What is the HIPAA Privacy Rule Training Requirement?

Modified on Tue, 13 Feb at 6:03 PM

DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.

The HIPAA Privacy Rule contains a training requirement. 


Under this training requirement, a covered entity must train all members of its workforce on the policies and procedures with respect to protected health information (PHI) required by the Privacy Rule and the Breach Notification Rule as necessary and appropriate for workforce members to carry out their functions within the Organization. 

This training must be provided as follows: 

1. To each new member of the workforce within a reasonable period of time after the person joins the workforce.

2. To each member of a covered entity's workforce whose functions are affected by a significant change in the covered entity's privacy policies and procedures, within a reasonable period of time after that change becomes effective.

3. To any member of the workforce whose responsibilities have changed when different policies and procedures apply to their new role.


Covered entities must keep documentation of training. 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article