Training FAQ

Who needs HIPAA training?

All faculty, staff, students in:

  • School of Medicine - (excluding the School of  Public Health, the Animal Resources Center, and the basic science departments: Cell Biology, Cellular and Molecular Physiology, Comparative Medicine, History of Medicine, Immunobiology, Microbial Pathogenesis, MolecularBiophysics & Biochemistry, Neurobiology, and Pharmacology)
  • Physician’s Associate Program
  • School of Nursing
  • Yale Health
  • Department of Psychology clinics
  • Benefits Office staff
  • Research personnel who access PHI
  • ITS (Information Technology Services)

Everyone listed above needs to be trained, even if they don’t directly interact with protected health information. This is because anyone in these environments can come into incidental contact with protected health information or can encounter violations of HIPAA and so needs to know what to do in those instances.

Printing out my certificate proving I’ve taken HIPAA training

The Training Management System (TMS) contains records of your HIPAA Privacy and Security training. Select the “My Training Information” on the left hand side, you will then be prompted to enter your Net ID and password. Select Transcript from the left hand selection, select the completed course you want a certificate for and hit the print icon. Please allow 24 hours after completing the online training for your TMS profile to be updated.

Note: If you are accessing TMS outside of Yale’s network (working from home, off campus, etc), you will need to connect to VPN (virtual private network) prior to logging into TMS. If you need assistance with VPN, please contact ITS helpdesk at 203.432.9000 or helpdesk@yale.edu.

How long does the online training course take?

Most people are able to complete the course in 45-60 minutes. If you need to stop before you finish and you haven’t started the quiz you can save your work and complete the course in another session. Once you start the quiz, you will need to complete the quiz in one session otherwise any questions answered prior to exiting the quiz will need to be re-entered when you return.  Note that the quiz must be completed successfully in order to receive credit for completing the course.

Will I ever need retraining for HIPAA Privacy and Security?

Yes, if you change jobs you may need to learn new policies and procedures for the new job.

The HIPAA Privacy and Security Offices also ffer periodic refresher training to ensure that staff are aware of their HIPAA obligations.

To determine if there are other training requirements you must complete, please visit the Training and Certification website to take the Training Requirements Assessment.

Note: All faculty, staff, postdoctoral fellows and postdoctoral associates are required to complete the Training Requirements Assessment within 30 days of date of hire.

Yale-New Haven Hospital’s HIPAA training

The University and Yale New Haven Hospital have taken different approaches to some aspects of HIPAA compliance, particularly as regards HIPAA Security.  For this reason, the University and the YNHH’s training are different.  Faculty, staff, and trainees who work at both the University and YNHH must take both institution’s HIPAA training.  However, note the FAQ below regarding individuals who have completed HIPAA Privacy training elsewhere.

I have taken HIPAA training at another institution, must I also complete the University's training?

The details of the University’s HIPAA Security program necessitate that Yale faculty, staff and trainees who will have access to Yale electronic PHI complete the University HIPAA training.  If you have completed HIPAA Privacy training at another institution, you may take an abbreviated course by choosing the “General Overview to HIPAA” course when asked to select your role.  Doing so allows a review of key HIPAA Privacy Rule principles and completion of the HIPAA Security training materials.

I completed the HIPAA Privacy course but not the HIPAA Security course when the two courses were offered separately. How do I complete only the Security portion?

If you have completed HIPAA Privacy training previously, you may take an abbreviated course by choosing the “General Overview to HIPAA” course when asked to select your role.  Doing so allows a review of key HIPAA Privacy Rule principles and completion of the HIPAA Security training materials.

I completed the HIPAA Security course but not the HIPAA Privacy course when the two courses were offered separately. How do I complete only the Privacy portion?

Now that the HIPAA Security module has been incorporated into a combined HIPAA Privacy and Security course, there is no longer a way to only complete the HIPAA Privacy material on-line.