Article Updated: July 11, 2026

What Does HIPAA Certification for Emergency Staff Include?

HIPAA certification for emergency staff is earned by completing an accredited course covering the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule alongside a dedicated module on HIPAA in emergency situations, with a certificate of completion issued automatically once all mandatory modules and assessments are passed. The certification structure is built around two sections of content, a required core that produces the certificate and a set of advanced modules available afterward. For organizations operating in emergency medicine, EMS, or disaster response, the value of certification depends on whether the underlying course addresses the disclosure rules and operational realities unique to emergency care, rather than relying solely on general healthcare content.

The Core Curriculum Behind Certification

The HIPAA Journal’s HIPAA Training for Emergency Staff awards an accredited certificate worth 5.0 CEUs after learners complete Section One of the course. Section One includes an introductory module explaining the purpose of HIPAA training, a detailed module covering the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule, and additional modules addressing compliance responsibilities from an employee’s perspective, security practices for protecting electronic Protected Health Information, disclosure guidelines, threats to patient data, recent regulatory updates, and patient rights under HIPAA. Each module concludes with a randomized assessment drawn from a bank of over 600 potential questions, and learners may retake assessments as needed until they achieve a passing score before the certificate is issued.

The Emergency-Specific Module Included in Certification

Certification for emergency staff includes the HIPAA in Emergency Situations module as a required part of Section One, meaning it must be completed for certification in the same way as the core regulatory modules. The module begins with the contingency planning obligations that apply to HIPAA Security Officers, including the requirement to maintain plans for protecting electronic Protected Health Information during manmade or natural emergencies and, where applicable, to align those plans with the Centers for Medicare and Medicaid Services Emergency Preparedness requirements. It then covers the general disclosure rules that apply during emergency operations, including treatment-related sharing between different Covered Entities, minimum necessary disclosures to public health agencies, and disclosures to family members or disaster relief organizations when a patient cannot be present to grant permission. The module also addresses the imminent danger provisions that permit proactive disclosure when a credible threat to health or safety exists, and closes with the rules governing enforcement discretion during widespread declared emergencies, including the requirement that staff never assume relaxed enforcement applies without explicit confirmation from their organization.

Optional State Modules That Become Part of Certification

Texas and California both impose state medical privacy and security regulations that overlay HIPAA, and organizations operating in either state can add a free module covering those requirements at the time of purchase. The Texas module addresses the Texas Medical Records Privacy Act as amended by House Bill 300, the Texas Identity Theft Enforcement and Protection Act, the Texas Data Privacy and Security Act, the Texas Responsible AI Governance Act, Senate Bill 1188 on AI and electronic health records, and the Texas Medical Practice Act. The California module addresses the Confidentiality of Medical Information Act, the Patient Access to Health Records Act, Medi-Cal Regulations, the California Consumer Privacy Act and Privacy Rights Act, the ADMT amendment to the California Consumer Protection Act, and Senate Bill 81. When either module is selected at purchase, it becomes a required part of Section One for every learner, extending certification to cover both federal and state obligations.

What Happens After Certification Is Earned

Once Section One is complete and certification is issued, learners gain access to Section Two, which includes additional modules on generative AI in healthcare, social media risk, the role of HIPAA compliance officers, and the consequences of HIPAA violations. These modules are available at no additional cost and can be assigned by training managers as appropriate. Organizations with five or more training seats also gain access to an administrative dashboard that provides real-time tracking of certification status across the workforce, supporting exportable reporting for audit purposes.

Author: PJ Murray

PJ Murray is the founder and publisher of The HIPAA Journal. He has more than 10 years of experience writing about HIPAA, healthcare compliance, patient privacy, and the protection of medical records. Through The HIPAA Journal, PJ helps healthcare organizations, business associates, and their employees better understand HIPAA regulations, reduce compliance risks, and strengthen the safeguards used to protect patient information.

PJ has a background in software development, holds an engineering degree, and specializes in the cybersecurity aspects of HIPAA compliance, including data security, medical record protection, and workforce training. He has also played a leading role in the development and launch of The HIPAA Journal Training, which provides HIPAA and cybersecurity training for healthcare organizations, business associates, students, and healthcare-related workforces.

PJ's work focuses on making complex regulatory and technical requirements easier for healthcare professionals and organizations to understand and apply in practice.
Connect on LinkedIn.