“This course contains the use of artificial intelligence.”

HIPAA compliance doesn't have to be overwhelming — even for a small practice with no IT department. This course teaches the HIPAA Security Rule in plain English, so owners, office managers, and clinical or admin staff can protect electronic protected health information (ePHI) and stay on the right side of the law. You'll start with the foundations: how the Security Rule differs from the Privacy Rule, what counts as ePHI and where it hides, and who must comply. Then you'll tackle the single most-cited HIPAA failure — the risk analysis — and learn to conduct a Security Risk Assessment (SRA) and build a risk management plan using the free HHS SRA Tool. From there, the course walks through every required safeguard: administrative (security officer, training, access management, contingency planning), physical (facility, devices, remote work), and technical (access control, audit logs, encryption, MFA, and secure transmission). You'll learn how to handle business associates and BAAs, run vendor due diligence, and respond to a breach correctly — including the four-factor assessment, notification rules, and deadlines. Finally, you'll get ahead of the proposed 2025/2026 overhaul of the Security Rule, where many addressable specifications are expected to become required, with a practical 12-month compliance roadmap. The focus throughout is on checklists, free official tools, and clear next steps — no jargon and no fear, just a path to compliance you can actually follow.