HIPAA Privacy & Security for Covered Entities Course Overview
Most covered entities understand they must protect patient health information, but many don’t realize that HIPAA violations can result from well-intentioned staff who simply don’t understand the complex rules governing use and disclosure of PHI. A single breach can trigger federal investigations, mandatory reporting, and penalties starting at $100 per violation.
The 2024 Final Rule added new protections for reproductive healthcare information, creating additional compliance requirements that many organizations haven’t yet addressed. Without comprehensive training that covers both foundational HIPAA principles and recent regulatory changes, your staff may unknowingly expose your organization to enforcement actions and reputational damage.
This course provides the complete foundation your covered entity needs—from basic privacy principles to advanced security practices, breach notification requirements, and the latest regulatory updates.
HIPAA Privacy & Security for Covered Entities Course Content
Lesson 1: Introduction
Course objectives, HIPAA’s purpose, and why comprehensive privacy and security training matters for covered entities.
Lesson 2: HIPAA Basics
Privacy Rule components, covered entities vs. business associates, protected health information (PHI) definition, minimum necessary standard, and organizational requirements.
Lesson 3: Using and Disclosing PHI
Permitted uses without authorization, required disclosures, optional disclosures, and when authorization is mandatory.
Lesson 4: Individuals’ Rights of Access to PHI
Right to access records, request amendments, receive accounting of disclosures, request restrictions on uses/disclosures, and confidential communications, plus organizational response requirements.
Lesson 5: Securing PHI
Security Rule requirements, administrative safeguards, physical safeguards, technical safeguards.
Lesson 6: Breach Notification Rules
Breach definition, risk assessment factors, notification timelines (individual, media, HHS), documentation requirements, and breach prevention strategies.
Lesson 7: Enforcement
Penalty tiers, enforcement authority, investigation procedures, resolution agreements, and recent enforcement actions.


