• Classroom
Course Description

The focus of this 2-days classroom HIPAA training program is to better understand the implications of HIPAA legislation and identify critical compliance requirements for your business/client. Our Training includes changes to the HIPAA regulations due to Health Information Technology for Economic and Clinical Health (HITECH) Act which is part of American Recovery and Reinvestment Act of 2009 (ARRA) and Omnibus rule published in 2013. Our HIPAA Instructors are HIPAA consultants who help organizations meet the HIPAA audit checklist requirements issued by the DHHS. Learn from Instructor what your next steps are to meet these newly issued audit requirements by dept. of Health and Human Services’ (DHHS) Office of e-Health Standards and Services. It helps you better understand HIPAA’s Administrative Simplification Act as well as how to create a framework for initiating and working towards a blueprint for HIPAA Privacy Compliance and understand HIPAA Security rules and regulations. The Course is basically for Healthcare provider & Payer privacy compliance employees, Privacy lawyers involved in health care, Compliance teams for HIPAA Privacy, HR Staff & manager, Privacy Auditors, Privacy Consultants, Clinical physicians and office managers, Head Nurse, Privacy Instructors, etc

Learning Objectives

This HIPAA Privacy Training meets the HIPAA‘s Privacy Rule job-role based training requirement which mandates that every covered entity provides privacy training for all members of its workforce with respect to the policies and procedures on use and disclosure of protected health information (PHI). HIPAA Privacy course will help you to understand the HIPAA law requirement for Privacy rule and guide you on how to make your organization HIPAA compliant.

Our Training includes changes to the HIPAA regulations due to Health Information Technology for Economic and Clinical Health (HITECH) Act which is part of American Recovery and Reinvestment Act of 2009 (ARRA) and Omnibus rule published in 2013.

From this training you will learn the following about HIPAA.

  • Understand what HIPAA means and how HIPAA affects your organization’s policies, procedures and processes regarding patient records
  • Understand the changes to HIPAA rules due to ARRA 2009 HITECH Act and 2013 Omnibus Rule final changes.
  • Identify HIPAA’s functions.
  • Gain an in-depth understanding of HIPAA Security, Privacy and Transaction rules.
  • Examine how implementing HIPAA affects health care entity organizations and their staffing to achieve and monitor compliance with patient privacy/confidentiality needs.
  • Understand the new Enforcement rule.
  • Plan and prepare for HIPAA privacy compliance.
  • Understand who Business Associates are and what they have to do to ensure HITECH HIPAA Compliance.

HIPAA Privacy Training: Target Audience

  • Healthcare provider & payer privacy compliance employees
  • Privacy lawyers involved in health care
  • Compliance teams for HIPAA privacy
  • HR staff & manager
  • Privacy auditors
  • Privacy consultants
  • Clinical physicians and office managers
  • Head nurse
  • Privacy Instructors


 Global delivery of all training courses. Venues change based on demand, customization and entity requirements https://www.training-hipaa.net/hipaa-credentials/certified-hipaa-privacy-expert-chpe/   and https://www.training-hipaa.net/states_main/  for specific locations.


HIPAA Privacy Training – Day 1

HIPAA Fundamentals

  • HIPAA Basics: An overview of the Health Insurance Portability and Accountability Act of 1996 (all provisions)
  • HIPAA’s Administrative Simplification Title: Review of the provisions of the Administrative Simplification Title. This includes transaction and code set standards (administrative transactions), national identifiers, privacy requirements and security requirements.
  • HIPAA Penalties: Review of the HIPAA enforcement rule including informal and formal remedies, requirements of Covered Entities, the role of business Associates as agents and enforcement bodies.
  • HIPAA-Related Organizations: Discussion of entities/organizations specifically designated as standard maintenance organizations and statutorily defined advisory bodies.
  • HIPAA Terminology and Definitions Covered Entity: Review of definitions included in the

    Administrative Simplification Title related rules.
  1. Covered Entity
  2. Health Plan
  • Clearinghouse
  1. Health Care Provider
  2. Business Associates
  3. Trading Partner Agreement
  • Workforce
  • Organized Health Care Arrangement

HIPAA Transactions, Code Sets and Identifiers

  • Transactions
  • Impacted Health Care Transactions
  • Target Entities
  • Scope
  • Penalties
  • ASCA

ANSI ASC X12 Standard

  • Transaction Type 270
  • Transaction Type 271
  • Transaction Type 276
  • Transaction Type 277
  • Transaction Type 278 Request and Response
  • Transaction Type 820
  • Transaction Type 834
  • Transaction Type 835
  • Transaction Type 837 – Professional
  • Transaction Type 837 – Institute
  • Transaction Type 837 – Dental

HIPAA Code Sets

  • ICD-9-CM Volumes 1 and 2
  • CPT-4
  • CDT
  • ICD-9-CM Volume 3
  • NDC
  • HCPC

HIPAA National Health Care Identifiers

  • Provider Identifier
  • Employer Identifier
  • Health Plan Identifier
  • Individual Identifier

