HIPAA Privacy and Security Rules for All Healthcare Personnel (Online Course)

(based on 268 customer ratings)

Authors: Debbie Sabatino and Paul Fekete, MD
Reviewers: Maria C. Graña, MT(ASCP)SHCMCQA(ASQ), Leah Coppolino, MPH, MLS(ASCP)

See all available courses »


  • Define HIPAA.
  • Define "covered entities" and "business associates" and list which individuals, groups, or organizations are included in each category.
  • Explain what is meant by protected health information, who is authorized to view this information, and safeguards to prevent unauthorized access.
  • Be able to apply HIPAA privacy and security requirements to your daily clinical responsibilities.

Customer Ratings

(based on 268 customer ratings)

Course Outline

  • HIPAA Privacy Rule
    • Introduction
      • What is HIPAA?
      • What is the HIPAA Privacy Rule?
      • Relevant Components of HIPAA
      • What Information is Protected?
      • The HIPAA Privacy Rule
      • Who Does HIPAA Apply To?
      • Privacy is Your Responsibility.
      • Importance of Privacy - An Example
      • Individual's Rights Under HIPAA
      • Case Study: Accessing PHI: You are answering the office phone today. A person claiming to be a patient, whose voice you do not recognize, calls deman...
      • Which of the following individuals, organizations , or agencies are covered by HIPAA?
    • Requirements and Safeguards
      • Administrative Requirements
      • Safeguards
      • Physical Safeguards
      • Administrative Safeguards
      • Technical Safeguards
      • Fax Machines
      • Case Study: Incidental disclosures and safeguards. As a manager, you guided a group of high school students through your pharmacy department during a...
    • 2013 HIPAA Update Summary
      • Updates from 2013
      • Updates from 2013, continued
    • HIPAA Complaints and Investigation
      • Complaints Regarding HIPAA Non-compliance
      • Investigation
      • HIPAA Enforcement
    • Notification and Authorization Requirements
      • Notification
      • Authorization
      • Limiting Use and Disclosure of PHI
      • Case Study: Authorization You are working in a physician's office as a medical coder. The doctor asks you to give the patient's name and contact info...
      • Case Study: Limiting Use & Disclosure of PHI You are the customer service representative in a dental facility. You get a call from a hygienist at ...
    • Minimum Necessary Use and Disclosure
      • Minimum Necessary Use and Disclosure
      • Case Study: Minimum Necessary Use and Disclosure You are a ward clerk responsible for inserting laboratory reports into patients' medical records (ch...
      • Case Study: Minimum Necessary Use & Disclosure You are a phlebotomist at a specimen collection center. A patient arrives with orders for a blood ...
    • Business Associate Agreement
      • Business Associate Agreement
      • Business Associates And the Privacy Rule
      • Case Study: Business AssociateYour chiropractic office's accreditation agency will be sending inspectors/surveyors to inspect your facility within the...
    • HIPAA Breaches
      • HIPAA Breach Notification Rule
      • HIPAA Breach Notification Rule, continued
    • De-Identified Health Information
      • De-Identified Health Information
  • HIPAA Security Rule
    • Introduction
      • What is the HIPAA Security Rule?
      • What is Electronic PHI (ePHI)?
      • Security Officer
    • Safeguards
      • Safeguards
      • Administrative Safeguards
      • Physical Safeguards: Access Controls
      • Physical Safeguards: Storage and Disposal of Media
      • Case Study: Physical SafeguardsYou are the manager of a neurology clinic. During orientation of a new employee, you instruct him to keep the door lead...
      • Technical Safeguards: System Access Control
      • Technical Safeguards: Passwords
      • Protection Against Viruses and Malicious Software.
      • E-mail Security
      • Case Study: Technical SafeguardsYou are given several sets of logins and passwords to access various information systems. The login is your own first ...
  • Conclusion
      • Follow your own Facilities' Policies and Procedures.
  • References
      • References

Additional Information

Intended Audience: All health care personnel

Level of Instruction: Basic

Author Information: Debbie Sabatino has over 20 years of progressive technical, operational, business development and risk management experience in the health care field. Currently, she is the Senior Manager, Enterprise Risk at McMaster University. Previously, she held the position of Director, Privacy for MDS Laboratory Services, which includes both Canadian and US Operations. As privacy expert for the organization, Ms. Sabatino is responsible for the development, implementation and ongoing success of the Laboratory Services privacy program as well as the company’s global privacy approach. Debbie is a member of the International Association of Privacy Officers (IAPO), and the Conference Board of Canada Chief Privacy Officers Council.
Paul Fekete, MD is Medical Director for MediaLab, Inc. He was formerly Assistant Professor of Pathology at Emory University, and was Director of Laboratories for Gwinnett Health System, near Atlanta. Dr. Fekete has extensive experience teaching, and is the author of numerous journal articles, and several book chapters. He additionally has extensive experience in instructional design.
Reviewer information: Maria C. Graña, MT(ASCP)SHCM is the Hematology Laboratory Manager at Baptist Hospital of Miami, Miami, Florida. She is certified as a Quality Auditor by ASQ.
Leah Coppolino, MPH, MLS(ASCP) is a Program Director for MediaLab, Inc. Previously, Leah was the Director of Education and Outreach as well as the Medical Laboratory Science Program Director at St. Christopher’s Hospital for Children in Philadelphia, Pennsylvania. She holds a Masters in Public Health from Thomas Jefferson University.

keys security access

healthcare employee on phone shutterstock

pharmacist on computer shutterstock

flashdrive shutterstock