HIPAA Training FAQs

HIPAA Privacy and Security training are required for members of the covered component of the university:

  1. In any position that would allow direct or indirect contact with personal health or health-related financial information – electronic, paper, verbal, in the lab – for either a clinical or a research purpose, OR
  2. With direct contact with patients

In addition, if an individual will be performing human subjects research that is reviewed by the IRB and that involves access to protected health information, HIPAA Research training is required. This is contained in CITI’s Human Subjects courses and does not need to be taken separately.

The UofL Privacy Office* does not require HIPAA training for shadowing or observation related activities lasting two weeks or less. In such cases the individuals who are shadowing or observing must execute a Confidentiality Agreement. If the activity will occur for more than two weeks, HIPAA training must be completed.

*NOTE: The clinic(s) or facility(-ies) where the observation or shadowing activities occur may require specific training or documentation for HIPAA or other regulatory or accreditation purposes. Please check with the clinic or facility supervisor for additional guidance.

The CITI tool allows you to print your course completions. From your Main Menu, click on “View Previously Completed Coursework.”

No. The Privacy Office does not have administrative rights to update your grades in the iRIS system or in University Reports.

The Research Integrity Program will be automatically notified of your successful completion, and the data will be transferred to the master database for access by the University reporting software. Data updates are loaded each morning. If you need the database updated sooner, please call 502-852-2454.

No, the Privacy Office does not have access to passwords for any University accounts.

Contact the UofL Helpdesk at 502-852-7997 or http://louisville.edu/password for assistance with passwords and log in questions.

Remember: NEVER give your passwords to anyone. No one from the Privacy Office or Information Technology will ever ask for your password.