The HIPAA Rules apply to covered entities and business associates.

Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.

If an entity  does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules.  See definitions of “business associate” and “covered entity” at 45 CFR 160.103.

Course FAQ's

Are there any prerequisites for the courses?

There are no prerequisites for our courses.

How long are the certificate of completions good for?

HIPAA only specifies that employees be retrained when the regulations change. However, the majority of employers do retraining on a yearly or 2 year basis. Our certificates are by default dated for 2 years so you would need to take a refresher training again after 2 years.

What format is the certificate of completion in?

The certificate of completion is an adobe acrobat PDF file. All you need to view and print the certificate is the free adobe acrobat reader. If you don’t have the adobe reader software installed on your computer, you can download it free from adobe’s website at:

Click Here to Download Adobe Reader

Do you offer volume discounts?

Yes we do. Contact us to receive a quote.


What Is HIPAA?

HIPAA stands for the “Health Insurance Portability and Accountability Act of 1996”, which was a federal law enacted by Congress that gave Americans the ability to transfer or continue their health insurance coverage when they change or lose their jobs, established industry-wide standards for electronic health care transactions, and required the protection and confidential handling of protected health information.

What is the HITECH Act?

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) legislation was created in 2009 to stimulate the adoption of electronic health records (EHR) and supporting technology in the United States. President Obama signed HITECH into law on Feb. 17, 2009, as part of the American Recovery and Reinvestment Act of 2009 (ARRA) economic stimulus bill.

HITECH and HIPAA are separate and unrelated laws, but they do reinforce each other in certain ways. For example, HITECH stipulates that technologies and technology standards created under HITECH do not compromise HIPAA privacy and security laws.

It also requires that any physician and hospital that attests to meaningful use must also have performed a HIPAA security risk assessment as outlined in the “Omnibus rule,” or 2013 digital update to the original 1996 law. Another example: HITECH established data breach notification rules; HIPAA’s omnibus update echoes those rules and adds details such as holding healthcare providers’ business associates accountable for the same liability of data breaches as the providers themselves.

What is the Omnibus Rule?

On January 17, 2013, the U.S. Department of Health and Human Services (HHS) released a final ruling called the Omnibus Rule that was meant to strengthen and modernize HIPAA by incorporating provisions of the HITECH Act (Health Information Technology for Economic and Clinical Health Act) and the GINA Act (Genetic Information Nondiscrimination Act of 2008) as well as finalizing, clarifying, and providing detailed guidance on many previous aspects of HIPAA.

The final Omnibus Rule became effective March 26, 2013. .

Who Is A Covered Entity?

HIPAA standards apply only to:
♦ Health care providers who transmit any health information electronically in connection with certain transactions.
♦ Health plans
♦ Health care clearinghouses

Who Is A Business Associate?

A person who performs a function or activity on behalf of, or provides services to, a Covered Entity that involves Individually Identifiable Health Information.
– Is not a workforce member
– Covered Entity can be a Business Associate

What are the Penalties for Non-Compliance?

Failing to comply with HIPAA regulations, as amended by HITECH, may lead to disciplinary action for providers as well as personal criminal penalties of up to ten years in prison and fines of up to $250,000. For each incident of non-compliance, organizations could be fined $50,000 per occurrence and up to $1.5 million per year for each standard violated. If  willful neglect is found additional penalties may apply.

Leave a Reply

Your email address will not be published.