Frequently Asked Questions

Start by adding the courses you need to your cart. Once courses are added, return to the cart and start the checkout process. From there:

To create a group/corporate account, contact our Corporate Sales team to talk about bulk discounts, flexible billing options, and setting up your learning management system (LMS) access.

To create a personal account, simply select the courses you need to get started. You can add more at any time. Once you complete your purchase, you can instantly access your courses. You can use your login information from any location at any time and as many times as needed to complete your training. Simply login, complete the course, and take a test.

Upon completion of the test, you can instantly print your certificate or save it for easy emailing or uploading to a credentialing service.

Our HIPAA courses are designed for different workgroups in the healthcare setting. This allows each learner to get the information required for their position with specific examples for their workgroups. Below is a list of HIPAA courses and some of the professions/jobs that are appropriate for each course:

HIPAA for Business Associates:

  • IT Staff, Consultants, Services
  • Medical Billing
  • Medical Transcription
  • Software Companies
  • Marketing Services
  • Medical Couriers
  • Legal Services
  • Cleaning Services
  • *Leaders of Business Associate Organizations are recommended to complete HIPAA for Business Associate Admins


HIPAA for Healthcare Workers:

  • Doctors/Physicians
  • Nurses
  • Medical Students
  • Chiropractors
  • Pharmacists and Pharmacy Staff
  • Laboratory Staff
  • Ophthalmologists
  • Hospitals


HIPAA for HCIRs (Sales Professionals):

  • Medical Device Sales
  • Pharmaceutical Sales
  • General Sales


HIPAA for Medical Office Staff:

  • Medical Office Support Staff
  • Medical Office Manager
  • Medical Office Front Desk Staff
  • Medical Office Billing Staff
  • Basically, anyone who works in a Medical Office setting but does not provide direct patient care


HIPAA for Dental Offices

  • Dentists
  • Dental Hygienist
  • Dental Office Support Staff
  • Dental Office Front Desk Staff
  • Orthodontists and staff
  • Any other dental services 


HIPAA for Mental Health Providers

  • Psychiatrists/Psychologist
  • Behavioral Services
  • Medical Students in Mental Health
  • Mental Health Social Services
  • Psychiatry Clinics
  • Mental Health Institutes 


HIPAA for Human Resource Professionals:

  • Human Resource Consultants
  • Human Resource Departments
  • Benefit Management Services
  • Insurance Agents/Brokers
  • Third Party Administrators

Based on the organization you work for/with as well as local, state, and federal regulations, most in the healthcare field are required to take HIPAA and Bloodborne Pathogens training yearly, as well as a compliance course upon hire.

Yes, HIPAA Exams | 360training is accredited by IACET. Our accreditation ensures that you get trusted training by an organization that has gone through third-party accreditation. Our accreditation also ensures that the CEUs you earn with us will be accepted by more organizations than our competitors.

The average length of time for our courses is 60 minutes. However, you can find specific time requirements for each course on its specific homepage. View our full course list here.

We offer you three (3) attempts to take the course test until you pass with 80% or higher.

Yes, all courses come with Continuing Education Credits (CEUs).

CEUs awarded will vary based on the length of time for the course. Courses are awarded .01 CEUs for every hour of training. Thus, all courses come with at least .01 (1 full hour) of CEUs.

Certificates are valid for one year from the date listed on them. Any certificate that does not fall within that one-year time frame, will have the specific expiration date listed on the certificate itself.

Certificates are issued electronically immediately after passing the test. However, you can access them anytime simply by logging into the training platform and clicking on Print Certificates.

You will receive a valid electronic certificate that can be downloaded, printed, or emailed from your account. Certificates can be accessed at any time for re-download. All certificates will show all perinate information including CEUs, our accreditation, the course title, date, and unique certification number.

A corporate/group profile can have as many admins as they'd like. Company admins can add and remove admin access at any time in their accounts.

Yes, our corporate/group accounts allow you to track your organizations completions. You can run full reports, check for incompletes, and filter down to specific courses or groups of employees. Admins can also pull certificate of completions for all users in their account at any time.

Yes, admins can add users when needed and assign courses when needed. If your account is out of seats to assign, the system will guide you through ordering more.

Bulk pricing lowers the cost per seat based on the number of seats purchased at one time. Meaning, the more seats you purchase at one time, the lower the per person cost will be.

All major credentialing services including Reptrax, VendorMate, and Symplr.

Individual/Personal Account: If you created an individual or personal account, simply log into your account and select Go to Courses under My Learning Center. You'll have the option to launch your course(s) from there.

Company/Group Account: If you have a company/group account, to get started, you must first add your users and assign courses. Courses must be assigned prior to being made available for use, even for the company admin. Use the step-by-step instructions below for instructions to add users and assign courses.

There is no such thing as HIPAA certification for an organization or provider. There are guidelines for protected healthcare information (PHI), and there are certifications that may include some or all the guidelines as set forth in HIPAA as required by HHS and enforced by OCR. HIPAA Exams offers a complete training course and certification that allows your organization to stay in compliance with HIPAA-mandated guidelines including HIPAA Privacy Rule, HIPAA Security Rule, HIPAA HITECH and HIPAA Omnibus rule which is required to comply with federal regulations.

Per HIPAA regulation, there are two types of organizations that must meet HIPAA training compliance - Covered Entities including group health plans and Business Associates. In order to meet HIPAA compliance and be HIPAA compliant, both Covered Entities and Business Associates must ensure that their organizations are following the standards and guidelines. Yearly training and risk assessments are only one aspect of compliance. The HIPAA Privacy Rule require Federal standards to protect the medical records and other protected health information of all individuals within the U.S. It applies to health plans, health care clearinghouses, and all those providers who maintain or have access to electronic health records PHI. The HIPAA Security Rule applies the Privacy Rule to include standards to protect individual's electronic personal health information phi that is created, received, used, or maintained by a covered entity or business associate and sets reporting for breach notifications enforced by the Office of Civil Rights (OCR).

  • Track and trace all folders and files that contain PHI.
  • Restrict access to PHI across your organization” allow limited access.
  • Include the HIPAA compliance rules in all policies and procedures.
  • In case of any issues, document your compliance policies and procedures to maintain and record of compliance.
  • Regularly review the data security measures in place at your organization to detect any faulty processes or loopholes.
  • Have a proper remedial plan lined out in case of any gap in compliance.
  • Ensure that all business associates and covered entities in BAAs are also in compliance with HIPAA.
  • Prepare with a procedure and documents, just in case of a PHI data breach.
  • Maintain compliance with HIPAA Training.

HIPAA is the Health Insurance Portability and Accountability Act, enacted by the U.S. Congress in 1996. The purpose was to improve how healthcare entities protect sensitive patient information. Since this time, new rules have been added to HIPAA to enhance the current levels of protection.

Accreditations are essential to ensuring verified information, legitimacy, and a minimum standard of excellence. Given the IACET's rigorous tests, standards of quality and review process, there is an added layer of competence associated with accreditation. It implies that the training provider in question has undergone and withstood a thorough process of examinations and scrutiny. Unaccredited training providers are notorious for providing inaccurate and false information. This highlights the importance of Using an IACET Accredited Training Provider.

The main party enforcing HIPAA is the Department of Health and Human Services' Office for Civil Rights, also known as OCR. While they have most of the jurisdiction, the State Attorney General, Centers for Medicare and Medicaid Services (CMS), U.S. Food and Drug Administration (FDA) and the Federal Communications Commission (FCC) all have some say in HIPAA enforcement.