Accredited Certificate Course With 5.0 CEUs
HIPAA Training for Small Medical Practice Employees
HIPAA Training for Small Medical Practice Employees goes beyond basic rule coverage by providing practical lessons with real-world, relatable examples. It includes lessons specifically designed for the unique compliance challenges that can arise in small medical practices.
HIPAA Training for Small Medical Practice Employees satisfies HIPAA training requirements regarding HIPAA rules and regulations and is suitable for HIPAA-mandated new hire onboarding and annual HIPAA refresher training for all employees.
Why This Course is Unique
- Built on 10+ years of The HIPAA Journal breach analysis, this course focuses on the root cause decision points that create HIPAA violations, using real-world, relatable examples your staff will understand.
The course curriculum is structured into two sections:
- Section One are the mandatory modules that ensure every learner understands the fundamentals of HIPAA rules and regulations. Learners receive a HIPAA certificate after completing this section of the course.
- Section Two has additional modules that deepen HIPAA knowledge with timely topics, including generative AI and social media. These more advanced lessons are available to learners after they have completed the mandatory learning. Managers can decide which of these extra modules are appropriate for their staff and when they require them to be taken.
- Free, optional modules on state medical privacy and security regulations are also included with your course purchase, including coverage of Texas and California requirements, for organizations that need employees to understand how state laws affect HIPAA.
Learning Outcomes
- Self-paced learning with pause-and-resume lessons so staff can easily train around shifts and patient loads.
- Short, lesson-by-lesson, randomized tests confirm and reinforce learner understanding. No passing by guesswork.
- Learners can review and retake tests until they master the content.
- This HIPAA Training builds a culture of compliance by giving employees clear, practical guidance on what to do and why in real world HIPAA scenarios.
Reduce Online Risk With Cybersecurity Training
Most HIPAA breaches stem from online security incidents caused by human error. Our Cybersecurity Training teaches real-world cyber attacker tactics, practical cyber risk-reducing behaviors (passwords, messaging, social engineering), USB use, and early attack incident recognition. Receive an additional 25% discount on Cybersecurity Training when purchased together with HIPAA Training.
Admin & Reporting
- Certificates are automatically issued to learners on successful completion of the training.
- Real-time Admin dashboards keep you audit ready by showing learner progress and identifying when staff members have completed their assigned training modules. (Only applies for 5+ training seats)
- To see the full functionality and ease of use of our admin dashboard please see our Training Manager User Guide
Launch Offer | 25% Discount (Ends May 8th, 2026)
HIPAA Training
for Small Medical Practice Employees
- Accredited certificate course to satisfy HIPAA training obligations for Covered Entities.
- Includes specific lessons for employees at small medical practices covering the unique HIPAA challenges faced by their staff.
- Suitable for HIPAA-mandated new hire onboarding and annual HIPAA refresher training.
- Addresses the root causes of HIPAA violations.
- Includes real-world, relatable examples.
- Includes generative AI and social media modules.
- Self-paced learning with estimated completion time 126 minutes.
- User-friendly learning management system accessible on any Web device.
Accredited Certificate Course With 5.0 CEUs
Purchase Your Training Now or Get a Custom Quote
Use our pricing tool below to complete a purchase now, or get a custom quote. (view pricing table)
Add Cybersecurity Training to your HIPAA training for fuller protection and save an additional 25% on the Cybersecurity training.
How Many People Require Training?
Enter the number of training seats you require.
The quotation tool automatically includes all available discounts. Quotations are valid for 7 days. | Our payment provider Stripe uses industry-leading encryption and fraud prevention tools.
Why Your HIPAA Training Choice Matters
Watching HIPAA violations and breaches climb year after year, and seeing far too many incidents arising from basic, avoidable staff mistakes, raises an obvious question: how good is the HIPAA training people are actually receiving?
When our experts at The HIPAA Journal audited several of the most widely available online HIPAA courses, we found the same serious issues in all of them: inaccurate content, outdated regulatory advice and incomplete coverage of HIPAA rules.*
In response, and drawing on more than ten years of detailed reporting on HIPAA violations and breaches, we used that insight to design a HIPAA Training course that is accurate, comprehensive, and focused on reducing breach risk through practical real-world examples that reflect the situations your employees face.
Protecting Your Organization
Every incident we report represents real people whose privacy was exposed and an organization facing investigation and reputational harm. Our training targets the staff mistakes that drive most incidents, lowering your organization's risk of breaches, investigations, and fines.
