Free HIPAA Training

Free HIPAA training provides students of HIPAA with information that can help them better absorb policy and procedure training and/or security awareness training when provided by a covered entity or business associate. Covered entities and business associates can also take advantage of free HIPAA training resources to support their own training courses.

There are several types of free HIPAA training. Some are free online HIPAA training “modules” that are offered as tasters for paid-for HIPAA training courses. Some are free HIPAA training with a certificate you pay for at the end of the course, and others resemble compliance checklists that enable you to discover where your compliance knowledge may be lacking.

In addition, there are free HIPAA training resources available on the website of HHS’ Office for Civil Rights, and any training provided by a covered entity or business associate is free to members of the workforce attending the training. Not all of these sources of free HIPAA training are ideal for students with no previous experience of HIPAA for the reasons explained below.

HIPAA Training Course

The content of off-the-shelf HIPAA training courses varies from provider to provider. However, all courses should include the following subjects to ensure students acquire a basic knowledge of HIPAA.

Introduction to HIPAA

The following article explains the meaning of the acronym HIPAA, and provides information about the progress and enforcement of the HIPAA regulations from 1996 to date.

What does HIPAA Mean?

The following article provides more background information about HIPAA, and explains why HIPAA was created and how the Administrative Simplification provisions evolved.

Why was HIPAA Created?

Our HIPAA for Dummies article provides a holistic overview of HIPAA and includes snippets of information that may be useful to both trainees and organizations alike.

HIPAA for Dummies

The following article explains not only who is required to follow HIPAA requirements, but also which HIPAA requirements they are required to follow.

Who is Required to Follow HIPAA Requirements?

Some states have more stringent privacy laws that supersede HIPAA. This article provides examples of when provisions of HIPAA do not apply because of state laws.

When Does State Privacy Law Supersede HIPAA?

Terminologies Used in HIPAA

This article explains the Minimum Necessary standard and provides examples of when the standard does not apply or when a judgement call is required.

What is the HIPAA Minimum Necessary Standard?

One of the potentially most confusing elements of HIPAA for new trainees is what is considered PHI under HIPAA. The article provides a full explanation.

What is Considered PHI under HIPAA?

This article explains the requirements for a valid HIPAA authorization in order to use or disclosure PHI in a manner not that would not otherwise be permissible.

What is HIPAA Authorization?

The Substance Use Disorder Privacy Provisions (42 CFR Part 2) are not part of HIPAA but are becoming more closely aligned with the Privacy Rule requirements.

Substance Use Disorder Privacy Provisions

The HITECH Act led to the changes in HIPAA introduced by the Omnibus Rule. This article explains more about HITECH and what its motivations were.

What is HITECH in Healthcare?

Guides to the HIPAA Rules

The purpose of explaining the Administrative Simplification section of HIPAA is to highlight that each of the HIPAA Rules should not be treated in isolation, but as part of a larger picture.

What is the Administrative Simplification Section of HIPAA?

The HIPAA Privacy Rule is the Rule around which all of the other Rules rotate. This article explains the key standards of the Privacy Rule and some of the administrative requirements.

What is the HIPAA Privacy Rule?

Although IT teams and system administrators are mostly responsible for complying with the Security Rule standards, it is helpful to new students to understand what the standards are.

What is the HIPAA Security Rule?

Similarly, it is important that new students are aware that individuals, HHS Office for Civil Rights, and State Attorneys General have to be notified of any impermissible disclosure of PHI.

What is the HIPAA Breach Notification Rule?

The purpose of explaining the HIPAA Omnibus Rule is to show that this is not a separate Rule, but rather an update to the Privacy, Security, and Breach Notification Rules.

What is the HIPAA Omnibus Rule?

All-Important Regulations

It is important for all members of the workforce to understand what patient rights are and also that they are not absolute. Your employer’s policies will govern how individuals can exercise their rights.

Patient Rights under HIPAA

This article explains the HIPAA telephone rules in order to help new students better understand employers’ policies regarding telephone disclosures of PHI to colleagues and patients.

