Individuals who are assigned to a department or unit within a covered component of our hybrid entity and meet any one of the following criteria must complete General HIPAA general awareness training:
- Serves in a position that would allow direct or indirect contact with personal health or health-related financial information – whether in electronic, paper, or verbal (auditory) format, – for clinical (including treatment, payment or healthcare operations) or research purpose, or
- Is expected to have direct contact with patients, or
- Who are required to complete compliance training through the School of Medicine Office of Compliance (Those who do not need compliance training may still need to take HIPAA training.)
All persons meeting these criteria who are active in these roles at UofL as of April 18, 2005, are required to complete the Privacy and Security lessons (and HITECH - if the courses were assigned prior to 9/1/13). New workforce members are required to complete the training within thirty (30) days of their hire date or, if a transfer, their qualifying role assignment. Department heads are responsible for ensuring all applicable faculty and staff have completed the required training.
The general application of the training requirement criteria, from a specific school/department/group perspective, is described as follows:
Schools of Nursing, Dentistry, and Medicine and affiliated Institutes and Centers
All three schools are considered part of the healthcare component of our hybrid entity; thus, HIPAA training (i.e., HIPAA Basic Privacy and HIPAA Security Fundamentals) is required for their faculty, staff and students whose roles meet the training criteria. This designation includes Campus Health Services on Belknap and HSC campuses.
School of Public Health and Information Sciences (SPHIS)
SPHIS is not considered part of the healthcare component of our hybrid entity; thus, HIPAA training is not required unless requested by SPHIS administration. Traditionally, SPHIS has required its students to complete HIPAA training as a part of their placement activities with affiliated organizations.
However, SPHIS Individuals involved in human subjects research are required to take the HIPAA Privacy and Research Fundamentals Training Course, which includes HIPAA Security training.
All individuals in the Information Technology department, regardless of which client partners, schools, or units they serve, are required to complete HIPAA training.
All individuals in Audit Services department are required to complete HIPAA training.
Department of Environmental Health and Safety
Individuals in the department of Environmental Health and Safety who meet the training requirement criteria are required to complete HIPAA training.
Individuals in the department of Human Resources who meet the training criteria described above are required to complete HIPAA training.
University Archives and Records
Individuals in the department of University Archives who meet the training criteria described above are required to complete HIPAA training.
All individuals in University Counsel department are required to complete HIPAA training.
Individuals conducting research requiring access to or collection of protected health information are required to complete the HIPAA Privacy and Research Fundamentals course and the HIPAA Security Fundamentals course. This applies to all individuals conducting UofL research, regardless of which UofL School or Department holds their job/role assignment.