Training for the Real World
This is not a HIPAA check-the-box course that employees click through and forget. Each lesson uses realistic examples your staff will recognize, with clear choices and consequences, so your staff change what they actually do in their day-to-day work.
Accuracy Guaranteed
Our editorial team monitors HIPAA rules, enforcement trends, and HHS guidance, updating our HIPAA training whenever something meaningful changes. You can therefore be fully confident that staff are trained on accurate information.
From Newsroom to Classroom
After a decade of reporting on HIPAA investigations, settlements, and corrective action plans, we know which violations appear again and again. We turn thousands of incidents analyzed over that time into practical training. Our course is not textbook theory, so your employees learn what to do when the rules meet reality.
Beyond the Rulebook
HIPAA rules do not spell out every risk your workforce faces, especially with new technology. Our lessons cover emerging issues such as generative AI tools, messaging platforms, and social media, and turn those gray areas into clear and practical guidance so staff know what is acceptable and what is not before they act.
* Findings reflect our most recent professional review of four widely used programs as of November 2025. Review criteria are available on request.
Course Curriculum
The course has two sections:
- Section One includes the required modules that cover the core HIPAA rules and regulations. Learners earn their accredited HIPAA certificate after successfully completing Section One. If you choose to add any optional modules at purchase, such as for the Texas or California state medical privacy regulations, those modules are added into Section One and become required for all learners.
- Section Two includes additional modules that build on the fundamentals with timely, advanced topics such as generative AI and social media. Training managers can decide which of these extra modules are appropriate for their staff and when they require them to be taken.
Need to Know More?
Experience the full curriculum with a pre-purchase trial.
Contact Us before you commit.
Section One: HIPAA Training Modules with HIPAA Certification
These modules are mandatory and include a multiple-choice test after each module. Learners receive a HIPAA certificate after completing all of the modules and passing all of the tests.
This version of the course is for Small Medical Practices and has three additional modules that add 20 minutes to the length of the training
Introduction to HIPAA Training
Introduces HIPAA, explains why HIPAA training is being provided, and highlights the importance of asking questions. Includes practical advice on why understanding, absorbing, and applying HIPAA training is important.
The Main HIPAA Regulatory Rules
Covers the HIPAA Privacy, HIPAA Security, and HIPAA Breach Notification Rules and an overview of how they apply to employees. Includes practical advice on the purpose of each rule and complying with workplace policies.
HIPAA Compliance for Staff
Explains the core compliance requirements of the HIPAA Privacy, HIPAA Security, and HIPAA Breach Notification Rules from employee’s perspective. Includes practical advice on reporting HIPAA incidents.
HIPAA Rights for Patients
Explains the rights the HIPAA Privacy Rule gives patients over their medical records. Includes practical advice on HIPAA authorization.
HIPAA Security Rile: Protecting PHI
Explains why workforce members share the responsibility for protecting ePHI and provides tips for device, credential, and email security. Includes practical advice for alerting HIPAA Security Officers.
Recent HIPAA Updates
Summarizes recent regulatory changes, proposed updates to HIPAA, and their effects on employee compliance.
PHI Disclosure Guidelines
Covers required and permitted disclosures of PHI, and when exceptions, the context, and professional discretion may also be factors. Includes practical advice on situation specific disclosures of PHI.
HIPAA Security Rule: Threats To Patient Data
Discusses threats to patient data and how employees can help mitigate the threats. Includes practical advice on the benefits of owning up to an error.
HIPAA Compliance for Small Medical Practices
Discusses the compliance challenges of working in a small medical practice and unique situations employees may encounter. Includes practical advice to increase employee awareness of the challenges.
The Consequences of HIPAA Violations for Employees
Explains the consequences of HIPAA violations by employees in small medical practices, including potential disciplinary action, civil and criminal penalties, and the operational, financial, and reputational impacts on the practice.
Best Practices for HIPAA Compliance in Small Medical Practices
Provides tips for improving HIPAA compliance and best practices for overcoming compliance challenges. Includes practical advice for resisting community pressure to disclose Protected Health Information.
Free Option: Mandatory State Medical Privacy Regulations
Texas and California have additional state medical privacy regulations that overlay HIPAA and that staff are required to comply with. If applicable to your organization, please select these at purchase to be included with your HIPAA training. These optional modules are free of charge.
