Required HIPAA Privacy Training

Date: September 23, 2023
Policy ID: 1.430
Status: Final

Contact Office:
Associate Dean for Finance and Administration
PO Box 800793
Fax: 434-924-8412

Applies to:
Any individual who works in the School of Medicine, regardless of the source of funds from which they are paid, and/or any individual who works in the School of Medicine in a non-salaried position.

Reason for Policy:
Federal regulations mandate that all employees who may have contact with or access to patient information be trained in how to keep the information secure and confidential

Definition of Terms:
Employee: Any individual who works at the School of Medicine. This includes, but is not limited to faculty, classified staff, wage employees, and students.

HIPAA: Health Insurance Portability and Accountability Act of 1996. Privacy and Security were added to the Act, requiring Health and Human Services (HHS) to adopt regulations to protect patients’ medical information.

Policy Statement:
All School of Medicine employees are required to take HIPAA privacy training through NetLearning. New employees must take the training within the first two weeks of their employment. After initial training, employees are required to take training when there are changes to the HIPAA guidelines or their application at UVA. When this occurs, the training module is updated and employees are notified that they must retrain.

Failure to comply with the federally mandated training may result in loss of access to electronic, administrative, and other systems.

HIPAA privacy training is in addition to the mandatory ITC security training. An individual’s job responsibilities may require that he or she take additional training as recommended and/or required by the University, School of Medicine, Medical Center, or HSF.

Related Policy:
Medical Center related policies can be access from

Revision History:
Implemented 1/30/06; administrative update 2/23/15; administrative update 9/23/20