Training FAQ


Who needs HIPAA training?

All faculty, staff, students in:

  • School of Medicine - (excluding the School of  Public Health, the Animal Resources Center, and the basic science departments: Cell Biology, Cellular and Molecular Physiology, Comparative Medicine, History of Medicine, Immunobiology, Microbial Pathogenesis, Molecular Biophysics & Biochemistry, Neurobiology (Neuroscience), Pharmacology and WM Keck Biotechnology Resources Laboratory)
  • Physician’s Associate Program
  • School of Nursing
  • Yale Health
  • Department of Psychology clinics
  • Benefits Office staff
  • Research personnel who access PHI
  • ITS (Information Technology Services)

Everyone listed above needs to be trained, even if they don’t directly interact with protected health information. This is because anyone in these environments can come into incidental contact with protected health information or can encounter violations of HIPAA and so needs to know what to do in those instances.

Printing out my certificate proving I’ve taken HIPAA training

Training transcripts are maintained in WorkDay Learning.  Sign into Workday at https://www.myworkday.com/yale  . Click on “Menu” located on the upper left-hand side and select “Learning.”  From there click on “Print Learning Certificate” (under Links section).  Enter the date you completed the training and the name of the training and click ok. Select the training  that you would like to print and click the print icon (located on the bottom left) to obtain the certificate.

How long does the online training course take?

Most people are able to complete the course in 45-60 minutes. If you need to stop before you finish and you haven’t started the quiz you can save your work and complete the course in another session. Once you start the quiz, you will need to complete the quiz in one session otherwise any questions answered prior to exiting the quiz will need to be re-entered when you return.  Note that the quiz must be completed successfully in order to receive credit for completing the course.

Will I ever need retraining for HIPAA Privacy and Security?

Yes, if you change jobs you may need to learn new policies and procedures for the new job.

The HIPAA Privacy and Security Offices also offer periodic refresher training to ensure that staff are aware of their HIPAA obligations.

To determine if there are other training requirements you must complete, please visit the Training and Certification website to take the Training Requirements Assessment.

Note: All faculty, staff, postdoctoral fellows and postdoctoral associates are required to complete the Training Requirements Assessment within 30 days of date of hire.

Yale-New Haven Hospital’s HIPAA training

The University and Yale New Haven Hospital have taken different approaches to some aspects of HIPAA compliance, particularly as regards HIPAA Security.  For this reason, the University and the YNHH’s training are different.  Faculty, staff, and trainees who work at both the University and YNHH must take both institution’s HIPAA training.  However, note the FAQ below regarding individuals who have completed HIPAA Privacy training elsewhere.

I have taken HIPAA training at another institution, must I also complete the University's training?

The details of the University’s HIPAA Security program necessitate that Yale faculty, staff and trainees who will have access to Yale electronic PHI complete the University HIPAA Privacy and Security training.  If you have completed HIPAA Privacy training at another institution, you may take an abbreviated course by choosing the “General Overview to HIPAA” course when asked to select your role when completing the Foundational HIPAA Privacy and Security Training course..  Doing so allows a review of key HIPAA Privacy Rule principles and completion of the HIPAA Security training materials.

I completed the HIPAA Security course but not the HIPAA Privacy course when the two courses were offered separately. How do I complete only the Privacy portion?

Now that the HIPAA Security module has been incorporated into a combined HIPAA Privacy and Security course, there is no longer a way to only complete the HIPAA Privacy material on-line.

I completed the HIPAA Privacy course but not the HIPAA Security course when the two courses were offered separately. How do I complete only the Security portion?

If you have completed HIPAA Privacy training previously, you may take an abbreviated course by choosing the “General Overview to HIPAA” course when asked to select your role.  Doing so allows a review of key HIPAA Privacy Rule principles and completion of the HIPAA Security training materials.

Guidance on HIPAA Training Requirements for Sponsored Identities