HIPAA for IT, Security & Administrators Training

AI authoring tools for easy customization
Additional languages available
Meets accessibility standards
Auto-save training, mobile-friendly
Deliver on Ethena or your LMS (SCORM)

Course Summary

This Ethena course gives IT, security, and admin staff the technical know-how to protect electronic PHI (ePHI) under HIPAA, covering the Security Rule’s safeguards and the proposed 2024–25 updates.

Apply HIPAA’s administrative, physical, and technical safeguards to ePHI
Manage access, audit logs, encryption, and MFA controls
Track assets, scan for vulnerabilities, and patch on time
Detect insider and third-party risks and respond to incidents

Included Modules:

Introduction

Introduces this HIPAA course for IT, security, and admin staff, explaining why the people who run systems carry outsized responsibility for protecting patient data.

PHI & Security Safeguards

Defines PHI and ePHI and walks through HIPAA’s administrative, physical, and technical safeguards that keep electronic health data confidential and available.

Access Provisioning & De-Provisioning

Explains how to grant least-privilege access when staff join or change roles and promptly revoke it when they leave to prevent lingering ePHI exposure.

Audit Logs & Access Monitoring

Shows how to record, review, and retain audit logs so unusual access to ePHI gets caught early and you can prove who touched what and when.

Encryption, MFA & Technical Controls (Proposed Security Rule)

Covers encryption at rest and in transit, multi-factor authentication, and the technical controls the proposed HIPAA Security Rule update would make mandatory.

Vulnerability Scanning, Patch Timelines & Segmentation

Details routine vulnerability scanning, defined patching deadlines, and network segmentation that limit how far an attacker can move toward ePHI.

Asset Inventory & ePHI Data Mapping

Explains how to maintain an accurate asset inventory and map where ePHI lives, moves, and rests so nothing sensitive goes untracked or unprotected.

Incident Response & 24-Hour Activation Notice

Outlines how to detect, contain, and report security incidents, including the proposed rule to notify within 24 hours once a contingency plan is activated.

Insider Threat Detection & Privilege Misuse

Shows how to spot insider threats and privilege misuse, from snooping on records to abusing elevated access, before they become reportable breaches.

Protecting Against Malware Attacks

Covers how malware and ransomware reach healthcare systems and the layered defenses, backups, and habits that keep ePHI safe and recoverable.

Supply-Chain & Third-Party Risk

Explains how to vet vendors, manage business associate agreements, and reduce the supply-chain risk that third-party tools introduce to ePHI.

Included Mini-Courses:

Data Minimization and Storage Limitation Training

Australian Privacy Principles Training

Why is data privacy training important?

It’s essential to ensure that employees’ personal information is kept secure. Data privacy helps to protect confidential customer and employee information, such as financial details and other personal information, from being accessed by unauthorized people. Additionally, data privacy helps prevent data breaches, which can result in serious legal and financial consequences. Maintaining data privacy in the workplace is mission-critical to ensure that employees’ personal information is kept secure and secure data is used to make important business decisions.

"Ethena helped us embed clear standards directly into how we operate and grow. That's what designing for trust at scale actually looks like."
— Jacob Leon Beier

"I needed to train 500 people on side agreements in two weeks. Ethena made it happen — custom content, quick turnaround, no drama."
— Darryl Cyphers, Jr.

"Making a custom training used to take hours. Now, it's as easy as uploading a PDF, and everything comes to you fully formatted. I was blown away."
— Giovanna Travieso