HIPAA training is required for members of the workforce:
- In any position that would allow direct or indirect contact with PHI, whether in electronic, paper, or verbal form; or
- In any position that includes direct contact, or the possibility of direct contact, with patients/clients.
HIPAA training shall be provided as follows:
- To each new member of the workforce within 30 days after the Individual joins the workforce;
- To each workforce member who transfers from a position within UofL that did not require HIPAA Privacy training to a position within UofL which requires HIPAA Privacy training, to be completed within thirty (30) days of job change; and
- To each member of the workforce whose functions are affected by a material change in the policies or procedures required by HIPAA, within 30 days after the material change becomes effective.
Training requirements for specific schools/departments/groups are described below:
* College of Arts & Sciences
The College of Arts & Sciences is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the College's faculty, staff, and students.
* College of Business
The College of Business is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the College's faculty, staff, and students.
* College of Education and Human Development
The College of Education and Human Development is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the College's faculty, staff, and students.
* Department of Athletics
Staff members who process the level-funded insurance plan offered to student athletes are required to complete HIPAA training.
* Department of Audit Services
All individuals in this department are required to complete HIPAA training.
* Department of Environmental Health & Safety
All individuals in this department are required to complete HIPAA training.
* Department of Risk Management
All individuals in this department are required to complete HIPAA training.
* Department of University Advancement/Development
Staff members within the subdivision of this department who perform fundraising activities are required to complete HIPAA training.
* Department of University Counsel
All individuals in this department are required to complete HIPAA training.
* Human Resources
Staff members within the subdivision of this department who process the employee health plan (e.g., Benefits) are required to complete HIPAA training.
* Information Security
All individuals in this department are required to complete HIPAA training.
* Information Technology
All individuals in this department are required to complete HIPAA training.
* Kent School of Social Work
The Kent School of Social Work is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the School's faculty, staff, and students unless requested by Kent School's administration.
* Office of Communications & Marketing
All individuals in this department are required to complete HIPAA training.
* Office of Finance/Controller
Staff members within the subdivision of the Controller’s Office which process health care related payments are required to complete HIPAA training.
* Researchers
Individuals who conduct human subjects research that requires access to, or collection of, protected health information are required to complete the Human Subjects & Research course. This applies to all individuals conducting UofL research, regardless of which University of Louisville School or Department holds their job/role assignment.
* School of Dentistry
The School of Dentistry is included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is required for the School's faculty, staff, and students.
* School of Law
The School of Law is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the School's faculty, staff, and students.
* School of Medicine
The School of Medicine is included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is required for the School's faculty, staff, and students.
* School of Music
The School of Music is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the School's faculty, staff, and students.
* School of Nursing
The School of Nursing is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the School's faculty, staff, and students unless requested by School of Nursing's administration.
* School of Public Health and Information Sciences (SPHIS)
SPHIS is not included within the University of Louisville health care component of the hybrid covered entity; therefore, HIPAA Privacy training is not required unless requested by SPHIS administration.
* Speed School of Engineering
The Speed School of Engineering is NOT included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is not required for the School's faculty, staff, and students.
* University Archives & Records
Staff members within the subdivision of this department who handle and/or store protected health information are required to complete HIPAA training.
* University Integrity & Compliance Office
All individuals in this department are required to complete HIPAA training.
* University Privacy Office
All individuals in this department are required to complete HIPAA training.