The HIPAA Guide - Celebrating Over 15 Years Online

45 CFR Part 164 Training

June 14, 2026HIPAA Training Articles0

45 CFR Part 164 training refers to the workforce instruction required under the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule, all of which are codified within 45 CFR Part 164, and The HIPAA Journal’s training courses are structured to satisfy each of these requirements directly. The HIPAA Privacy Rule at 45 CFR §164.530(b)(1) requires organizations to train all workforce members on policies and procedures governing protected health information as necessary and appropriate for their functions. The HIPAA Security Rule at 45 CFR §164.308(a)(5)(i) separately requires a security awareness and training program for all workforce members, including management. The HIPAA Breach Notification Rule requires workforce members to understand what constitutes a breach and how to report a suspected incident promptly. These are independent obligations within the same part of the regulation, and a training program must address each one as a distinct requirement to satisfy the standard.

How The HIPAA Journal’s Courses Address Each Requirement

The HIPAA Journal’s HIPAA Training for Employees, HIPAA Training for Business Associate Employees, and specialist practice courses each include mandatory modules covering the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule as separate topics rather than a single combined overview. Workforce members learn how the HIPAA Minimum Necessary Rule applies to their access and disclosure decisions, how to apply the safeguards required under the HIPAA Security Rule, and how to recognize and escalate a suspected breach within the timeframes the HIPAA Breach Notification Rule requires.

The HIPAA Security Rule’s security awareness training requirement at 45 CFR §164.308(a)(5)(i) is satisfied through The HIPAA Journal’s dedicated cybersecurity courses, including Cybersecurity Training for Healthcare Employees and Cybersecurity Training for Business Associate Employees, which can be deployed alongside HIPAA Privacy Rule training to address both 45 CFR Part 164 obligations under a single administered program.

HIPAA Training for Employees

Documentation Required Under 45 CFR Part 164

45 CFR §164.530(b)(2)(i) and 45 CFR §164.308(a)(5) both require organizations to document that training was provided, including the dates of completion. The HIPAA Journal Training platform generates these records automatically, with an administration dashboard that identifies which workforce members completed which modules and when, exportable in formats suitable for an Office for Civil Rights audit. Accredited certificates are issued on completion, and individuals seeking personal certification can use the Accredited HIPAA Certification for Individuals to demonstrate 45 CFR Part 164 training independently of an employer-provided program.

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/

The HIPAA Guide is a registered trademark. Copyright © 2007-2026 The HIPAA Guide. All rights reserved.