HIPAA Privacy and Security Rules (by LabCE)

2 P.A.C.E. contact hour(s)

(based on 8,436 customer ratings)

Authors: Debbie Sabatino and Paul Fekete, MD
Reviewer: Maria C. Graña, MT(ASCP)SHCMCQA(ASQ)

Course provided by LabCE.

This course, using examples specific to the clinical laboratory, covers the HIPAA privacy regulations and treatment of protected health information (PHI) in a succinct manner. Content is directed at laboratory staff, from desk personnel to phlebotomists to medical technologists. Includes numerous interactive case studies. Appropriate for annual HIPAA training for laboratory staff. Key areas covered include technical and physical safeguards, minimum necessary standard, administrative requirements, and authorization.

See more courses in: HIPAA

Continuing Education Credits

P.A.C.E.® Contact Hours (acceptable for AMT, ASCP, and state recertification): 2 hour(s)
Course number 578-010-19, approved through 2/28/2021
Florida Board of Clinical Laboratory Personnel Credit Hours - Supervision/Administration, Quality Control/Quality Assurance, and Safety: 2 hour(s)
Course number 20-705010, approved through 9/1/2022


  • Define HIPAA.
  • Define "covered entities" and "business associates" and list which individuals, groups, or organizations are included in each category.
  • Explain what is meant by protected health information, who is authorized to view this information, and safeguards to prevent unauthorized access.
  • Be able to apply HIPAA privacy and security requirements to your daily clinical responsibilities.

Customer Ratings

(based on 8,436 customer ratings)

Course Outline

  • Overview of HIPAA
      • What is HIPAA?
      • Updates for 2013
      • Updates for 2013, continued
      • Who Does HIPAA Apply To?
      • Privacy is Your Responsibility.
      • Importance of Privacy - An Example
      • Relevant Components of HIPAA
  • HIPAA Privacy Rule
      • What is the HIPAA Privacy Rule?
      • What Information is Protected?
      • The HIPAA Privacy Rule
      • Complaints Regarding HIPAA Non-compliance
      • Investigation
      • Individual's Rights Under HIPAA
      • HIPAA Enforcement
      • Administrative Requirements
      • Safeguards
      • Physical Safeguards
      • Administrative Safeguards
      • Technical Safeguards
      • Fax Machines
      • Notification
      • Authorization
      • Limiting Use and Disclosure of PHI
      • Minimum Necessary Use and Disclosure
      • Business Associate Agreement
      • Business Associates And the Privacy Rule
      • HIPAA Breach Notification Rule
      • HIPAA Breach Notification Rule, continued
      • De-Identified Health Information
  • HIPAA Security Rule
      • What is the HIPAA Security Rule?
      • What is Electronic PHI (ePHI)?
      • Security Officer
      • Safeguards
      • Administrative Safeguards
      • Physical Safeguards: Access Controls
      • Physical Safeguards: Storage and Disposal of Media
      • Technical Safeguards: System Access Control
      • Technical Safeguards: Passwords
      • Protection Against Viruses and Malicious Software.
      • E-mail Security
  • Conclusion
      • Follow your own Facilities' Policies and Procedures.
  • References
      • References

Additional Information

Intended Audience: All health care personnel

Level of Instruction: Basic

Author Information: Debbie Sabatino has over 20 years of progressive technical, operational, business development and risk management experience in the health care field. Currently, she is the Senior Manager, Enterprise Risk at McMaster University. Previously, she held the position of Director, Privacy for MDS Laboratory Services, which includes both Canadian and US Operations. As privacy expert for the organization, Ms. Sabatino is responsible for the development, implementation and ongoing success of the Laboratory Services privacy program as well as the company’s global privacy approach. Debbie is a member of the International Association of Privacy Officers (IAPO), and the Conference Board of Canada Chief Privacy Officers Council.
Author Information: Paul Fekete, MD is Medical Director for MediaLab, Inc. He was formerly Assistant Professor of Pathology at Emory University, and was Director of Laboratories for Gwinnett Health System, near Atlanta. Dr. Fekete has extensive experience teaching, and is the author of numerous journal articles, and several book chapters. He additionally has extensive experience in instructional design.
Reviewer information: Maria C. Graña, MT(ASCP)SHCM is the Hematology Laboratory Manager at Baptist Hospital of Miami, Miami, Florida. She is certified as a Quality Auditor by ASQ.

How to Subscribe
Histology CE (by LabCE)
Package of 34 online courses$65
ASCLS members save $10
Add to cart
MLS & MLT Comprehensive CE Package (by LabCE)
Package of 119 online courses$95
Add to cart
Phlebotomy CE (by LabCE)
Package of 20 online courses$45
Add to cart
Single online course$20
Add to cart
  • Order for instant access through any computer, any browser.
  • No shipping, faxing, or waiting for certificates.
  • Print or save your certificate of completion as soon as you've completed the course.
  • You'll have 90 days to complete your purchased courses.
Course provided by LabCE.
What is HIPAA.jpg

keys security access

Privacy is your responsibility

tech on phone

Administrative Safeguards.jpg

ASCLS CE's design and platform are provided by MediaLab, Inc.