Find frequently asked questions on different options for HIPAA certification training, as well as how to achieve compliance.

Question: Which course should I take to meet the HIPAA Training requirement?

If you are a HIPAA Privacy Security compliance officer or part of the core compliance team, then consider the comprehensive level CHPSE course. If you are an employee who has access to PHI but is NOT responsible for HIPAA compliance, then take the one-hour employee training ($25). Use our flowchart to decide on the right level, of course, for you.

First, you need to decide which category you fall into; there are 8 categories:

1. Healthcare Provider– Any single individual who works for an organization that provides preventive, curative, promotional, or rehabilitative health care services in a systematic way to patients, people, families, or communities.

Examples: Healthcare Provider is Hospitals, Private Clinics, Doctors, podiatrist, Physicians, Neurosurgeons, Ophthalmologist, Nurses, psychologist, Medical Schools, Plastic Surgeon, Medical Students, Orthopedist, Pediatrician, Medical Office Staff, clinical optometrist, Pharmacies, Dentists, Nurse practitioner, Chiropractors, Allergist, Anesthesiologist, Physical Therapists, ENT Specialist, Massage Therapists, Dermatologist, Radiologists, nurse-midwife, Cardiologists, Hospice, Gastroenterologist, Nursing Homes, Gynecologist, General Psychiatrist, Home Health, Gynecologist, Durable Medical Equipment providers, clinical social worker, Audiologist, Gastroenterologist, Psychiatrists, Rheumatologist, etc.

2. Mental Health Provider – Any single individual who works or will work in the future for an organization involved in the direct medical treatment of patients regarding mental health.

Examples of mental health providers are Psychologists, Mental health counselors, psychiatrists, Addiction counselors, Psychoanalysts, Clinical social workers, Psychiatric Nurses, Behavioral services, Psychotherapists, Mental health programs, Family, and marriage counselors, Religious Counselors, Art Therapist, Psychiatric Pharmacists, etc.

3. Business Associate– Any single individual who works or will work in the future for a company that offers services or products to health care entities, health plans, health insurance providers, or other business associates and will have access to protected health information (PHI).

Examples of business associates are Medical couriers, Medical Billing, Business processing outsourcing (BPO) providers, Document/record storage, Medical transcription services, Insurance brokers (take a course designed for insurance brokers), Document disposal (shredding) companies, Answering services, CPAs, Third-party administrator (TPA), Software companies, Patient safety or accreditation organizations, Pharmaceutical representatives, e-prescribing gateways and other HIOs, Medical device manufacturers, Pharmacy benefit managers, Collection Agencies, Attorneys, Health information exchanges (HIEs), Actuaries, Marketing services, Cleaning services, Asset Recyclers, Researchers (if performing HIPAA functions for a covered entity), Accounting services firm, Auditors, Healthcare Consultants, Financial institutions (if engaging in accounts receivable or other features extending beyond payment processing), Cloud vendors, etc

4. Insurance Brokers and Agents– Any single individual who works for an organization that provides health insurance brokerage or administration services for employer group health plans.

Examples of Insurance Brokers and Agents are Insurance Brokers, Insurance Agents, Benefits Management Services, Third Party Administrators.

5. Employer and Group Health Plans– Any single individual who works in the HR benefits staff for an organization involved in sponsoring and managing group health plan benefits for its employees

Examples of Employer group health plans are HR benefits staff for employers who sponsor group health plans (self-insured and fully insured) for their employees such as medical health plans, dental, vision, flexible spending accounts, etc.

6. Call Center Organization – The call center is a centralized office used for receiving or transmitting a large volume of requests by telephone or chat.

Examples of healthcare-related call centers are Billing, Collection, Patient Communication, Medical insurance, Dental insurance, Vision insurance, Medical answering services.

7. Research Organization – For HIPAA purposes, “Research” is defined as any systematic investigation (including research development, testing, and evaluation) that has as its primary purpose the development of, or contribution to, generalizable knowledge. This is intended to cover human subject research involving IIHI, not research on data that have been de-identified in accordance with 45 CFR 164.502(d) and 164.514(a)-(c).

Examples: A university that conducts human subject research projects, an independent research organization, medical schools, Laboratories doing research, pharmaceutical companies, and others.

8. Law Enforcement and Public Safety Professional is a government employee who is a sworn officer of the city or county or state who acts in an organized manner to enforce the law by preventing, investigating, apprehension, discovering, deterring, rehabilitating, or punishing people who violate the rules and norms governing that society.