What are the HIPAA Telephone Rules?

This article explains why an employer’s email policy may sometimes appear at odds with the general objective of HIPAA to protect the privacy of individually identifiable health information.

HIPAA Email Rules

If an employer does not prohibit the use of personal mobile devices in the workplace, it is likely they will have a social media policy. This article explains how that policy may be developed.

HIPAA and Social Media Guidelines

HIPAA Violations and Consequences

This article explains the range of penalties that can be applied for HIPAA violations. Penalties are not only financial and – it is important to note – some can impact patient care.

HIPAA Violation Penalties

This article provides examples of unintentional HIPAA violations by members of the workforce and their consequences to remind new students to always comply with their employer’s policies.

Examples of Unintentional HIPAA Violations

Most examples of HIPAA violations by nurses are attributable to a lack of care in the moment – possibly due to the pressure of work at the time. However, some HIPAA violations by nurses are more sinister.

Examples of HIPAA Violations by Nurses

While the following article focuses on workplace gossip, the same rules apply to members of the workforce disclosing PHI to friends and family members outside of the workplace.

Is Workplace Gossip a HIPAA Violation?

This article explains why it is not possible to report HIPAA violations to HHS’ Office for Civil Rights anonymously but suggests other methods to alert authorities to HIPAA violations.

Reporting an Anonymous HIPAA Violation Complaint

This article is similar to the “gossip” article above inasmuch as it explains when telling a story about a patient could be considered a violation of HIPAA. The article advocates not telling stories about patients.

Is Telling a Story about a Patient a HIPAA Violation?

Not all accusations of HIPAA violations are justified. However, whether an accusation is justified or not, this article explains the steps you should take after being accused of a HIPAA violation.

What to do if Accused of a HIPAA Violation

This article explains the circumstances under which an employee can be terminated for violating HIPAA and the other consequences of the event responsible for the termination.

Can Employees Who Violate HIPAA Rules be Terminated?

Some types of HIPAA violations can affect all workforce members, so it is important that whenever possible employees help prevent HIPAA violations. This article explains how.

How Employees Can Help Prevent HIPAA Violations

Malicious and negligent members of the workforce are responsible for more than half of all data breaches notified to HHS’ Office for Civil Rights. This article highlights some of the most common insider threats.

Data Breaches Caused by Insiders and Negligence

The consequences of HIPAA violations rarely involve fines. This article looks at why this is and discusses five real consequences of HIPAA violations and their impact on workforces and patients.

5 Real HIPAA Violation Consequences

The Importance of HIPAA Compliance

The two articles in this section explain the benefits of HIPAA from a covered entity’s perspective and from a patient’s perspective. Both sets of benefits are equally valid and should be remembered throughout HIPAA training.

The Benefits of HIPAA

Four Areas of HIPAA that are Important to Patients

Free HIPAA Training Resources for Covered Entities and Business Associates

Covered entities and business associates are invited to take advantage of the free HIPAA training resources above to support their own training courses. Alternatively, because members of the workforce may start workforce HIPAA training with different levels of knowledge, it can be beneficial to provide each student with access to an off-the-shelf HIPAA training course before they start workforce HIPAA training.

The provision of an off-the-shelf training course has the advantage of ensuring each student starts workforce HIPAA training with a floor of HIPAA knowledge. This will eliminate the need to interrupt policy and procedure training or security awareness training to explain basic terminologies and – due to a lack of interruptions – will help students better absorb the training.

Covered entities and business associates who are interested in providing students with off-the-shelf HIPAA training courses prior to workforce HIPAA training are advised to follow the advice provided above. That is to evaluate off-the-shelf HIPAA training courses by reviewing free HIPAA training modules to assess how the training is delivered and to ensure the content of the course aligns with the content of workforce HIPAA training.

Further Free HIPAA Training Resources

The articles in this section answer the most common HIPAA questions.

Free HIPAA Training Module