HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



HIPAA Q&A: Remote HIPAA training

Email This Post Print This Post

Q. Is HIPAA training via WebEx or a similar Internet format adequate for workforce members who work remotely, such as sales and account representatives? What type of documentation is necessary for training completed entirely in this manner? How should we document that a workforce member attended a training session? Is in-person HIPAA training preferable? If so, why?

A. Remote HIPAA training using Internet-based, computer-based, or Internet meeting services (e.g., WebEx or GoToMeeting) is an acceptable form of workforce training. Reasonably ensure that any Internet-based learning tools include an audit log to document the beginning and end of training sessions and whether a workforce member completed the training.

Internet-based meeting services will generally provide a log that documents when a participant logs into and out of the training session. Each can be used to document that the workforce member attended and completed the training.

Requiring workforce members to complete a test related to the material covered during training is advisable. Some online HIPAA training tools include this feature. Develop a test and require completion by participants who undergo training via the Internet to document knowledge retention and attendance.

In-person training works well for centrally located workforce members, but it is not necessarily the preferred form of training. It does offer workforce members an opportunity to interact with the instructor and ask questions pertaining to their job. However, neither the HIPAA privacy nor security rule indicates a preferred training method.

Important considerations include:

  • Did the workforce member attend a training session?
  • Did the workforce member understand the information presented?
  • Does the covered entity or business associate repeat training sessions for all workforce members at least once annually, using the method(s) it deems most effective?

Editor’s note: Chris Apgar, CISSP, answered this question. This is not legal advice. Consult your attorney regarding legal matters.


  1. OSHA 30 says:

    While online learning can be a lifesaver for remote workers, it does have its drawbacks. It’s like online traffic school. It does the job, but it should involve a degree of monitoring. ie. to make sure who is taking the course, that they complete it with a satisfactory knowlege of the material, that they can apply it to their real life work environment.

Leave a Reply