HIPAA Employee Training, Certification, and Compliance

If your organization directly or indirectly handles a patient’s Protected Health Information (PHI), you need to train your employees upon hire and annually.

HIPAA employee training and security awareness training logo on a laptop screen

The Health Insurance Portability and Accountability Act requires employees with access to Protected Health Information (PHI) to receive training to ensure that they understand the correct privacy and security practices associated with PHI. This includes staff members of any clinical, housekeeping, dietary, clerical, and contract workers. Anyone who has direct or indirect access to patients’ PHI needs HIPAA employee training and security awareness training. All CFISA e-learning training course are designed to comply with the requirements of the Americans with Disability Act (ADA) Section 508.

CFISA provides high quality training so you don’t pay for additional services you will not use! 

HIPAA Employee Training and Security Awareness Training

CFISA’s HIPAA and Security Awareness Employee Training course combines HIPAA compliance lessons and Security Awareness Training. This powerful training tool not only educates your employees on PHI requirements and stated law, it also expands their knowledge of best practices of how to reduce risk and protect your organization from cyber threats.

Lesson Sample →

$ 15.95 per Person

Volume Pricing

Number of Seats Price per Seat
1-5 $15.95
6-25 $14.95
26-50 $13.95
51-100 $12.95
101-200 $11.95
201-500 $11.50

For enterprise solutions request a quote.

HIPAA Employee Training

8 Lessons Course. Total time: 53:30

With CFISA training you won’t pay for additional services you will not use! 

  • The Health Insurance Portability & Accountability Act (HIPAA)
  • Protected Health Information (PHI)
  • 2009 HITECH Act and 2013 Omnibus Rule
  • HIPAA Privacy Rule including definitions of relevant terms
  • Privacy Rule requirements, covered entities and authorization
  • Use and disclosure of PHI
  • HIPAA Security Rule including important safeguards such as confidentiality, security and integrity
  • Physical and electronic access controls to protect patient health information
  • Cybercrime and top security threats
  • HIPAA security and integrity safeguards
  • Day to day security best practices
  • Breach reporting along with consequences for non-compliance
  • Creating strong passwords to increase security
  • Recognizing social engineering
  • Phishing and email best practices
  • Protecting your personal workspace


  • Easily access compliant reports on employee progress and completion
  • Will be in compliance with HIPAA onboarding or annual employee training requirements
  • Can add additional employees in the future
HIPAA employee training | manager reports
HIPAA employee training | employee features


  • Are required to score 100% on each course lesson’s 4 quiz questions
  • Receive a HIPAA Security Awareness certificate upon course completion
  • Will be in compliance with HIPAA onboarding or annual Security Awareness training requirements upon completing CFISA’s HIPAA course

HIPAA Employee Training Certification

During a compliance audit CFISA certificates allow companies to provide dated evidence that their employees have successfully completed the HIPAA Employee Training course. Every certificate contains a unique ID and is date stamped when assigned to an individual user upon course completion.

The certificate provides employees with acknowledgement of their achievement of successfully passing the HIPAA Employee Training Course.

HIPAA employee training | Certification

Delivery Options

Click and Train

Delivery Options | Click and Train
Buy the Course

“Buy the Course” now and participants can simply login and take the course. Manages have access to employee progress and completion reports.

SCORM file

Delivery Options | SCORM File
Request a Quote

You host our training. We provide you with the industry standard SCORM file that you import into your Learning Management System (LMS).

Branded LMS

Delivery Options | Branded LMS
Request a Quote

Hosted Customer Branded Enterprise Learning Management System (LMS). We host a LMS just for you. You can also run other vendor’s SCORM training courses.

Health Insurance Portability Accountability Act (HIPAA)

HIPAA, the Health Insurance Portability and Accountability Act is a federal law, enacted in 1996. This act was an attempt at healthcare reform.

The original act – was replaced in 2009 and 2013 with the AARA/HITECH Act, then with the Omnibus Rule – was intended to do a number of things, including reducing costs, and simplifying administrative processes, as well as improving the privacy and security of patients’ health records. Today, its main focus is with the security of individual Protected Health Information (PHI).

The law states that any company or individuals handling PHI must ensure that all required physical, network, and process security measures are put into place and followed by HIPPA-trained employees.

