Who needs HIPAA Privacy & Security Training?

HIPAA Privacy training is required for members of the workforce:

  1. In any position that would allow direct or indirect contact with PHI, whether in electronic, paper, or verbal form; or
  2. In any position that includes direct contact, or the possibility of direct contact, with patients/clients.

 HIPAA Privacy training shall be provided as follows:

  1. To each new member of the workforce within 30 days after the Individual joins the workforce;
  2. To each workforce member who transfers from a position within UofL that did not require HIPAA Privacy training to a position within UofL which requires HIPAA Privacy training, to be completed within thirty (30) days of job change; and
  3. To each member of the workforce whose functions are affected by a material change in the policies or procedures required by HIPAA, within 30 days after the material change becomes effective.

 

Training requirements for specific schools/departments/groups are described below:

* Schools of Dentistry, Medicine & Nursing

These schools are included within the health care component of the University of Louisville hybrid covered entity; thus, HIPAA training is required for their faculty, staff, and students whose roles meet the training criteria.

* Department of Athletics

Staff members who process the level-funded insurance plan offered to student athletes are required to complete HIPAA training.

* Department of Audit Services

All individuals in this department are required to complete HIPAA training. 

* Department of Environmental Health & Safety

All individuals in this department are required to complete HIPAA training. 

* Department of Risk Management

All individuals in this department are required to complete HIPAA training. 

* Department of University Advancement/Development

Staff members within the subdivision of this department who perform fundraising activities are required to complete HIPAA training.

* Human Resources

Staff members within the subdivision of this department who process the employee health plan (e.g., Benefits) are required to complete HIPAA training.

* Information Security

All individuals in this department are required to complete HIPAA training. 

* Information Technology

All individuals in this department are required to complete HIPAA training. 

* Office of Communications & Marketing

All individuals in this department are required to complete HIPAA training.

* Office of Finance/Controller

Staff members within the subdivision of the Controller’s Office which process health care related payments are required to complete HIPAA training.

* Researchers

Individuals who conduct human subjects research that requires access to, or collection of, protected health information are required to complete the Human Subjects & Research course.  This applies to all individuals conducting UofL research, regardless of which University of Louisville School or Department holds their job/role assignment.

* School of Public Health and Information Sciences (SPHIS)

SPHIS is not included within the University of Louisville health care component of the hybrid covered entity; therefore, HIPAA Privacy training is not required unless requested by SPHIS administration.  Traditionally, SPHIS has required its students to complete HIPAA training as a part of their placement activities with affiliated organizations.

* Department of University Counsel

All individuals in this department are required to complete HIPAA training. 

* UofL Care Partners

All individuals in this department are required to complete HIPAA training. 

* University Archives & Records

Staff members within the subdivision of this department who handle and/or store protected health information are required to complete HIPAA training.

* University Integrity & Compliance Office

All individuals in this department are required to complete HIPAA training. 

* University Privacy Office

All individuals in this department are required to complete HIPAA training.