Office of Regulatory Affairs & Compliance, Compliance Office 210-567-2014, Compliance Line 1-877-507-7317
 

HIPAA Privacy & Security Training

 

HIPAA regulations require that organizations provide training to all employees on the institutional policies and procedures on the patient privacy and security regulations. All new employees are required to take training within 30 days of effective date of assignment in the Knowledge Center, and once every two years thereafter. Each department is assigned a level of training for their employees. The Office of Regulatory Affairs & Compliance will accept training on the privacy regulations provided by most affiliated organizations. However, the content of the training must be approved by the Office of Regulatory Affairs & Compliance, and a certificate of completion will need to be provided to the Office of Regulatory Affairs & Compliance in order to receive credit.


Online Training

Level 1 online training takes approximately 15 minutes and can be accessed at https://kc.uthscsa.edu.

Level 2 online training consists of three modules, 20 to 25 minutes each, and can be accessed at https://kc.uthscsa.edu.

At the start of the presentation, an employee can choose either the audio version or the closed captioning version. Employees can also switch back and forth between audio and closed captioning during the presentation, if desired. At the end of the presentation, the employee will have the option of printing a certificate of completion for their records. When online training is completed, the name is automatically entered into the Office of Regulatory Affairs & Compliance database, and the Office of Regulatory Affairs & Compliance does not require a copy of the certificate be sent to them.


Training Levels

Based on the level of training assigned to each department and access to protected health information (PHI).

  Level Training Required

Departments whose employees are generally not exposed to protected health information (PHI), or exposure is rare to minimal or incidental. Examples of this level include IMCSS staff, which are not generally exposed to PHI; Accounting, Housekeeping, and Facilities staff who are not ordinarily exposed to PHI.

1

Within 30 days of effective date of assignment in the Knowledge Center, and once every two (2) years thereafter.

This training is offered through the Knowledge Center at: https://kc.uthscsa.edu.

Departments whose functions include patient care, clinical research, or whose employees are involved in setting up systems or high-level processes that involve the use of PHI; such as required in research studies. Requires a higher level of understanding of security, privacy, and confidentiality issues to ensure that objectives of the university are carried out appropriately and consistently. Emphasis on the administrative aspects of the policies and the responsibility to ensure that others comply with policy, taking corrective action when policy is not followed, etc.

2

Within 30 days of effective date of assignment in the Knowledge Center, and once every two (2) years thereafter.

This training is offered through the Knowledge Center at: https://kc.uthscsa.edu.

 
 
 
top of page