Please review each item and confirm you understand these HIPAA requirements. Check off each item once you're confident you could apply it in your role.

• I understand what Protected Health Information (PHI) is

  PHI includes any information that can identify a patient and relates to their health, treatment, or payment—names, dates, medical records, insurance info, etc.Required
• I understand the minimum necessary standard

  Only access, use, or disclose the minimum amount of PHI needed to do your job. Don't look up patients out of curiosity.Required
• I understand when PHI can be disclosed

  PHI may be shared for treatment, payment, and healthcare operations, or with patient authorization. When in doubt, ask your supervisor.Required
• I understand patient rights under HIPAA

  Patients can request access to their records, ask for corrections, and request restrictions on how their PHI is used or shared.Required
• I will protect PHI in conversations

  Avoid discussing patient information in public areas. Lower your voice and verify who you're speaking with before sharing PHI.Required
• I will protect physical PHI

  Keep paper records in locked cabinets, don't leave charts unattended, and position screens away from public view.Required
• I will protect electronic PHI

  Use strong passwords, lock your workstation when stepping away, don't share login credentials, and only access PHI on approved devices.Required
• I understand secure communication requirements

  Only send PHI through approved, encrypted channels. Never send PHI via personal email or unsecured text messages.Required
• I will not post PHI on social media

  Never post patient information, photos, or stories—even without names—on any social media platform.Required
• I will report suspected breaches immediately

  If you suspect PHI has been accessed, lost, or disclosed improperly, report it to your supervisor or privacy officer right away.Required
• I will secure mobile devices

  Enable passcodes, use encryption, and never store PHI on personal devices unless explicitly authorized.Required
• I understand the consequences of HIPAA violations

  Violations can result in disciplinary action, termination, fines, and even criminal charges depending on severity.Required
• I have completed the required HIPAA training

  I confirm I have completed all assigned HIPAA training materials before signing off on this acknowledgment.Required