Examples are Government employees & contractors working in the Fire Department, Law Enforcement, Emergency medical technicians, Public health officials, Hazardous materials professionals, Public safety communications representatives, Public Works officials, Emergency managers, Justice & Court employees, Department of Corrections, FEMA, FBI, U.S. Marshals, and others.

Once you have decided on which category you fall in, the next step is to select the right level of the course.

Question: Do we need any additional training if we have headquartered in Texas or have locations in Texas or work with health care providers in Texas?

If you are located in Texas or have locations in Texas or work with health care providers in Texas you will also need to comply with Texas House Bill 300 (or Texas HB 300 for short).

You can register for the HIPAA with HB 300 course.

For more information on Texas HB 300 visit the page on “Texas HB 300

Question: Do I need to take the one-hour HIPAA employee course, Certified HIPAA Privacy Associate (CHPA) training course, or both?

Both the courses meet the need for awareness training for the regulation. Students take the CHPA course ($99) when they want the credential with their name, add it to their resume, or want to use the logo for their benefit then they take the CHPA course with an unlimited exam option.

If you want the economical solution then one hour course ($25) is recommended and if you want a credential for a resume or use the logo for your marketing purpose then CHPA is recommended.

Question: I am a medical student. Do I need to take the One Hour HIPAA Employee Training course, CHPA course, or both?

If you want the economical solution then one hour course ($25) is recommended and if you want a credential for a resume or use the logo for your marketing purpose then CHPA ($99) is recommended.


Question: What is the cost of 1 Hour HIPAA Employee training? Do you offer group discounts?

The pricing for a One Hour HIPAA Employee training course is $25. We offer discounted prices for more than 10 registrations.

Question: Do you offer custom training courses based on the company’s learning objectives?

We can create a custom course for you depending on your needs and the number of employees who need the training on an annual basis. We have created courses for multiple companies where we understand their needs and provide solutions with different levels of training for all employees. We can offer the training as an onsite, live web-based, or self-paced online course.

Question: How can I get the quote for the customized onsite training?

We can come to your site and present a custom course based on your learning objectives. We will work with your HIPAA compliance officer to understand your requirement and then create the course. We can create courses from one hour to 5 days of training. Email us or call us at 515-865-4591 so we can understand your needs and propose a solution based on them.

Individual Training

Question: Who should take the One Hour HIPAA Employee training?

It is for any individual looking who are looking to get a job in the healthcare industry and are looking to meet the requirement of having HIPAA certification under their belt. Many also consider the Certified HIPAA Privacy Associate (CHPA) so they can use the credentials with their name ( like John Doe, CHPA) or use the logo on their resume or signature.

Question: After registering for the course, how can I start my course?

Once you register for our HIPAA course, we will send you the login ID and password by email within 1 business day. We also review that you have registered for the right course. You can use the login details to start the course. You have 2 months to complete the course.

Question: How long do I have to complete the training?

You have up to 60 days from the date of signup to take the awareness training. For comprehensive courses of CHPSE, CHPE, and CHSE you have 6 months. You can request for extension of 3 months by paying $99.

Question: If I don’t pass the exam on the first attempt, do I have to pay to retake the test?

For awareness training ($25 or $45), you can take the exam as many times as you need to pass the exam. For certification credential courses of CHPA, CHPE, CHSE, CHPSE, CCAP you have to pay per attempt unless you have paid for unlimited exam attempts at the time of registration.

Question: How long does it take to complete the training?

All courses have slides and audio of the instructor so you can play and pause the course as needed. The average time for a person to complete the awareness training is 1 hour from the start to taking the final exam and getting their certificate. The course duration for CHPA is 2 hours, CHPE is  15 hours, CHSE is 17 hours and CHPSE is 25 hours. You can spend more time as needed on these courses till you feel that you are ready to take the test.

Question: Do I have to complete the full training in one sitting or I can do it in multiple sessions?

You can take the training at your own pace, at your own convenience, and in multiple sessions. The course has audio of the instructor so you can play and pause as needed. If you want to stop, just log off from the course, and then when you log back in, just click on the lesson you stopped at to restart the training from where you left off.

Question: How long is your certificate of completion valid for?

Normally the frequency of the training of the employees is determined by the training policy (required under the privacy rule). It is a good practice to train employees on an annual basis to reinforce the best practices. Our certificates are by default dated for 2 years so you would need to take a refresher training again after 2 years if not annually.

Question: What if I have a typo in my name when I register for the course?

When you receive your receipt for the order, reply back to that email with the right name and we will get that corrected so you get the right name in your certificate when you complete the course. If you notice a typo in your final certificate then contact us and we will send you the corrected certificate.

Question: How and when will I receive my certificate of completion?

