HIPAA Refresher for Medical Office Staff



Toll Free
9AM - 5PM CST (M-F)

Faculty: Becca Kalivas, RN, MS


Successful Completion: Complete entire module, complete the exam with a passing score of 80% or better, and complete the evaluation form.


Estimated Time to Complete Activity: 60 minutes.


CEUs: HIPAA Exams is authorized by IACET to offer 0.1 CEUs for this program.  CEU Information


Free Certification of Completion available instantly for download or printing upon successful completion.


This refresher course is specific for Medical Office Staff personal who do not directly provide medical treatment to patients. This course covers the fundamentals of the HIPAA Privacy Rule, the HIPAA Security Rule, and the Enforcement Rule in case of HIPAA violations. This course should only be completed if you've completed our HIPAA for Medical Office Staff course previosuly. HIPAA training is required yearly to meet HIPAA compliance.

Includes 2021/2022 Updates - ONC 21st Cures Act Final Rule and the CMS Final Rule

Course includes a video and audio component with stand-alone exam

Receive HIPAA Certification "Certificate of Completion" with successful completion


Why is HIPAA Important in a Medical Office?

HIPAA protects patient privacy by requiring all healthcare organizations that electronically communicate sensitive health data to enforce strict technical, administrative, and physical security protections. It gives patients the ability to select who has access to their data and how much access they have to it.

HIPAA assists healthcare providers by standardizing the usage and administration of electronic health data in order to improve operational efficiency, avoid legal penalties, and reduce security risks.

How to Post a HIPAA Notice in a Medical Office?

A HIPAA notice should summarize the Privacy Rule, stating how providers can use and disclose protected health information, the need for authorization prior to sharing, the medical office's duties to protect health information privacy, and the individual's rights. It should also include directions on how to contact the organization for additional information or to file a complaint.

The notice must be posted in a visible and easy-to-find location where patients can see it, and a copy must be given to anyone who requests one. If your medical office has a website, the notice must be posted there. A health plan must notify you when you enroll.

What Information is Needed in a Medical Office Regarding HIPAA?

To prevent unauthorized access, medical facilities must guarantee that records including personal identifiers such as name, address, date of birth, and Social Security number are adequately safeguarded. Electronically stored data must be password protected, and printed records must be kept in closed and locked filing cabinets or rooms.

What are the HIPAA Technical Security Protocols Used for a Medical Office?

The Security Rule defines technical safeguards in HIPPA’s standards section 164.304 as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.”

The Security Rule is all about flexibility, and technological neutrality, allowing covered entities and medical offices to use security measures that allow them to implement standards and specifications in a reasonable manner. However, covered entities must assess the reasonableness and appropriateness of these methods and technologies for their organization.

The Security Rule allows covered entities to select from various technical security technologies, products, and solutions. The decision to implement a security measure is based on the organization's unique needs, as outlined in Security Standards: General Rules, Flexibility of Approach, section 164.306(b).

How to Make a Medical Office HIPAA Compliant?

The principle of safeguarding and respecting the patient's privacy and dignity is important to HIPAA compliance. It's not as simple as it seems, and medical offices and personnel must remain vigilant at all times. One of the most effective ways to become HIPAA compliant is through completing a training course.

We provide an online HIPAA Medical Office Staff training course that will guarantee you and your staff's understanding of key HIPAA rules, standards, and regulations. The course will cover the fundamentals of the HIPAA Privacy Rule, the HIPAA Security Rule, and the Enforcement Rule in case of HIPAA violations.

How to Write a HIPAA Policy for a Medical Office?

Your HIPAA compliance program should always be supported by the proper policies and procedures. They instruct your entire staff on how to follow the HIPAA privacy, security, and breach reporting laws.

The process of developing, disseminating, and modifying policies and procedures within an organization is known as policy management. A policy management process is required regardless of whether your policies and procedures are kept on paper or electronically.

To get you started, here are six steps:

  1. Create HIPAA policies and procedures
  2. Make policies and procedures available to employees
  3. Educate employees on policies and procedures
  4. Create a review and approval procedure
  5. Maintain version control
  6. Streamline policy administration by using tools and templates

A policy is only as strong as its implementation. Medical offices should clearly communicate and post their HIPAA policy throughout the organization to prevent any misunderstandings or miscommunications. If policy and procedures are unclear, those who rely on your office are seriously at risk.