Background of HIPAA

HIPAA law, as it now stands, requires employees with access to Protected Health Information (PHI) to receive training to ensure that they understand the correct privacy and security practices as they relate to PHI. This includes members of any clinical staff, housekeeping staff, dietary workers, clerical staff, and contract workers. In short, it concerns anyone who has direct or indirect access to patient’s protected health information.

Why HIPAA Training for Employees is Important

A patient’s PHI is handled time and again during a typical shift. Employees need to understand what compliance with the HIPAA law requires.

Staff training is not an option. It is required by the law. And it is an important tool for ensuring the correct handling of PHI.

HIPAA compliance training helps to ensure that your staff understands the risks involved with careless handling of PHI. Our HIPAA training provides specific instructions about how to keep patient records safe, thereby protecting the privacy and security of individual patient information.

HIPAA training for employees also minimizes the liability an organization can face should a breach occur. This training fosters an environment in which everyone has a common understanding of the correct way to handle patient information. This helps to identify errors or misconduct before any patient records are compromised.

In addition, HIPAA training minimizes security breaches and patient complaints. This is important as complaints often trigger an audit by the U.S Department of Health & Human Services (HHS) Office for Civil Rights (OCR).

Headlines of security breaches have informed the public of what happens when their patient records are not properly handled. With HIPAA training for employees, trained staff members are more likely to notice and fix problems when they see things are not being done correctly. HIPAA regulations now include specific rules governing the use and dissemination of PHI and electronic protected health information (ePHI).

What is HIPAA Compliance Training & Who Needs to Comply?

Organizations and people who have access to PHI must comply with HIPAA requirements and be certified. This includes:

  • Healthcare Providers
  • Employer Group Health Plans
  • Health Insurance Companies
  • Healthcare Clearing Houses
  • Business Associates of any of the above
  • Anyone else working in or with the healthcare industry.

Setting up an effective HIPAA compliance program consists of eight basic categories. Each category of HIPAA regulation requires specific understanding. Basic steps include learning to:

  • Implement written policies procedures, and standards of conduct.
  • Designate a compliance officer and compliance committee.
  • Conduct effective training and education.
  • Develop effective lines of communication.
  • Conduct internal monitoring and auditing.
  • Publish disciplinary guidelines for enforcing standards.
  • Detect offenses and take corrective action.
  • Protect dissemination of PHI and electronic PHI.

Organizational Compliance

HIPAA compliance training is required if the organization is privy to any information connected to an individual’s health condition. There are two regulations under the HIPAA law:

  1. HIPAA Privacy requires safeguards for keeping PHI safe from the person, administrative and contractual perspective.
  2. HIPAA Security requires safeguards for keeping electronic PHI safe from disasters, hackers, and electronic theft. Anything in electronic form.

Most organizations have both HIPAA Privacy and Security requirements. However, if your organization does not store or transmit PHI, then compliance with HIPAA Privacy is sufficient.

According to HHS, “HIPAA rules apply to covered entities and business associates.”

HIPAA Compliance Training Requirements

HIPAA training for implementation of the Privacy Rule states that it must be: “as necessary and appropriate for the members of the workforce to carry out their functions.” Employees have different levels of involvement with patients PHI, but training should cover the handling of patient PHI in a manner that allows everyone to understand their responsibilities across the board with respect to patient data.

Important HIPAA privacy topics include:

  • Identifying PHI
  • Learning the rules about when and how PHI may be disclosed
  • Understanding the importance of confidentiality
  • Accounting for all disclosures

CFISA’s employee training also focuses on the many consequences of failing to follow the HIPAA Privacy Rule. Employees learn how people can be victimized by medical identity theft and how organizations they work for can be penalized by HHS for violations.

It is important for organizations to take the HIPAA laws seriously. They need to implement effective HIPAA compliance training programs and invest in employee training to safeguard patient’s records and avoid non-compliance and its consequences.

An effective HIPAA compliance training includes three parts:

  1. Training all employees with access to PHI. Which is defined as demographic information, medical history, test and laboratory results, insurance information, etc.
  2. Implementing PHI safeguards with formal documentation and controls.
  3. Identifying and training a compliance officer to take responsibility for HIPAA within your organization.

The numerous rules and regulations must be understood and integrated into employee HIPAA training to make sure that they can effectively comply with HIPAA rules and still perform their jobs.

CFISA’s HIPAA compliance training programs will help your organization address the challenges of securing Protected Health Information.