Stanford
University Privacy Office

HIPAA Training FAQs

Note:  For all STARS technical issues and enrollment and completion questions, please directly contact the STARS team or refer to the STARS FAQs.  The University Privacy Office can answer questions about substantive course content, but isn’t positioned to answer questions related to STARS.

How do I enroll in HIPAA training?

The HIPAA training modules are available in STARS. You can search "HIPAA/Protecting Patient Privacy" in the STARS catalog, or use the following link to enroll in the course: 
HIPAA/Protecting Patient Privacy

To access the "HIPAA Privacy For Researchers" course, use this link to enroll:
HIPAA Privacy For Researchers

If you need additional assistance, please contact the STARS team, or refer to the STARS FAQs.

Who needs to complete the HIPAA training?

All members of the Stanford University workforce who perform work (paid or unpaid), study, or do research in a department within the Stanford University HIPAA Components (SUHC) are required to complete the Stanford "HIPAA/Protecting Patient Privacy" training within thirty days of joining Stanford and annually thereafter.  The department you work in determines if you are required to complete the “HIPAA/Protecting Patient Privacy” training – regardless of whether or not you work with health data.    The training is completed through the Stanford University STARS training system. SUHC Workforce members include faculty, staff, students, postdocs, volunteers, as well as visitors who may have either direct or indirect access to patients/research participants or their health information.

If you have any questions about enrollment or whether you a required to complete the training, contact your supervisor.

Who should take the HIPAA Research Module (HIPAA Privacy for Researchers)?

All members of the Stanford University Workforce, who conduct human subjects research within the Stanford University HIPAA components (SUHC) are required to complete an additional HIPAA training, “HIPAA Privacy For Researchers," within thirty days of joining Stanford and annually thereafter. SUHC Workforce members who must complete the research training module include protocol directors, research investigators and their support staff who may have either direct or indirect access to research participants or their health information.  Support staff can include graduate students, post-doctoral fellows, clinical research coordinators, data entry specialists, statisticians, and laboratory personnel.

Note you must first complete the “HIPAA/Protecting Patient Privacy” training before you can complete the researcher training.

Contact your supervisor if you have any questions about enrollment.

How often do I need to take HIPAA training?

SUHC Workforce members must receive HIPAA training within 30 days of joining Stanford. In addition, SUHC Workforce members must renew their HIPAA training annually after joining Stanford, or sooner if federal or state laws and regulations change. The University implements an annual renewal period every year during the fall (October – December).  For new hires or staff who have taken HIPAA Protecting Patient Privacy training on or after June 1, will receive credit for training for the upcoming year.  

How do I obtain a certificate of completion?

After you complete the training in STARS you will receive an email confirming your completion. You can print a certificate of completion from your STARS “All Learning Page.”  

Go to your training history in STARS and click on the print icon located to the far right of the training title to print you certificate.

Please contact the STARS team for additional assistance or refer to the STARS FAQs for more information.

If you completed your training in Healthstream, please send an email to  complianceofficer@stanfordhealthcare.org  to request your certificate of completion. 

If I completed my training in Healthstream or the VA, do I have to take it again?

Please contact the STARS team and they will mark your training as complete.

If I completed my training in an external system, outside of Stanford, do I have to take it again?

Yes, all members of the Stanford University workforce who perform work (paid or unpaid), study, or do research in a department within the Stanford University HIPAA Components (SUHC) are required to complete the Stanford "HIPAA/Protecting Patient Privacy" training within thirty days of joining Stanford and annually thereafter.

Can I have an extension for my HIPAA Training?

We are unable to change the training due date.  Please complete the training as soon as possible, to help maintain Stanford’s compliance with law.

I need to take the HIPAA training, but nothing is listed in STARS.

Please contact the STARS team or refer to the STARS FAQs.

I took the training, but STARS does not show the training as complete

Please contact the STARS team or refer to the STARS FAQs.