Who needs HIPAA Privacy & Security Training?

The following individuals must complete HIPAA Privacy and Security training: 

  • Individuals assigned to a department or unit within the health care component of the University of Louisville
  • Individuals who serve in a position that allows direct or indirect contact with personal information, protected health information, or health-related financial information for a research purpose
  • Individuals who are expected to have direct contact with patients or patient information.

All persons meeting these criteria who are active in these roles at the University are required to complete the Privacy and Security lessons via CITI or by attending a live training session. New workforce members are required to complete the training within thirty (30) days of their hire date or, if a transfer, their qualifying role assignment. Department heads are responsible for ensuring all applicable faculty and staff have completed the required training.

Training requirements for specific schools/departments/groups are described below:

* Schools of Dentistry, Medicine & Nursing

These schools are included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is required for their faculty, staff, and students whose roles meet the training criteria.

* Department of Athletics

Staff members who process the level-funded insurance plan offered to student athletes are required to complete HIPAA training.

* Department of Audit Services

All individuals in this department are required to complete HIPAA training. 

* Department of Environmental Health & Safety

All individuals in this department are required to complete HIPAA training. 

* Department of Risk Management

All individuals in this department are required to complete HIPAA training. 

* Department of University Advancement/Development

Staff members within the subdivision of this department who perform fundraising activities are required to complete HIPAA training.

* Get Healthy Now Program

All individuals in this department are required to complete HIPAA training. 

* Human Resources

Staff members within the subdivision of this department who process the employee health plan (e.g., Benefits) are required to complete HIPAA training.

* Information Security

All individuals in this department are required to complete HIPAA training. 

* Information Technology

All individuals in this department are required to complete HIPAA training. 

* Office of Communications & Marketing

All individuals in this department are required to complete HIPAA training.

* Office of Finance/Controller

Staff members within the subdivision of the Controller’s Office which process health care related payments are required to complete HIPAA training.

* Researchers

Individuals who conduct human subjects research that requires access to, or collection of, protected health information are required to complete the Human Subjects & Research course.  This applies to all individuals conducting UofL research, regardless of which University of Louisville School or Department holds their job/role assignment.

* School of Public Health and Information Sciences (SPHIS)

SPHIS is not included within the University of Louisville health care component of the hybrid covered entity; therefore, HIPAA Privacy training is not required unless requested by SPHIS administration.  Traditionally, SPHIS has required its students to complete HIPAA training as a part of their placement activities with affiliated organizations.

* Department of University Counsel

All individuals in this department are required to complete HIPAA training. 

* UofL Care Partners

All individuals in this department are required to complete HIPAA training. 

* University Archives & Records

Staff members within the subdivision of this department who handle and/or store protected health information are required to complete HIPAA training.

* University Integrity & Compliance Office

All individuals in this department are required to complete HIPAA training. 

* University Privacy Office

All individuals in this department are required to complete HIPAA training.