HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



Tips to get your team HIPAA-ready

Email This Post Print This Post

Editor’s note: This is the first in a series of tips on training your staff to be HIPAA compliant.

Develop policies that address training requirements. Organizations must develop policies and procedures that address security awareness training as required by the HIPAA Security Rule. In its 2009 audits, CMS recommended covered entities develop and formally document policies for the development, administration, and monitoring of initial and annual refresher training courses. CMS stated that these policies should do the following:

  • Require that all newly hired employees complete initial training prior to having access to ePHI. The requirement should apply to employees and temporary workers, as well as contractors and vendors.
  • Require any individual with access to ePHI to complete refresher training at least annually
  • Require that management review and revise both the initial and refresher training courses at least annually to ensure that the courses are current
  • Incorporate into training potential threats that the organization identifies as new risks through its assessment process

Leave a Reply