Ensure compliance with the HIPAA Security Rule training requirement

You are the first line of defense against cyber attacks that target patient information and medical information systems as a worker in the healthcare sector. The purpose of this training is to help you, as an employee, identify the types of information that must be protected; understand common threats against health information systems; and learn about best practices and policies to safeguard the confidentiality, integrity, and availability of patient information. There are three sections to this training program: Awareness of Cybersecurity, Essentials of Cybersecurity, and Phishing Awareness

Course curriculum

  • 1


    • Welcome to the Course!

  • 2

    Cybersecurity Awareness Training

    • Cybersecurity and Information Classifications

    • Quiz - Cybersecurity and Information Classifications

    • Securing Information

    • Quiz - Securing Information

    • Social Engineering

    • Quiz - Social Engineering

    • Breaches and Reporting

    • Quiz - Breaches and Reporting

  • 3

    Essentials of Cybersecurity

    • Introduction to Cybersecurity

    • Cybersecurity Vulnerabilities

    • Internal Processes and Vulnerabilities

    • Technology Failures

    • External Threats

    • Contingency Plans

    • Knowledge Check

    • Common Cyberattack Mechanisms and Motivations for Use

    • Quiz - Common Cyberattack Mechanisms and Motivations for Use

    • Encryption

    • Quiz - Encryption

    • Firewalls and Virtual Private Networks (VPNs)

    • Quiz - Firewalls and VPNs

    • Cloud Computing Vulnerabilities

    • Quiz - Cloud Computing vulnerabilities

  • 4

    Phishing Awareness Training

    • Introduction

    • Phishing Attacks

    • Quiz - Phishing Attacks

    • Counter Measures

    • Quiz - Counter Measures

    • Expectations

    • Quiz - Phishing Awareness

  • 5


    • Congratulations!

    • Final Exam


  • Does this training support the requirements for information and security compliance?

    According to the implementation requirements of the HIPAA Security Rule, every employee must complete a program on security awareness that also includes regular security updates. The requirements of the HIPAA Security and Privacy Rule and seven international compliance frameworks are met by this training, including NIST SP 800-53r4, ISO 27001, K-ISMS, RSEFT, IRAP, OSPAR, and MTCS. Each of these frameworks mandates security awareness training for your staff members.

  • Does this training provide all the information on cyber security that healthcare workers require?

    Although the fundamentals of cybersecurity awareness, cybersecurity necessities, and phishing awareness are covered in this training, we advise that you continue your education through additional training, recurring reminders, and quizzes as required by your company.

  • Who should take this training?

    Anyone working in healthcare who wants to better understand the most common cybersecurity risks and what they can do to protect themselves and their organizations should attend the training.

  • Is a certificate of completion available?

    Yes, a certificate of completion can be downloaded as a PDF once the training is completed.


Senior Instructor

Spencer Ash

As a leader in healthcare technology, Spencer specializes in healthcare informatics and product management. Having worked in many areas of the healthcare industry—from full-risk value-based primary care to post-acute care—he recognizes the importance of protecting health information and the key role that security awareness plays in protecting that information. Currently serving as the Director of Product Design at AbarcaHealth, where is he is passionate about driving change in healthcare that leads to radical transformation and improved patient outcomes. Spencer is also a Certified HIPAA Officer.