Your therapists treat patients in shared spaces, take progress photos, and share exercise programs. They need HIPAA training that covers the privacy challenges unique to PT.
Start 14-day free trialOpen treatment areas mean patients hear other patients' diagnoses, surgical histories, and treatment plans. Your therapists discuss clinical details across treatment bays without thinking about who's listening.
Range-of-motion videos, gait analysis recordings, and before/after progress photos taken on personal phones. They end up in camera rolls mixed with vacation photos -- identifiable PHI on unsecured devices.
Home exercise programs with patient names, diagnoses, and treatment goals texted or emailed to patients. That patient-specific HEP is PHI, and standard text messages aren't encrypted.
Multiple patients treated simultaneously in open gym spaces. Computer screens visible from treatment tables. Printed exercise sheets left on equipment. Every shared space is a potential exposure point.
Short audio-narrated lessons with knowledge checks. Your PTs, PTAs, aides, and front desk staff complete it in one sitting -- not spread across weeks of ignored reminders between patient sessions.
Your compliance dashboard shows which clinicians and support staff are trained, who's overdue, and who just onboarded. Pull audit-ready reports for accreditation surveys or insurance audits.
New PT aide? Expiring certificate? EZBunny sends reminders so you never have to chase a therapist between patients about their overdue HIPAA training.
Every certificate has a unique ID and a public verification link. When accreditation bodies, state boards, or insurance auditors ask, they can confirm it in seconds.
No per-seat charges. No hidden fees. Cancel anytime.
Open layouts create unique HIPAA challenges. Conversations can be overheard by other patients in adjacent bays. HIPAA requires reasonable safeguards: lowered voices for clinical discussions, treatment areas positioned for maximum privacy, private rooms for sensitive conversations, and staff trained on managing PHI in open environments. You don't need to rebuild -- but you need documented policies and training.
Yes, but the method matters. Home exercise programs with patient-specific details (name, diagnosis, goals) are PHI. Sending them via standard email or text is not compliant unless the patient consents after being informed of the risks. HIPAA-compliant portals or encrypted email are safest. Generic exercise handouts without patient identifiers are not PHI and can be shared freely.
Yes. Photos and videos that can identify a patient -- range-of-motion assessments, gait recordings, progress photos -- are PHI. They must be taken with consent, stored in compliant systems (not personal camera rolls), and access-restricted. Never share patient images via text or social media. Marketing use requires separate written HIPAA authorization.
PT aides, rehab techs, exercise physiologists, and front desk staff who interact with patients or access any patient information must receive HIPAA training. Even staff who only set up equipment may overhear clinical conversations and need to understand confidentiality requirements. Training covers Privacy Rule, Security Rule, and breach notification.
PT billing transmits significant PHI: demographics, ICD-10 codes, CPT codes, functional scores, and treatment plans. All electronic transmissions must be encrypted. Staff should only access what they need. Third-party billing companies need signed BAAs. Paper superbills and EOBs must be stored securely and shredded when no longer needed.
Evaluations, daily notes, functional assessments, and discharge summaries are all PHI. They must be in compliant systems with access controls. Position screens so other patients can't see records. Don't leave printed documentation on treatment tables. Electronic systems should auto-lock after brief inactivity and require unique credentials per staff member.
Takes minutes to set up. Your 14-day free trial starts right away.
Start 14-day free trialEZBunny provides HIPAA awareness training for educational purposes. We do not collect, store, or process Protected Health Information (PHI). Completion certificates show that training was completed but do not guarantee regulatory compliance on their own. We recommend consulting a qualified compliance professional for your specific obligations.