A tailored course, built for your situation
Mastering HIPAA for Senior Compliance Leaders
Build deeper command of HIPAA’s structure, controls, and real-world application across complex health data environments.
The situation this course is for
Generic courses don’t reflect the depth of decision-making required when handling cross-system data flows, enforcement precedents, or novel use cases. Practitioners with long-cycle experience deserve training that matches their level of exposure.
Who this is for
Senior privacy and compliance leaders with 10+ years in healthcare regulation, particularly those who shape policy, oversee audits, or lead vendor risk decisions.
Who this is not for
Entry-level compliance staff, one-time auditors, or professionals outside healthcare data regulation.
What you walk away with
- Map HIPAA controls to technical and administrative systems with confidence
- Anticipate regulator expectations in complex or edge-case scenarios
- Structure compliance workflows that compound across audits and reviews
- Explain deviations and design choices using authoritative sources and precedent
- Own internal training and policy updates without senior review
The 12 modules (with all 144 chapters)
- Origins of the HIPAA framework
- Core components of Title II
- Privacy Rule scope and applicability
- Security Rule technical safeguards
- Administrative safeguards deep dive
- Physical safeguards overview
- Breach Notification Rule thresholds
- Enforcement Rule penalties and history
- Definition of a covered entity
- Business associate relationship rules
- Minimum Necessary Standard application
- Safe harbor under de-identification
- Permitted versus required disclosures
- Patient rights under HIPAA
- Authorization form requirements
- TPO purposes defined
- Marketing and fundraising exceptions
- Psychotherapy notes special handling
- Accounting of disclosures process
- Right to amend records
- Right to request restrictions
- Right to receive paper copy
- Notice of Privacy Practices standards
- Language access and translation rules
- Unique user identification
- Access control policies
- Role-based access design
- Emergency access procedures
- Automatic logoff settings
- Encryption standards for data at rest
- Encryption standards for data in transit
- Decryption capability assurance
- Audit controls implementation
- Mechanism to authenticate ePHI
- Transmission security overview
- Integrity control methods
- Security management process
- Risk analysis best practices
- Risk mitigation planning
- Sanction policy enforcement
- Information system activity review
- Workforce training requirements
- Workforce compliance oversight
- Evaluation standard application
- Business associate agreements
- BAI oversight process
- Contingency planning scope
- Data backup and storage
- Definition of a breach
- Four-factor risk assessment
- Low probability of compromise
- Unauthorized acquisition test
- Harm not required for breach
- Notification timelines
- Individual notification rules
- Media notification triggers
- HHS reporting thresholds
- State law preemption analysis
- Documentation of determination
- Internal escalation path
- Defining a business associate
- BA agreement required elements
- Subcontractor liability chain
- Right to audit clause design
- Data return or destruction terms
- Enforcement precedent review
- Cloud service provider rules
- Email provider compliance
- Hosting provider obligations
- Software vendors as BAs
- BAI risk scoring system
- Third-party assessment workflow
- Compliance program lifecycle
- Policy development workflow
- Control mapping technique
- Compliance calendar planning
- Audit preparation process
- Internal monitoring system
- Corrective action tracking
- Leadership reporting format
- Resource allocation strategy
- Third-party audit coordination
- Regulator inspection readiness
- Continuous improvement loop
- Top audit findings history
- Common Security Rule failures
- Privacy Rule complaint origins
- Breach reporting violations
- Most frequent financial penalties
- Settlement agreement analysis
- Corrective action plans
- State attorney general actions
- HIPAA-HITECH intersection
- Enforcement discretion examples
- Largest settlements breakdown
- Emerging OCR priorities
- State law preemption framework
- Stricter privacy laws
- Consumer protection statutes
- Data breach notification laws
- Health privacy laws by state
- Minors’ consent rules
- Mental health records laws
- Substance use disorder rules
- Workers’ compensation conflicts
- Law enforcement disclosure rules
- Judicial order handling
- Attorney-client privilege
- AI-driven analytics compliance
- Telehealth data handling
- Remote monitoring systems
- Wearable device data
- Mobile app risk assessment
- Chatbot use in healthcare
- Natural language processing
- Cloud-based EHR systems
- Blockchain for health data
- API security design
- De-identification for research
- Synthetic data use cases
- Role-based training matrix
- Annual training requirement
- Security awareness content
- Phishing simulation use
- New hire onboarding
- Refresher training timing
- Manager accountability
- Disciplinary action policy
- Third-party training
- Documentation standards
- Training effectiveness review
- Culture of compliance
- Change management process
- Policy version control
- Control monitoring system
- Regulatory scanning workflow
- Industry peer benchmarking
- Internal audit frequency
- Feedback loop integration
- Leadership review cadence
- Technology refresh planning
- Compliance documentation archive
- Knowledge transfer strategy
- Succession planning
How this maps to your situation
- Preparing for OCR audit
- Managing third-party risk
- Updating legacy compliance program
- Scaling compliance across systems
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: 60 hours of self-paced learning, designed for completion over 8 weeks with 6-8 hours per week.
How this compares to the alternatives
Unlike generic HIPAA overviews that end at basic checklists, this course is built for practitioners with long-cycle experience, focusing on structural mastery, enforcement precedent, and real-world decision frameworks.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.