How Often is HIPAA Training Certification Renewed?

HIPAA training certification should be refreshed at least once a year to guarantee that medical practitioners remain current on the laws, policies, and industry standards pertaining to the security of patient health information.

Does HIPAA Need to Be Updated Yearly?

HIPAA does not have a specific timeline for updating policies and procedures. However, we recommend all covered entities and business associates stay up to date on the required policies and procedures to guarantee compliance with HIPAA rules by retaking HIPAA training annually.

How Often Do Medical Office Employees Need HIPAA Training?

HIPAA certification is valid until it expires or is revoked. HIPAA only mandates retraining of staff members when there is a change in regulations. However, retraining should typically be conducted by employers every year or every two years.

How to Purchase

To enroll in this course, simply add the number of users you need below and ADD TO CART. Follow the steps for CHECKOUT which will include registering your account.


Learning Objectives

  • Describe the purpose of HIPAA legislation
  • Explain the changes implemented by the Omnibus Final Rule
  • Identify the key elements of the Privacy, Security, and Enforcement Rule
  • Explain the process for Breach Notification
  • Illustrate how HIPAA affects his/her role in a Medical Office setting

Target Audience

This refresher course is specific for Medical Office Staff personal who do not directly provide medical treatment to patients, such as front desk, messaging services, billing specialists, janitorial staff, etc. This course should only be completed if you've completed our HIPAA for Medical Office Staff course previosuly.

Table of Contents

HIPAA Refresher for Medical Office Staff

(HIPAA Privacy, Security, and Enforcement Training)

Table of Contents:

  • HIPAA Refresher for Healthcare Workers
  • Legal Notice
  • Objectives
  • HIPAA: Why Do I Need a Refresher?
  • Who Must Abide by HIPAA?
  • HIPAA Privacy Rule
  • "Minimum Necessary" Principal
  • Permitted Use and Disclosure of PHI
  • Incidental Use and Disclosure of PHI
  • Authorized Use and Disclosure of PHI
  • Notice of Privacy Practices
  • Individual Rights Under the Privacy Rule
  • ONC Cures Act Final Rule - 2021/2022 Update
  • CMS Final Rule - 2021/2022 Update
  • Ensuring Privacy Rule Compliance
  • Additional Privacy Rule Considerations
  • HIPAA Privacy Rule Scenarios
  • HIPAA Security Rule
  • Safeguards in Daily Practice
  • HIPAA Security Rule Scenario
  • HIPAA Breach Notification
  • What if a Breach is Discovered?
  • HIPAA Enforcement Rule
  • HIPAA Enforcement Rule Penalties
  • Real Life Examples of HIPAA Breach and Violations
  • Recent Updates to HIPAA
  • HIPAA Compliance Checklist
  • End of Course Exam

Course Content Example 1:

Notice of Privacy Practices

Your office is required to provide a Notice of Privacy Practices. These must:

  • Describe the ways PHI may be used and disclosed
  • State your office's duty to protect privacy
  • Describe individuals' rights, including the right to complain if they believe privacy rights have been violated
  • Provide a point of contact for further information and for making complaints

Since the Final Rule, Notice of Privacy Practices must also include statements:

  • Indicating that individual authorization is required for most users and disclosures of PHI regarding psychotherapy notes, for marketing purposes, and for the sale of PHI
  • Informing that authorization is required for any uses and disclosures of PHI not mentioned in the Notice
  • Indicating the right to opt out of fundraising communications
  • Indicating the right to restrict disclosure of PHI when paying out of pocket
  • Indicating a right to be notified of a breach of their PHI

Course Content Example 2:

Things to Consider within the Medical Office

Make sure your policies and procedures are up-to-date and working effectively

  • Do they account for new technology developments, social media, and email use, ect?
  • Perform a thorough and documented risk analysis to determine if there are ways ePHI could be compromised
  • Find ways to correct any areas of concern
  • Do not share computer passwords to make them too easy
  • Always log off computers when you are done
  • Make sure ePHI is encrypted before sending it electronically
  • Keep a record of all mobile devices, such as laptops, tables and cell phones that contain ePHI. Track when they leave the office


Download Certificate of Completion Immediately

3 Attempts to Pass Your Exam

Instant Access: 100% Online - Access 24/7 from Anywhere

No Recurring Fees

Banner Image

Train Anywhere, Anytime

Courses can be accessed from any internet device at anytime.