Who needs HIPAA Privacy & Security Training?

HIPAA training is required for members of the workforce:

  1. In any position that would allow direct or indirect contact with PHI, whether in electronic, paper, or verbal form; or
  2. In any position that includes direct contact, or the possibility of direct contact, with patients/clients.
All faculty, staff, and students who are employed within the UofL HIPAA health care component must complete HIPAA training annually. 

 HIPAA training shall be provided as follows:

  1. To each new member of the workforce within 30 days after the Individual joins the workforce;
  2. To each workforce member who transfers from a position within UofL that did not require HIPAA Privacy training to a position within UofL which requires HIPAA Privacy training, to be completed within thirty (30) days of job change; and
  3. To each member of the workforce whose functions are affected by a material change in the policies or procedures required by HIPAA, within 30 days after the material change becomes effective.

 

Training requirements for specific schools/departments/groups are described below:

* College of Arts & Sciences

The College of Arts & Sciences is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the College's faculty, staff, and students.  

* College of Business

The College of Business is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the College's faculty, staff, and students.  

* College of Education and Human Development

The College of Education and Human Development  is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the College's faculty, staff, and students. 

* Department of Athletics

Staff members who process the level-funded insurance plan offered to student athletes are required to complete HIPAA training.

* Department of Audit Services

All individuals in this department are required to complete HIPAA training. 

* Department of Environmental Health & Safety

All individuals in this department are required to complete HIPAA training. 

* Department of Risk Management

All individuals in this department are required to complete HIPAA training. 

* Department of University Advancement/Development

Staff members within the subdivision of this department who perform fundraising activities are required to complete HIPAA training.

* Department of University Counsel

All individuals in this department are required to complete HIPAA training. 

* Human Resources

Staff members within the subdivision of this department who process the employee health plan (e.g., Benefits) are required to complete HIPAA training.

* Information Security

All individuals in this department are required to complete HIPAA training. 

* Information Technology

All individuals in this department are required to complete HIPAA training. 

* Kent School of Social Work

The Kent School of Social Work is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the School's faculty, staff, and students unless requested by Kent School's administration.

* Office of Communications & Marketing

All individuals in this department are required to complete HIPAA training.

* Office of Finance/Controller

Staff members within the subdivision of the Controller’s Office which process health care related payments are required to complete HIPAA training.

* Researchers

Individuals who conduct human subjects research that requires access to, or collection of, protected health information are required to complete the Human Subjects & Research course.  This applies to all individuals conducting UofL research, regardless of which University of Louisville School or Department holds their job/role assignment.

* School of Dentistry

The School of Dentistry is included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is required for the School's faculty, staff, and students.

* School of Law

The School of Law is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the School's faculty, staff, and students.  

* School of Medicine

The School of Medicine is included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is required for the School's faculty, staff, and students.

* School of Music

The School of Music is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the School's faculty, staff, and students.

* School of Nursing

The School of Nursing is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the School's faculty, staff, and students unless requested by School of Nursing's administration.

* School of Public Health and Information Sciences (SPHIS)

SPHIS is not included within the University of Louisville health care component of the hybrid covered entity; therefore, HIPAA Privacy training is not required unless requested by SPHIS administration.    

* Speed School of Engineering 

The Speed School of Engineering is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the School's faculty, staff, and students.  

* University Archives & Records

Staff members within the subdivision of this department who handle and/or store protected health information are required to complete HIPAA training.

* University Integrity & Compliance Office

All individuals in this department are required to complete HIPAA training. 

* University Privacy Office

All individuals in this department are required to complete HIPAA training.