After successfully completing the final exam you will be able to download your certificate in PDF format. You can take the printout or save it as a PDF. If you have taken the credential course then we will send you the official logo image files which you can use to your benefit. For more details on it, click here

Question: What format is the certificate and how can I view and print it?

Your certificate of completion is an adobe acrobat PDF file. All you need to view and print the certificate is the free adobe acrobat reader. If you don’t have the adobe reader software installed on your computer, you can download it free from adobe’s website at: Click Here to Download Adobe Reader

Question: If I take the HIPAA Awareness training course and the HIPAA Security training course will I get a separate certificate for both?

Yes, you will receive two separate certificates.

Question: Is your training certified by the government?

The Office for Civil Rights (OCR) at the Department of Health and Human Services is responsible for regulating HIPAA but they currently do not provide a training vendor certification. Our printed manual of 700 pages is created by industry experts, including attorneys, security consultants, privacy experts having healthcare and HIPAA compliance experience. Many federal, state, county, insurance companies and hospitals have selected our training. Government organizations are not allowed to endorse us but selecting our courses is the biggest endorsement we can get. View the list of our clients.

Question: What is the retraining requirement under HIPAA?

HIPAA requires the retraining to be done as per your training policy. The majority of employers do retraining on a yearly or 2-year basis. Our certificates are by default dated for 2 years so you would need to retake a refresher training after 2 years.

Question: What if I am a single individual but need to train more people in the future?

You can start off with a single training seat and then add more seats in the future just by paying and subscribing to the course.

Question: Can I train multiple people using an individual account?

No. Our individual training is licensed to a single individual only.

Question: Can I have multiple people view the training?

Sorry, the license for the single-user training is for a single individual only. To train multiple users, you will need to purchase additional training seats.

Question: I purchased a single training seat and then had someone else take the training in addition to myself. Why does it show my name on the certificate when the other person took the training?

Sorry, the license for the single-user training is for a single individual only. Our individual certificates are locked to the first individual’s name after you enter it the first time. To train multiple users, you will need to purchase additional training seats.

Organizational Training

Question: Do you offer training that an organization can use to train its employees?

Yes, we do.

Question: Who is the organizational training for?

Organizational training is for employers/groups that need to train their employees. It provides a single shared login that all employees can log in to as well as group discounts starting at 10 seats and above.

Question: What is the minimum number of seats I need to create an organizational training account?

Two seats. If you need to add licenses in the future, you can do so using the Add More Licenses button when you log in to your account.

Question: If I have fewer than 10 seats initially will I get the discount when I reach 10 seats in the future?

Yes, our system automatically keeps track of the number of cumulative licenses and will automatically apply the new discount pricing starting on the 10th seat.

Question: How does organizational training work?

Once we get the full name and email ID of all your employees, we will register them to the course they are subscribed for and send them the login ID and password. Once your employee receives the login ID and password, they can immediately start the training. Once the employee finishes the final exam they can directly download the certificate of their name.

Question: If everyone logs in using the same username/password how does it track and generate a certificate for each individual?

Each person logging in into the multiuser account is treated independently. It tags each person uniquely by prompting each individual for their name on their certificate at the end when the individual has successfully passed the final exam. After entering their name, it generates a certificate for the individual and emails a copy for your records. Doing it this way, there is zero administration required with our system.

Question: Can more than one person log in to take the training at the same time?

Absolutely. All your employees could log in at the same time or at different times. Our system can handle thousands of simultaneous users.

Question: Do you offer to report with the organizational training account so I can tell who has taken the training?

Yes, we provide reporting free with the organizational training account.

Question: Do you offer volume discounts?

Yes, we do. Your pricing is based on the initial number of seats you purchase (see table below) and then as you continue to purchase seats with us we continue to discount you down in pricing as you hit the new tiers.

Number of Training Seats

Pricing per Seat

1 – 9


10 – 24


25 – 49


50 – 99


100 – 200




Question: How do I sign up for the organizational training option?

You can simply add two or more seats to your shopping cart. That will automatically create an organizational training account. If you initially purchased a single seat, you can also upgrade that to an organizational training account by purchasing additional seats to get you to a total of two seats or more.

Question: How long does it take to set up?

Your organizational training account is available immediately upon completing the checkout.

Question: How long before the seats I purchased expire?

With our organizational training, there is no expiration date on seats. The seats are good until you use them.

Question: How do you handle billing beyond the initial seats purchased?

The default is that is it self-service and prepaid. So to add more seats, you simply log in and click on the Add More Licenses button to add seats when you need them. Alternatively, we can also set up NET 30 terms and invoicing if you would prefer.

Question: How long does the training take?

