

What information security topics are addressed?

The Information Security track is organized to provide a basic foundation of data and device security techniques, supplemented by more detailed information relevant to the particular activities and context of the learner. Learn more.

What is the recommended course setup?

For a basic course in Health Privacy, we recommend that the “Basics” module be required as a foundation, along with at least one of the role-specific modules, depending on the type of learner.

For a basic Information Security course, we recommend that the two “Basics” modules be required as a foundation. A subset of the remaining modules could be used as electives, or as purely supplemental (optional) modules.

For a basic course in Family Educational Rights and Privacy Act (FERPA), we recommend that the “FERPA: An Introduction” module be required as a foundation, along with at least one of the role-specific modules, depending on the type of learner.

What is the recommended training frequency?

Neither HIPAA or FERPA regulations nor the federal agencies administering them offer specific guidance on the frequency of HIPAA-related or FERPA-related training. It is up to each organization to determine when a “refresher” is appropriate. Sometimes state laws or organizational policies may provide a standard. Absent other considerations, we recommend retraining of some kind at least every three to four years.

Standards for the frequency of information security training are also elusive. Generally, it is up to each organization to determine when a “refresher” is appropriate, except where a controlling law or regulation provides a standard. Absent such a standard, or a requirement from the organization’s own policies, we recommend some kind of retraining at least every three to four years.

What changes are in place for the IPS series?

Effective April 1, 2023, the Health Privacy (HIPAA) modules that were included in the Information Privacy and Security (IPS) series will no longer part of the IPS series.

A new HIPAA series will include the Health Privacy (HIPAA) modules as well as a new HIPAA Basics for Healthcare Professionals course. Organizations that have Health Privacy (HIPAA) modules in their gradebooks will have the new HIPAA series added to their renewal invoices (for an additional fee).

The IPS series will continue to include Information Security and FERPA courses. The series will also be expanded to include five topic-focused webinars. Organizations that subscribe to IPS will have access to these five webinars for no additional charge.

The added webinars include:

The HIPAA series will have three courses:

  • HIPAA for Education and Research 
  • HIPAA for Marketing and Fundraising Professionals
  • HIPAA Basics for Healthcare Professionals (Note: This is a NEW course and is in development. Expected to be released in March 2023)

We are also retiring the Health Privacy Issues for Clinicians module (ID 1418), which was previously part of the Health Privacy (HIPAA) (retirement effective April 1, 2023).