Your New Hire Needs HIPAA Compliance Training

HIPAA. It elicits groans across the healthcare industry. But as a healthcare employer, you must stay up to date in your training and compliance efforts. This applies to ALL medical AND dental practices!

All too often, HIPAA (the Health Insurance Portability and Accountability Act) gets treated as just one more thing you have to worry about…and it’s frequently the thing everyone puts off to worry about later. Unfortunately, this can get your practice into a lot of very expensive trouble.

Training all employees to comply with HIPAA is an absolute requirement, yet is commonly overlooked. Training new hires and conducting periodic office-wide retraining is just as important. It’s not only recommended yearly for all employees, it’s also a great idea right now, as’s employee training modules have just been updated in response to a new round of Health and Human Services’ HIPAA audits.

Yearly Training: Employees and Managers

So, what should a practice do? Healthcare providers are required to designate one or more employees responsible for ensuring privacy and security procedures are being followed and for responding to breaches of HIPAA protected information. We tend to refer to this person as your Security and Privacy Officer (SPO). Your SPO is responsible for making sure that every new hire receives HIPAA training as part of their onboarding process.

Note that HIPAA training is required for every new employee – even if they are a temporary employee. The HIPAA laws do not distinguish between types of employees. If they are working in your office with access to your patient information, you have to provide them with HIPAA training. The purpose of the HIPAA laws is to protect patient privacy, so the distinction between a new, temporary, or other type of employee becomes inconsequential. In fact, giving access to highly sensitive patient information to someone who is not of high importance to the practice without giving them proper training could get a healthcare practice into more hot water.

So someone who is working in your office even for a single day is required under the HIPAA laws to receive training on what qualifies as Protected Health Information (PHI) under HIPAA and what your HIPAA privacy and safety protocols are. This applies even to summer interns (and note that there may be pay requirements for interns) and to a job candidate on a working interview (note that there are pay, tax, and other requirements for that, too).

One-and-done training, however, isn’t going to be enough. Re-training is essential to keeping patient information safe. It’s also critical to ensuring your practice is in the best position possible if a breach were to occur. The better trained your team is, and the more emphasis management places on patient privacy, the more likely your team is going to carefully follow protocols, and the better off you will be if there is a beach. Investigations by Health and Human Services (HHS) into any breach incident include the degree to which employees have been trained.

If a HIPAA breach occurs, the amount of reporting you have to do (potentially to patients, HHS, and the media) and the amount of fines you may be required to pay depends on the severity of the breach. One factor that gets considered is to what extent the practice had measures in place to prevent that breach from happening. The more training you provided your team, the better off you’re going to be.

If the practice did not provide frequent training to its employees, there’s a much higher risk of hefty fines and other penalties, since the practice didn’t take basic reasonable measures to ensure the security of patient information.

If You Want a Better HIPAA Training Solution, Try

We hope this information rings warning bells if your practice has ANY currently untrained employees—new hires, temps, or otherwise—or if you haven’t been keeping up with your yearly retraining. It’s important to bring your compliance efforts up to speed now. Health and Human Services has recently started a new round of HIPAA audits, and preventable breaches of PHI happen every day at practices of every size.

And, if you’re not already aware, there is a way to make HIPAA training and retraining convenient, easy, and headache-free. (No more waiting months for a trainer, closing your practice for a whole afternoon, or tuning out during incomprehensible policy lectures.) Our own online HIPAA training and compliance solution,, was created as a better alternative, just for CEDR Members and CEDR Employer Solution Series Members like yourself.

This is a convenient and cost-effective way to train your entire office on HIPAA, and to generate certificates for each employee that help you prove and track that training. Even more importantly, we’ve been monitoring the latest round of HHS audits and their results, and our employee training modules have just been updated to better align with the audit protocol used by HHS. (Stay tuned for an upcoming HIPAA-focused blog where we will delve further into what HHS is looking for and why.)

Basic employee training and retraining is only the beginning. For management and your Safety and Privacy Officer, also includes an advanced training course (with updates based on HHS audit protocol also soon to be released), resources, and a customizable, print-and-use HIPAA Plan Book that will help guide and track your compliance efforts.

We think it’s a great solution, and so do several thousand members so far. So if you have had any complaints with other options, or if you haven’t yet chosen one that works for you, please give a try. Activation is only $299, and the first 60 days are free. After that, maintaining access is only $29.99 per office (up to 50 employees) per month.

(By the way, if you’ve already been thinking about purchasing a CEDR Employee Handbook and becoming a CEDR Member, HIPAA training is an INCLUDED CEDR Member Benefit. So is access to our proprietary time-tracking software, and a score of other employer training resources. It’s by far our most value-added option.)

Questions? Call 866-414-6056, or email And whatever training option you choose, good luck in all your HIPAA compliance efforts!

Aug 7, 2015

Friendly Disclaimer: This information is general in nature and is not intended to provide legal advice or replace individual guidance about a specific issue with an attorney or HR expert. The information on this page is general human resources guidance based on applicable local, state and/or federal U.S. employment law that is believed to be current as of the date of publication. Note that CEDR is not a law firm, and as the law is always changing, you should consult with a qualified attorney or HR expert who is familiar with all of the facts of your situation before making a decision about any human resources or employment law matter.

HR Experts

Get Started with the
Best HR Experts

Enter your email below to join the community of over 20,000 business professionals.

Related Reading

  <<PREVIOUS VIDEO Wondering which type of HRA is right for your business? Both are convenient, tax-free options available to make it easier and more affordable for small-to-mid-sized employers to provide health benefits for their employees. QSEHRAs work...

read more
What Is ICHRA?

  <<PREVIOUS VIDEO               NEXT VIDEO>> ICHRA (pronounced like "ick-rah) stands for Individual Coverage Health Reimbursement Arrangement. Announced in 2019, ICHRA is the newest type of HRA and it allows employers to provide different...

read more

  << PREVIOUS VIDEO               NEXT VIDEO>> QSEHRA (pronounced like "Q-Sarah") stands for Qualified Small Employer Health Reimbursement Arrangement. QSEHRAs allow employers to reimburse their employees for health insurance premiums and medical...

read more
Share This