The average time for a person to complete the training is 1 hour from start to taking the final exam and getting their certificate.

Question: What if someone doesn’t pass the final exam? Do I have to pay for their training again?

No, each person can take the final exam as many times as they need to pass.

Question: Does each person have to take the training in one sitting?

No, they can take the training at their own pace and in multiple sessions. If they get interrupted, they just log off, and then when they log back in, they just click on the lesson they stopped at. They do want to set aside 15 minutes when it is time to take the final exam however so that they can have maximum concentration.

Question: Is your training certified by the government?

The Department of Health and Human Services is responsible for regulating HIPAA, but they currently do not provide a training vendor certification process. So to ensure we are providing proper training we have consulted HIPAA experts as well as had our training reviewed by a law firm specializing in HIPAA.

Question: Can I train multiple people using an individual account?

No. Our individual training is licensed to a single individual only.

Question: Can I have multiple people view the training?

Sorry, the license for the single-user training is for a single individual only. To train multiple users, you will need to purchase additional training seats.

HIPAA Compliance Documentation Kits

Question: What are your HIPAA Compliance Documentation Kits?

There are two parts to HIPAA compliance: employee/staff training and the documents, forms, contracts, and policies and procedures for the organization. Our organizational training is for the employee/staff training portion of compliance whereas the documentation kit is for the portion of the organizational document of compliance.

Question: What HIPAA Compliance Documentation Kits do you offer?

We have one documentation kit for HIPAA Privacy and another for HIPAA Security. HIPAA Privacy and HIPAA Security are two separate HIPAA regulations with their own standards and requirements and hence the reason we have two separate kits.

Question: Who are the HIPAA Documentation Kits meant for?

They are meant for the person designated as the HIPAA Privacy/Security/Compliance officer for your organization to help them implement HIPAA compliance at your organization.

Question: How do the HIPAA Documentation Kits fit into my organization’s HIPAA compliance?

In short, HIPAA Organizational Compliance = HIPAA Employee Staff Training + HIPAA Organizational Documents

In terms of our products that map to, HIPAA Organizational Compliance = Group Training + Documentation Kits

Question: What is included in your HIPAA Compliance Documentation Kits?

They contain a step-by-step to-do list walking you through the entire HIPAA compliance process along with all the forms, policies and procedures, documents, etc needed to implement HIPAA compliance at your organization. All the documents are available in ready-to-use Microsoft Word format and are available for immediate download.

Question: Is training included as part of your HIPAA Compliance Documentation Kits?

1 training seat for the compliance officer is included with each kit. However additional training seats are sold separately under our organizational training offering. This allows organizations to mix and match depending on their unique needs.

Question: What types of forms/templates do you provide as part of the DIY Kit?

Notice of privacy practices, authorization forms, business associate contracts, documents to support individual patient rights, policies and procedures, etc, all in Microsoft Word format. They can be downloaded individually or in one zip file.

Question: Do I need the HIPAA Privacy Documentation Kit, HIPAA Security Documentation Kit, or both?

Everyone needs to comply with HIPAA Privacy. So you would need the HIPAA Privacy Documentation Kit for sure.

You only need HIPAA Security if your organization stores maintain, or transmits protected health information electronically such as on computers. Since most organizations store protected health information on computers these days, most organizations will have to comply with HIPAA Security. If that applies to your organization, then you will need the HIPAA Security Documentation Kit. The only organizations that won’t need the HIPAA Security Documentation Kit are those that do everything on paper.

Question: How much do the Documentation Kits cost?

There are two HIPAA Compliance Documentation Kits: a HIPAA Privacy Documentation Kit and HIPAA Security Documentation Kit. They are $300 and $495 respectively and are licensed per organization.

Question: Why are the Documentation Kits so expensive?

Many of our customers would ask why it is so cheap. We have taken the HIPAA regulations and made them extremely easy to implement without having to hire expensive legal counsel or consultants. Everything is in ready to use format with step-by-step instructions and includes any help you need in getting through the process. Our pricing is a fraction of what it would cost to develop the documents yourself, with a lawyer, or by hiring a consultant.

Question: Do I need any special qualifications to use the Documentation Kits?

No there is no prior compliance or HIPAA experience required to use the kits. We start you from scratch. We’ve made them extremely easy to use so anyone can do it.

However, there is one caveat. Since HIPAA Security requires that you lock down your computers, networks, etc, you may have to work with your IT staff or an IT consultant to actually implement some of the safeguards in the Documentation Kit. The Security Documentation Kit will provide you with all the documented policies and procedures such as a policy and procedure requiring daily backups but then you will need someone to actually implement those backups as an example.

Question: What if I get stuck or have questions?

