Call +1 (877) 958-8900

HIPAA / PHI Security Training Privacy Policy

Privacy practices for HIPAA / PHI Security Training pages, purchases, contact forms, training workflows, certificates, and group-purchase services.

Effective Date: June 4, 2026

1. Introduction

This Privacy Policy explains how information is collected, used, disclosed, retained, and protected when you access or use HIPAA / PHI Security Training services. These services include the public HIPAA landing pages, individual seat purchases, group-purchase requests, access-code programs, training and quiz workflows, certificate generation, certificate validation, support requests, and related communications.

By using these services, you agree to the collection and use of information as described in this policy and in the applicable Terms.

2. Information We Collect

Contact and Organization Information

We may collect name, email address, phone number, organization name, business contact details, billing contact details, result or reporting contact details, and support-message content.

Purchase and Access-Code Information

For individual seats or group purchases, we may collect requested seat counts, selected package information, payment status, access-code usage, sponsor or organization associations, purchase acknowledgments, invoice or checkout metadata, and setup notes.

Training, Quiz, and Certificate Information

We may collect training progress, quiz attempt status, pass/fail status, score, completion date, certificate identifiers, certificate expiration, certificate validation activity, and related audit records.

Technical and Usage Information

We may automatically collect IP address, browser and device details, pages visited, timestamps, referring URLs, cookies or similar technologies, security logs, and usage patterns needed to operate and protect the service.

3. How We Use Information

Information is used to:

  • Provide HIPAA / PHI Security training, quiz access, retests, and completion certificates.
  • Process individual and group purchases, access-code setup, and payment-related workflows.
  • Support organization-level completion reporting where an organization purchased or sponsored training seats.
  • Respond to support, privacy, billing, group-purchase, and certificate-validation requests.
  • Maintain service integrity, security, audit logs, fraud prevention, and operational records.
  • Improve training workflows, user experience, documentation, and support operations.
  • Comply with applicable legal, regulatory, accounting, tax, and recordkeeping obligations.

4. How Information Is Shared

We do not sell personal information or training completion information. Information may be shared with:

  • Service providers that support hosting, payment processing, email delivery, SMS delivery where enabled, certificate generation, analytics, security, and customer support.
  • Authorized organization contacts when a learner uses an organization-sponsored seat, access code, or group-purchase program that includes completion reporting.
  • Payment processors and financial service providers as needed to process purchases, refunds, invoices, chargebacks, and payment records.
  • Legal, compliance, security, or public authorities when required by law or necessary to protect rights, safety, service integrity, or prevent misuse.

5. HIPAA, PHI, and Workforce Training

The training service is designed to support HIPAA and PHI security-awareness education. Not every piece of information collected through the service is Protected Health Information. When information is handled on behalf of a covered entity, business associate, healthcare provider, employer, sponsor, or other organization, the applicable contract, policy, and law determine whether HIPAA or other privacy rules apply.

Where applicable, administrative, technical, and physical safeguards are used to protect information. Organization purchasers are responsible for their own HIPAA compliance programs, workforce policies, authorization practices, and internal use of completion reports.

6. Group Purchases and Completion Reporting

Organizations that buy or sponsor seats may request completion reporting. Reporting may include learner identity, organization, access-code association, status, completion date, pass/fail status, score, certificate expiration, and certificate validation link when available. Learners using organization-sponsored seats should expect that completion information may be shared with authorized organization contacts.

7. Cookies and Similar Technologies

Cookies and similar technologies may be used for core functionality, security, session management, analytics, and service improvement. Browser settings may be adjusted to refuse cookies, but some features may not work properly.

8. Data Security

Reasonable and appropriate safeguards are used to protect information from unauthorized access, loss, misuse, or alteration. No system is completely secure, and use of online services carries inherent risk.

9. Data Retention

Information is retained as long as needed to provide training, validate certificates, support group reporting, maintain audit records, resolve disputes, enforce agreements, and comply with legal obligations. Certificate and purchase records may be retained after a learner completes training so completion can be validated and audited.

10. Your Choices and Requests

Depending on applicable law, you may be able to request access, correction, deletion, restriction, or information about how your data is used. Some requests may be limited by security, legal, accounting, certificate-validation, or organization-reporting obligations.

Submit requests through the HIPAA support form.

11. Communications

Training-related communications may include purchase confirmations, access-code setup, training reminders, certificate delivery, group-purchase updates, support replies, and service notices. Non-essential communications may include opt-out instructions when applicable.

12. Children

The service is intended for adult learners, workforce members, and organization contacts. It is not directed to children under 13.

13. Third-Party Services

Payment processors, email/SMS providers, hosting providers, analytics tools, and other service providers may process information according to their own privacy and security practices. Links to external resources are provided for convenience and do not control those third-party practices.

14. Changes to This Policy

This Privacy Policy may be updated from time to time. The updated effective date will be posted on this page. Continued use of the service after changes are posted constitutes acceptance of the updated policy.

15. Contact

Questions about privacy or information handling can be submitted through the HIPAA support form.