HIPAA Privacy & Security Training
HIPAA regulations requires that organizations provide training to all employees on the institutional policies and procedures on the patient privacy and security regulations. All new employees are required to take training within 30 days of employment. Each department is responsible for determining the level of training for their employees. The employee's supervisor or departmental administrator will determine the level of training each employee should complete. (See "Training Levels" below.) The Office of Regulatory Affairs & Compliance will accept training on the privacy regulations provided by most affiliated organizations. However, the content of the training must be approved by the Office of Regulatory Affairs & Compliance, and a certificate of completion will need to be provided to the Office of Regulatory Affairs & Compliance in order to receive credit.
Online Training
Level 1 online training takes approximately 15 minutes and can be accessed at www2.uthscsa.edu/hipaatraining/level1.
Level 2 online training consists of three modules, 15 to 20 minutes each, and can be accessed at www2.uthscsa.edu/hipaatraining/level3.
At the start of the presentation, an employee can choose either the audio version or the text version. Employees can also switch back and forth between audio and text during the presentation, if desired. At the end of the presentation, the employee will have the option of printing a certificate of completion for their records. When online training is completed, the name is automatically entered into the Office of Regulatory Affairs & Compliance database, and the Office of Regulatory Affairs & Compliance does not require a copy of the certificate be sent to them.
Training Levels
Based on access to protected health information (PHI)
| Job Duties | Level | Training required |
|---|---|---|
|
Generally not exposed to protected health information (PHI), or exposure is rare to minimal or incidental. Examples of this level include Computing Resource staff, which are not generally exposed to PHI; Accounting, Housekeeping, and Facilities staff who are not ordinarily exposed to PHI; department secretaries and similar positions that do not ordinarily handle PHI but may occasionally view or use PHI. |
1 |
This training is offered on the web at: www2.uthscsa.edu/hipaatraining/level1. |
|
Job requires supervision of employees, students, residents, and/or non-employees; setting up systems or high-level processes that involve the use of PHI; such as required in research studies. Requires a higher level of understanding of security, privacy, and confidentiality issues to ensure that objectives of the university are carried out appropriately and consistently. Examples of this classification include faculty and supervisors, and designated Computing Resources staff, who are exposed to electronic PHI. | 2 |
Emphasis on the administrative aspects of the policies and the responsibility to ensure that others comply with policy, taking corrective action when policy is not followed, etc. This training is offered on the web at: www2.uthscsa.edu/hipaatraining/level3 |