We’ve made the process extremely easy with step-by-step instructions and ready-to-use documents. However, we fully support you through the entire process. You are welcome to contact us for any clarifications, questions, etc. We have to disclaim this, however, that if there is excessive help needed then we have the right to request that extra help be underpaid consulting. But to date, we’ve never had to request that.

Question: I purchased the HIPAA Do It Yourself Kits a while back. What’s the difference between that and the HIPAA Documentation Kit?

They are the same product. We just renamed it so that it would be more clear and obvious what that kits were meant for.

Omnibus Rule

Question: What is the Omnibus Rule?

On January 17, 2013, the U.S. Department of Health and Human Services (HHS) released a final ruling called the Omnibus Rule that was meant to strengthen and modernize HIPAA by incorporating provisions of the HITECH Act (Health Information Technology for Economic and Clinical Health Act) and the GINA Act (Genetic Information Nondiscrimination Act of 2008) as well as finalizing, clarifying, and providing detailed guidance on many previous aspects of HIPAA.

The final Omnibus Rule becomes effective March 26, 2013. Covered entities and Business Associates have until September 23, 2013, to comply (180 days beyond the effective date).

Question: Who is required to comply with the Omnibus Rule?

Covered Entities (healthcare providers, health plans, and healthcare clearinghouses) and Business Associates (all third-party vendors and business partners that create, receive, maintain, or transmit protected health information (PHI) on behalf of a Covered Entity).

Question: Is your training updated for the Omnibus Rule?

Yes, our training is up to date with the Omnibus Rule. We have a separate chapter that specifically covers updates from both the ARRA/HITECH Act of 2009 and the Omnibus Rule of 2013.

Texas HB 300

What is Texas HB 300?

Texas HB 300 (Texas House Bill 300) was a bill passed and signed by Texas Governor Rick Perry in June of 2011. The bill places stricter requirements on patient health privacy than those required by HIPAA and also expands the definition of covered entities to include those that come into possession of, obtain, assemble, collect, analyze, evaluate, store, or transmit protected health information.

Texas HB 300 becomes effective September 1, 2012, and requires that employees be trained on it in addition to HIPAA.

Who is required to comply with Texas HB 300?

According to Texas HB 300, any individual or organization that:

  1. engages in the practice of assembling, collecting, analyzing, storing, or transmitting PHI;
  2. comes into the possession of PHI;
  3. obtains or stores PHI; or
  4. is an employee, agent, or contractor of a person described in numbers 1-3 above (if they create, receive, obtain, maintain, use or transmit PHI).

must comply with Texas HB 300.

The expanded definition of HB 300 means that many businesses and individuals currently exempt from HIPAA will be subject to the requirements of HB 300. For example, lawyers, accountants, schools, researchers, internet service providers, etc.

Who is exempt from complying with Texas HB 300?

According to Texas HB 300, the following are exempt from complying with Texas HB 300:

  1. Workers’ compensation insurance or any person or entity in connection with providing, administering, supporting, or coordinating any of the benefits under a self-insured program for workers’ compensation
  2. Employee benefit plans and any covered entity or another person, insofar as the entity or person is acting in connection with an employee benefit plan
  3. Education records covered by the Family Educational Rights and Privacy Act of 1974 and its subsequent amendments
  4. Nonprofit agencies that pay for health care services or prescription drugs for an indigent person only if the agency’s primary business is not the provision of health care or reimbursement for health care services
  5. Processing of certain payment transactions by financial institutions
  6. Certain information relating to offenders with mental impairments
  7. Any person or entity in connection with providing, administering, supporting, or coordinating any of the benefits regarding compensation to victims of crime

Does your training satisfy Texas HB 300 as well as HIPAA?

Yes, our training covers both HIPAA as well as Texas HB 300. We have a separate chapter that specifically covers Texas HB 300.

How do I signup for the Texas version of the training?

You can click on the links below to go directly to the Texas HB 300 versions of the training

Technical Issues

When I click on the training, I just get a black screen

The training requires Adobe Flash Player or HTML5 support to run.

To install Adobe Flash Player, CLICK HERE. After installing Adobe Flash Player, close all your browser windows and restart your browser. This last step is required to complete the installation.

If you still have problems, try using Mozilla Firefox or Google Chrome as your browser.

I generate my certificate but I can’t view it.

The certificate requires Adobe PDF Reader to view it.

To install Adobe PDF Reader, CLICK HERE.

Can I take the HIPAA training on an Apple IPAD, Android tablet, or other mobile device?

Yes, you can. Our training has HTML5 support for new browsers as well as mobile devices in addition to Adobe Flash for desktops.