5 interactive modules · 25 min · knowledge checks + final assessment
Preview the course →Free interactive preview — no purchase requiredAbout this product
Tier 2 healthcare-specific training. Six modules: what HIPAA actually requires (Privacy + Security Rules in plain English); PHI handling in modern channels (email, secure messaging, AI tools, personal devices, voicemail, calendars); the breach notification process (presumed breach, 60-day federal timeline, state law overlays); real OCR enforcement patterns (lost devices, snooping, phishing, BA failures); the 2025 proposed HIPAA Security Rule update (mandatory MFA, encryption, network segmentation). Grounded in real OCR settlements. 10-question final assessment.
What's included
- 6 modules (~25 min total) as HTML5
- 10-question final assessment with score interpretation
- Healthcare-specific security checklist
- 2025 Security Rule update preview
- Customizable for your covered entity / BA context
- SCORM export — coming soon
Who it's for
- Healthcare provider workforce members
- Health plan and clearinghouse employees
- Business Associates handling PHI
- Healthcare vendors and subcontractors
Available formats
Responsive, self-contained course — works on any device. Includes knowledge checks and a scored final assessment.
SCORM 1.2 & 2004 package for your LMS (Workday, Cornerstone, Docebo, Litmos, and more) — tracks completion and assessment scores.
Licensing
Single-organization license. Customize freely with your brand and policies.
Related products
Compliance Crosswalks — Map Awareness Training to Your Framework
Defensible mappings of every ForgeAwareness product to NIST CSF 2.0, ISO 27001:2022, CIS Controls v8.1, SOC 2, PCI DSS 4.0.1, and HIPAA — plus 8 audit-evidence templates auditors actually accept.
Data Classification & Handling
A 25-minute course on a four-tier classification system (Public / Internal / Confidential / Restricted), how to recognize what level you're holding, and where each level is allowed to go.
Secure AI Use: Foundations
A 20-minute course that teaches every employee what's safe to paste into AI, how to spot AI-powered phishing, and how to use AI output without getting burned.