HIPAA Privacy Rule Part 1

  • Introduction: Overview of the HIPAA Privacy Rule
  1. Who is Impacted (e.g., definition of Covered Entities, Business Associates)?
  2. Scope (Activities covered by the rule)
  • Exceptions (Specifically included or referenced exceptions that allow use and disclosure of patient/health plan member protected health information (PHI))
  1. Timeline (Effective date of the rule, timelines related to certain requirements identified in the privacy rule such as accounting of disclosures, document retention requirements, etc.)
  • Key Definitions: Review of key definitions associated with the Privacy Rule and how they apply to rule application and compliance.
  1. IIHI
  2. PHI
  • Deidentified Information
  1. Use
  2. Disclosure
  3. Treatment
  • Payment
  • Health Care Operations
  • Notice Requirement: Review of the requirements to draft and make available a notice of privacy practices, the content of such notice, revision requirements and availability requirements.
  1. Core Elements
  2. Changes to a Notice
  • First Interaction
  • Authorization versus Consent Requirement: Review the legal definitions of consent and authorization and what they would be used for. Review of the legal requirements related to obtaining authorization, the form of such authorization and content requirements.
  1. Definition of “consent”
  2. Definition of “authorization”
  3. Legal differences between “consent” and “authorization”
  4. Core Data Elements and Required Statements
  5. Defective Authorizations
  6. Revocations
  • Key Parties Impacted: A discussion of all entities or individuals directly or indirectly impacted by the rule and why.
  • Minimum Necessary: Discussion of the definition of minimum necessary and when it applies to the use and disclosure of PHI (internally and externally)
  • Oral and Other Non-electronic Communications: A discussion of what constitutes PHI pursuant to the rule and the related requirements to protect non-electronic PHI, including oral PHI.
  • Health-Related Communications, Fund Raising and Marketing: Review of the requirements related to the use of PHI for communications other than treatment, payment and health care operations. Also, a review of the strict requirements relating to the use of PHI for marketing and fund raising.
  • Research: A review of the requirements related to the use of PHI for research including what processes must be followed prior to allowing the use of PHI in research without the patient/health plan member’s authorization.

HIPAA Privacy Training – Day 2 Privacy

HIPAA Privacy Rule Part 2

  • Policy & Training Requirements: A review of the implied and explicit requirements to develop, implement and maintain privacy policies and procedures and the requirement to provide initial and on-going staff training.
  • Preemption Requirements: A review of state law preemption. This includes a discussion regarding when state law may preempt the rule without specific authorization from the US Department of Health and Human Services (HHS) and when authorization is required prior to state law preemption of HIPAA.
  • State Privacy Laws: A general review of state privacy laws that preempt HIPAA (categorized as specially protected health information) with specific reference to select California state laws.
  • Federal Privacy Law – 42 CFR Pt. 2: A discussion of the more stringent requirements found in 42 CFR Pt. 2 relating to alcohol and chemical dependency
  • Statutory/Rule Conflict Resolution: Discussion of how to respond when federal and/or state law conflicts.
  • Case Law: A review of general case law that has impacted the application of HIPAA, state privacy laws and impacts legal risks.

HIPAA Security Rule Part 1

  • General:
  • Threats: General review of threats (real and perceived) prompting Congress to include security requirements in the HIPAA Administrative Simplification Title.
  • Definition and Terminology: Review of general definitions of security and specifically how those definitions apply to the rule and what data must be protected by implementation of appropriate security measures.
  1. Security
  2. Security Services
  • Security Mechanism
  • Security Rules: Detailed review of the security rule, components of the security rule and specific requirements (including reference back to security requirements referenced in the HIPAA Privacy Rule).
  1. Categories of Safeguards
  1. Implementation Specifications
  • Approach and Philosophy
  1. Security Principles
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Organizational Requirements
  • Policies and Procedures, and Documentation Standards

Enforcement Rule

  • Overview: An overview of the rule and rule requirements including entities and individuals the rule applies to.
  • Definitions: A review of rule definitions including what represents a violation, compliance, definition of agent, resolution processes and HHS enforcement powers.

American Recovery and Reinvestment Act of 2009 (ARRA), Title XIII – HITECH

A general overview of Title XIII health information technology (HIT) incentives and requirements provisions. This discussion will focus on an overview of the role of privacy and security in HIT investment provisions and standards development.

American Recovery and Reinvestment Act of 2009 (ARRA), Title XIII, Subtitle D – HITECH

  • Privacy Provision Overview: Overview of the privacy provisions included ARRA and the relationship to the HIPAA Administrative Simplification Title provisions.

Omnibus Rule of January 2013

  • Background
  • Breach Notification Rule
  • New Limits on Uses and Disclosures of PHI
  • Business Associates
  • Increased Patient Rights
  • Notice of Privacy Practices
  • Increased Enforcement



Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Incident Response
  • Program/Project Management and Acquisition
  • Risk Management
  • Strategic Planning and Policy
  • Training, Education, and Awareness