Skip to content Skip to navigation

HIPAA Training FAQs

Do I need to enroll in HIPAA training?

All members of the Stanford University workforce who perform work and/or research in a department within the Stanford University HIPAA Components (SUHC) are required to complete the "Protecting Patient Privacy" HIPAA training module in Law Room within thirty (30) days of their hire.  SUHC workforce members include faculty, staff, students, postdocs, volunteers, as well as visitors who may have either direct or indirect access to patients or their health information.  Training assignments are made by Human Resources, a departmental administrator (or track manager) or the Stanford University Privacy Office.  Contact your supervisor or the Stanford University Privacy Office, hipaatraining@stanford.edu, if you have any questions about enrollment.

Who should take the HIPAA Research Module?

All members of the Stanford University workforce, whether salaried or non-salaried, who perform human subjects research within the Stanford University HIPAA components (SUHC) are required to complete the “Protecting Patient Privacy for Clinical Researchers” training in Law Room within thirty (30) days of their hire and no less than annually thereafter.  SUHC workforce members who must complete the research training module include:

  • Protocol directors, research investigators and their support staff who submit new, modified, exempt IRB protocols or work with patients or patient information.
  • Any research staff who come into direct contact with a research subject or his/her PHI.  This includes graduate students, post-doctoral fellows, clinical research coordinators, data entry specialists, statisticians, and laboratory personnel.

Training assignments are made by Human Resources, a departmental administrator or track manager or the Stanford University Privacy Office.  Contact your supervisor or the Stanford University Privacy Office, hipaatraining@stanford.edu, if you have any questions about enrollment.

How often do I need to take HIPAA training?

SUHC workforce members receive HIPAA training within thirty (30) days of their hire.  In addition, SUHC workforce members are expected to complete an updated Privacy training annually after their hire date or sooner if federal or state laws and regulations change.

How do I enroll in HIPAA training?

The HIPAA training modules are available through Law Room.  Consult with HR, your departmental administrator (or track manager) or the Stanford University Privacy Office to determine how to enroll in and complete the training.

I completed my HIPAA training, how do I obtain a certificate of completion?

To receive a certificate of completion, send an email to: hipaatraining@stanford.edu and request proof of HIPAA training completion.  You will be e-mailed a PDF copy of your certificate to keep for your records.

I completed my HIPAA training, but my completion status is not updated in STARS, does that mean that I didn’t actually complete HIPAA training and need to retake it?

SUHC HIPAA training is completed in a training host called Law Room.  Because Law Room is a different training host than STARS, certificates of completion are not stored in STARS and your completion status may not be properly updated in STARS.  Instead, your HIPAA completion records are stored in the Law Room database.  If you have questions about whether or not you completed HIPAA training or would like to request a certificate of completion, send an email to: hipaatraining@stanford.edu and a record of your completion is stored in the Law Room database.