Training under 45 CFR Part 164 covers the workforce education requirements established by the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule, since all three rules are located within this part of the federal regulations, and The HIPAA Journal’s courses are built to meet each of these requirements. Under 45 CFR §164.530(b)(1), the HIPAA Privacy Rule requires that organizations provide workforce members with training on the policies and procedures relevant to protected health information, calibrated to what each person needs to perform their job. Separately, 45 CFR §164.308(a)(5)(i) under the HIPAA Security Rule requires a security awareness and training program covering every workforce member, including those in management roles. The HIPAA Breach Notification Rule adds a further requirement: workforce members must know how to identify a breach and report it without delay. Although grouped within the same part of the regulation, these three obligations are distinct from one another, and a training program must treat them as separate requirements in order to meet the overall standard.
How The HIPAA Journal’s Courses Address Each Requirement
Courses such as HIPAA Training for Employees, HIPAA Training for Business Associate Employees, and the specialist practice programs each contain required modules that treat the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule as separate subjects rather than folding them into one general summary. Through these modules, staff learn how the HIPAA Minimum Necessary Rule governs the way they access and share information, what safeguards the HIPAA Security Rule expects of them, and how to identify and escalate a potential breach within the timeframe set out under the HIPAA Breach Notification Rule.
To meet the security awareness training obligation found at 45 CFR §164.308(a)(5)(i), The HIPAA Journal provides separate cybersecurity-focused programs, including Cybersecurity Training for Healthcare Employees and Cybersecurity Training for Business Associate Employees. These can be combined with HIPAA Privacy Rule training so that both sets of obligations under 45 CFR Part 164 are managed through one coordinated training program.
Documentation Required Under 45 CFR Part 164
Both 45 CFR §164.530(b)(2)(i) and 45 CFR §164.308(a)(5) require that organizations keep records showing training was completed, along with the relevant completion dates. The HIPAA Journal Training platform produces these records without manual effort, and its administration dashboard shows which staff members finished which modules and on what dates, with export options formatted for use during an Office for Civil Rights audit. Completion of the training results in an accredited certificate, and individuals who need to show evidence of 45 CFR Part 164 training on their own, separate from an employer’s program, can complete the Accredited HIPAA Certification for Individuals for that purpose.