Training Records

HIPAA requires covered entities and business associates to train all workforce members on HIPAA policies and procedures. The Training Records module helps you track training completion, manage due dates, and maintain the documentation required under the 6-year retention rule.

Training Requirements

Two separate HIPAA provisions mandate training:

When Training Is Required

• New workforce members — Within a reasonable period after joining the organisation
• Material changes — When policies or procedures change in a way that affects duties
• Periodic refresher — Annual refresher training is widely accepted best practice
• Role-specific — Additional training for roles with elevated PHI access

Training Topics

A comprehensive HIPAA training programme should cover:

• HIPAA Privacy Rule overview and individual rights
• Permitted uses and disclosures of PHI
• Minimum necessary standard
• Security Rule safeguards and ePHI protection
• Password management and access controls
• Recognising and reporting security incidents
• Phishing and social engineering awareness
• Breach notification procedures and reporting obligations
• Business associate responsibilities (if applicable)
• Sanctions for HIPAA violations

Managing Training Records

For each training record in Venvera, track:

• Workforce Member — Name, role, and department
• Training Type — Initial, Annual Refresher, Role-Specific, Policy Change, or Remedial
• Training Topic — Subject matter covered
• Completion Date — When the training was completed
• Due Date — Next required training date
• Status — Completed, Overdue, Upcoming, Not Started

6-Year Retention Requirement

HIPAA requires that training documentation be retained for 6 years from the date of its creation or the date when it last was in effect, whichever is later (45 CFR 164.530(j)). Venvera enforces this retention period automatically.