Texas State Medical Privacy & Security Regulations
This module provides an overview of laws that have an impact on HIPAA compliance for healthcare workforces in Texas. Laws covered in this module include the Texas Medical Records Privacy Act as amended by HB300, the Texas Identity Theft Enforcement and Protection Act, the Texas Data Privacy and Security Act, the Texas Responsible AI Governance Act, SB1188 - Regulating AI and Electronic Health Records, and Texas Medical Practice Act.
California State Medical Privacy & Security Regulations
This module provides an overview of laws that have an impact on HIPAA compliance for healthcare workforces in California. Laws covered in this module include the Confidentiality of Medical Information Act, the Patient Access to Health Records Act, Medi-Cal Regulations, California’s Consumer Privacy and Privacy Rights Acts, the ADMT amendment to the California Consumer Protection Act, and the new section of the Health and Safety Code added by SB81 in 2025 (Patient Access and Protection).
Section Two: Additional Reference & Advanced Modules
As part of your purchase of HIPAA Training these modules are available to all learners after they have completed the mandatory learning and received their HIPAA certificate. Managers can decide which of these extra modules are appropriate for their staff and monitor their completion. Please note there is no additonal charge for these modules.
What is a HIPAA Compliance Officer
Explains the roles and responsibilities of HIPAA Compliance, Privacy, and Security Officers and how they support HIPAA compliance. Includes practical advice on the benefits of knowing, and communicating with, these officers.
Why HIPAA Compliance is Important
Discusses the benefits of HIPAA compliance for employees, for the organization they work for, and for patients. Includes practical advice about why it is important healthcare information remains confidential.
Preventing HIPAA Violations
Focuses on everyday actions and habits that can result in unintentional HIPAA violations and discusses how these violations can be prevented. Includes practical advice on being more mindful of permitted disclosures of PHI.
Definitions & Lexicons
Provides a reference for learners of the key terms and abbreviations used for HIPAA compliance. This module can be accessed at any time learners require clarification on HIPAA terminology
HIPAA AI Training for Healthcare Staff
Explains the different types of AI in healthcare and the ways in which they are used. Also discusses the risks to HIPAA compliance when inputting any health data into an AI platform.
AI Best Practices for HIPAA Compliance
Provides best practices for using AI platforms in compliance with HIPAA and provides case studies to justify why these best practices exist.
HIPAA and Social Media
Explains the risks of a HIPAA violation - and the potential personal consequences when posting PHI on social media. Includes practical advice about when social media can be used in healthcare.
The Consequences of HIPAA Violations & Breaches
Encourages mindfulness when interacting with PHI by discussing the consequences of HIPAA violations for employees, affected individuals, and healthcare organizations.
HIPAA & Emergency Situations
Explains how HIPAA applies during emergencies and outlines what information can be shared, with whom, and under what circumstances.
Certificate Of Completion
Learners receive a HIPAA certificate after successful completion of all of the mandatory modules and quizzes in Section one of the HIPAA Training course.
Need to Know More?
Experience the full curriculum with a pre-purchase trial. Contact Us to before you commit.
Small Medical Practice Pricing
- Launch Pricing 25% Discount (Offer Ends May 8th, 2026)
- Additional 25% Discount on Cybersecurity Training when purchased together with HIPAA Training
What Experts Are Saying
The HIPAA Training course is excellent. I really enjoyed listening through the modules. It was easy to follow and understand. You really touched on all the topics that are important for someone starting out on their HIPAA journey and then some. I have no critiques, just applause.
Amy Schultz
Privacy Manager, Concentra
The best HIPAA training I’ve seen. Clear, complete, and the practical examples were clearly up to date. It covers what frontline staff actually need. Finally, a course that doesn’t confuse employee roles with the responsibilities of the Covered Entity. I went in skeptical and came out impressed.
Brian Lavery
Healthcare Industry Consultant, Legal & Compliance
This training provides a strong foundational understanding of the HIPAA Privacy and Security Rule requirements. Perfect for HIPAA compliance officers and healthcare staff alike.
William Spettman
President & Compliance Specialist, SecurityInsecurity
The HIPAA Journal is the trusted go-to resource for HIPAA information and is recognized and referenced by leading organizations such as:
The HIPAA Journal is the trusted go-to resource for HIPAA information and is recognized and referenced by leading organizations such as:
Frequently Asked Questions
Compliance & Regulatory
Is HIPAA training mandatory?
