Loading...
We deliver mandatory HIPAA Privacy and Security Rule training across your healthcare staff β physicians, nurses, dental, IT, admin, and front desk. Managed rollout, audit-ready evidence accepted by HHS OCR and ISO 27001 reviewers. Live for your team in under a week.
Tell us your team size β receive a tailored proposal within 1 business day.
Trusted by Compliance Teams at Leading Organizations
Staff training is your first line of defence β and the first piece of evidence regulators ask for.
The HIPAA Privacy Rule (45 CFR Β§164.530(b)) requires covered entities to train all members of their workforce on policies and procedures concerning Protected Health Information (PHI), including new hires within a reasonable period and refreshers when material changes occur. The Security Rule (Β§164.308(a)(5)) mandates a security awareness and training program. HHS OCR cites inadequate or missing training as the most frequent finding in HIPAA enforcement actions and breach investigations. Business associates are equally required to train under their BAAs.
Privacy Rule Β§164.530(b) β workforce training is mandatory for all covered entities and business associates
Security Rule Β§164.308(a)(5) β security awareness training (incl. malware, login monitoring, password management) is an addressable implementation specification
Breach Notification Rule β staff must know how to recognise and report breaches under Β§164.404 timelines
OCR audits β every Phase 2 audit and Resolution Agreement cites training as a documented requirement
Curated from our full library and tailored to your role mix (physicians, nurses, dental, IT, admin, front desk, business associates) and your covered-entity classification β you don't pick modules from a menu, we propose the right curriculum.
HIPAA scope: covered entities, business associates, hybrid entities
Protected Health Information (PHI) β what counts, what doesn't
Privacy Rule fundamentals: minimum necessary, uses & disclosures
Patient rights: access, amendment, accounting of disclosures, restrictions
Security Rule administrative, physical, and technical safeguards
Workforce security β access management, termination, supervision
Risk analysis and risk management (Β§164.308(a)(1))
Breach notification β 60-day window, OCR reporting, media notification
Business Associate Agreements (BAAs) and subcontractor flow-down
HITECH and 2024 Privacy Rule updates (reproductive health, substance use)
Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.
Dated certificates per workforce member, exportable completion logs, and role-mapped curriculum records that satisfy HHS OCR Phase 2 audit and Resolution Agreement documentation expectations.
Track completion across departments, locations, and business associates. Export evidence packages for OCR queries, breach investigations, and payer audits.
SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled within the Β§164.530(b)(2)(i)(B) reasonable period. Leavers de-provisioned. Zero admin overhead.
Multi-year licensing rolls workforce members forward each year with content updates as OCR releases guidance and the Privacy Rule evolves (e.g. 2024 reproductive health updates).
Your logo on certificates, co-branded learner emails, and the option to attach your Notice of Privacy Practices, breach response procedure, or sanctions policy to any module.
We don't sell self-checkout seats to healthcare enterprises. We propose a curated curriculum based on your covered-entity classification and your role mix, manage the rollout, and hand you an evidence package OCR will accept on first review.
βWe had 800 workforce members across 12 locations and OCR Phase 2 audit risk. The role-specific rollout meant front-desk staff didn't sit through clinical content and our IT team got the depth they needed. Evidence package passed audit on first review.β
βAfter acquiring three new clinics, we needed HIPAA training across the inherited workforce within 60 days. Live for 400 staff in 5 business days, per-location reporting, branded certificates. Integration milestone closed on schedule.β
Tell us your covered-entity classification (covered entity, business associate, hybrid), your role mix, and your headcount. We'll come back with a curriculum proposal, pricing, and a rollout plan within 1 business day.
Free proposal Β· response within 1 business day