HIPAA for Medical Office Staff Only $14.99
GROUP PRICING Want to Host Our Courses On Your LMS?

Accepted by Reptrax, VendorMate and Symplr (VCS) Credentialing Services
Faculty: Erin Azuse, RN BSN

Successful Completion: Complete entire module, complete the exam with a passing score of 80% or better, and complete the evaluation form
Estimated Time to Complete Activity: 60 minutes
System Requirements
CEUs: HIPAA Exams is authorized by IACET to offer 0.10 CEUs for this program. CEU Information


Fundamentals of HIPAA Privacy and Security Rules for the Medical Office Staff Covers day to day operations of a medical practice.

Course includes a video and audio component with stand-alone exam

learning objectives

  • Describe the purpose of HIPAA legislation
  • Explain the changes implemented by the Omnibus Final Rule
  • Identify the key elements of the Privacy, Security, and Enforcement Rule
  • Explain the process for Breach Notification
  • Illustrate how HIPAA affects his/her role in a Medical Office setting

target audience

target audience

Medical Office Staff



HIPAA for Medical Office Staff
(HIPAA Privacy, Security, and Enforcement Training)
Table of Contents:

  • HIPAA for Medical Office Staff
  • Legal Notice
  • Objectives
  • Purpose of Course
  • Introduction to HIPAA
  • What is Portability?
  • What is Accountability?
  • HITECH and Omnibus Final Rule
  • Who Must Abide by HIPAA Rules?
  • Covered Entities
  • Business Associates
  • Expanded Definition of Business Associate
  • Business Associate Agreement
  • Things to Consider within an Office
  • HIPAA Privacy Rule
  • Permitted Use and Disclosure of PHI
  • Authorized Use and Disclosure of PHI
  • Incidental Use and Disclosure of PHI
  • “Minimum Necessary” Principal
  • Notice of Privacy Practices
  • Individual Access to PHI
  • More Individual Rights Under the Privacy Rule
  • Administrative Requirements for Privacy Rule Compliance
  • State Law and the Privacy Rule
  • Personal Representatives and Minors Under the Privacy Rule
  • Privacy Rule and Decedents
  • Privacy Rule and Student Disclosures
  • Additional Privacy Considerations within the Office
  • HIPAA Security Rule
  • What Security Measures Must be Used?
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Privacy and Security for Mobile Devices
  • Transaction and Code Set Standards
  • Unique Identifiers Rule
  • HIPAA Breach Notification
  • Breach Notification and Risk Assessment
  • Breach Notification Rule – Exceptions
  • Breach Notification Rule and Unsecured PHI
  • Breach Notification Requirements – Media
  • Breach Notification Requirements – Individual
  • Breach Notification Requirements – Secretary
  • Burden of Proof for Breach Notification
  • Real Life HIPAA Violations and Breaches
  • HIPAA Enforcement Rule
  • Enforcement Rule and Civil Money Penalties
  • Defenses and Waivers for CMP
  • Recent Updates to HIPAA – Opioid Crisis
  • Recent Updates to HIPAA – Cloud Computing
  • End of Course Exam

Course Content Example 1:
Notice of Privacy Practices
Your office is required to provide a Notice of Privacy Practices. These must:
  • Describe the ways PHI may be used and disclosed
  • State your office’s duty to protect privacy
  • Describe individuals’ rights, including the right to complain if they believe privacy rights have been violated
  • Provide a point of contact for further information and for making complaints
Since the Final Rule, Notice of Privacy Practices must also include statements:
  • Indicating that individual authorization is required for most users and disclosures of PHI regarding psychotherapy notes, for marketing purposes, and for the sale of PHI
  • Informing that authorization is required for any uses and disclosures of PHI not mentioned in the Notice
  • Indicating the right to opt out of fundraising communications
  • Indicating the right to restrict disclosure of PHI when paying out of pocket
  • Indicating a right to be notified of a breach of their PHI

Course Content Example 2:
Things to Consider within the Medical Office
  • Make sure your policies and procedures are up-to-date and working effectively
  • Do they account for new technology developments, social media, and email use, ect?
  • Perform a thorough and documented risk analysis to determine if there are ways ePHI could be compromised
    • Find ways to correct any areas of concern
  • Do not share computer passwords to make them too easy
  • Always log off computers when you are done
  • Make sure ePHI is encrypted before sending it electronically
  • Keep a record of all mobile devices, such as laptops, tables and cell phones that contain ePHI. Track when they leave the office


  • • Instant Certificate Of Completion Printing Upon Successful Completion Of Online HIPAA for Medical Office Staff Training Course
  • • Free Retakes on Exam Until You Pass
  • • Instant Access: 100% Online - Access 24/7 from Anywhere
  • • No Recurring Fees

Only $14.99


Bundle Price Per Person
1-100 $14.99
101 + Call for $

have questions?

Toll Free: 1.888-362-2288
8 AM - 4 PM MST (M-F)