Yes. HIPAA training is mandatory for all members of a healthcare organization’s workforce who handle protected health information. The HIPAA Privacy Rule and the HIPAA Security Rule require HIPAA Covered Entities and their Business Associates to ensure employees are trained on HIPAA. HIPAA training must be provided to new staff as part of onboarding because this is mandated by law. The best practice recommendation for refresher training is to provide it annually.
Does the HIPAA Training from The HIPAA Journal satisfy the regulatory requirements for training?
Yes. The HIPAA Training provided by The HIPAA Journal has been designed to satisfy your mandatory HIPAA training requirements regarding HIPAA rules and regulations. The course does not cover any additional internal policies and procedures, which are different in each HIPAA-Covered Entity and “depend on the size and type of activities" (HIPAA Privacy Rule) and the results of a HIPAA Risk Assessment (HIPAA Security Rule).
The HIPAA Journal Training
What is different about the training provided by The HIPAA Journal?
The training has been developed by HIPAA experts at The HIPAA Journal to provide employees with everything they need to know about HIPAA. Lessons address root causes not just rules, using real-world, relatable examples with regular content updates by our subject matter experts. It includes practical advice about how to comply with the HIPAA regulations in their day-to-day work, and detailed examples of what happens when employees do not follow the HIPAA regulations and commit HIPAA violations.
What training does The HIPAA Journal provide?
The HIPAA Journal has developed the following employee training courses:
- HIPAA Training for Employees
- HIPAA Training for Business Associate Employees
- HIPAA Training for Small Medical Practice Employees
- HIPAA Training for Students
- Cybersecurity Training for Healthcare Employees
Assessment & Certification
How are learners assessed, and can they retake assessments?
Learners are tested after each module. For the core HIPAA modules, there are over 600 potential questions randomly selected for each learner's assessement. Learners can retake assessments as many times as needed until a passing score is achieved. There are flexible configuration settings and organizations can decide their own preferred options.
Are learners awarded a certificate?
A certificate of completion is issued to learners once all modules and assessments are finished successfully with the target pass rate. Organizations may require this as proof of compliance, and a copy can be stored in the personnel record.
Curriculum
Who should take this training?
The training is intended for all employees working in or with a healthcare organization and all HIPAA Covered Entities, including clinicians, nurses, administrative staff, billing teams, IT and security personnel, volunteers, students, temporary staff, and employees of vendors that meet the definition of a HIPAA Business Associate and access patient data. The goal is consistent execution of privacy and security obligations across every role that interacts with protected health information.
How often should employees complete the training?
New employees must receive training within 3 months. Annual completion is considered best practice, with additional refreshers when policies or regulations change, or after a cybersecurity event. Scheduling can be aligned with risk assessments and policy updates so that content remains current.
Delivery & Access
How is the training delivered?
The training is delivered online via a user-friendly Web-based learning management system. Modules are accessible on-demand via desktop or mobile devices and can be assigned by role, location, or project.
Are accessibility features available?
Closed captions and playback speed options are available to support learning needs.
Admin & Completion Tracking
Can managers track staff completion?
Yes. Dashboards and reports provide supervisors with real-time tracking of progress, completion rates, and quiz results. Filters allow views by site, job role, or timeframe to support targeted follow-up.
Do managers receive progress reports?
Yes. Supervisors and compliance officers can view detailed reports on participation and completion. Reports can be exported to support audits and internal compliance reviews.
LMS Setup & Administration
The Training Manager admin dashboard is only for 5+ training seats. To see the full functionality and ease of use of our admin dashboard please see our Training Manager User Guide
Initial Set-up
- After your purchase is complete, we’ll email your organization’s dedicated login URL and the administrator credentials for your training portal.
- Share the login URL with your learners. Each participant self-registers using their own email address and creates a password.
Admin Controls
- Your admin dashboard shows learner progress and identifies when staff members have completed their assigned training modules.
- You can create your own custom reports including location-based views.
- You can schedule reports that will be automatically emailed to you.
- This real-time reporting means you are audit-ready at all times and can demonstrate your organization's compliance with HIPAA training regulations.
Learner Screens
- The training is delivered through a user-friendly learning management system and is accessible on-demand from any online device including desktop computers, mobile phones, or tablets.
- Closed captions and playback speed options are available to support specific learning needs.
Learner Screens
- The training is delivered through a user-friendly learning management system and is accessible on-demand from any online device including desktop computers, mobile phones, or tablets.
- Closed captions and playback speed options are available to support specific learning needs.