HIPAA Training for Urgent Care

Rotating staff, shared terminals, 40 patients a day. HIPAA still applies

Name: EZBunny HIPAA Training for Urgent Care Centers
Brand: EZBunny
Price: 449.00 USD
Availability: InStock

A walk-in registers on the kiosk while three providers share a workstation and your front desk juggles intake forms. Urgent care moves fast, but HIPAA doesn't have a speed exception. EZBunny covers the scenarios your team deals with every shift.

Train my urgent care team

HIPAA is the federal law that protects patient health information. Annual training is the industry standard.

Breaches affecting 500+ individuals are published on the HHS Breach Portal (the "Wall of Shame"), a permanent, public record. Training your team is the most effective way to avoid it.

And it gets stricter. States like California (CMIA) and Texas (HB 300) impose penalties beyond federal HIPAA. Your team needs to meet the highest standard.

Step 1: Sign up Step 2: Invite team Step 3: Done by lunch

25+ courses your urgent care team actually needs

Beyond HIPAA, your team needs OSHA safety training, fraud prevention, cybersecurity awareness, and state-specific compliance. EZBunny covers it all in one subscription.

Browse All Courses →

The compliance gaps urgent care can't afford

The Risk

How EZBunny Helps

$400,000 for intake forms in a dumpster

Patient intake forms with Social Security numbers and insurance details were found in an unlocked dumpster behind the clinic. Nobody shredded them.

Fits between shifts, not instead of them

Audio-narrated lessons with quick knowledge checks. Providers and front desk staff finish in one sitting, even on a busy day. No off-site seminar, no blocked schedule.

Three providers, one terminal, zero log-outs

Provider A walks away, Provider B sits down and sees A's last patient chart still open. At urgent care volume, this happens multiple times a shift.

Track every provider across every shift

Your dashboard shows who's trained, who's overdue, and who just joined, including part-time and locum tenens staff. Pull a report for an auditor in two clicks.

Walk-in kiosks in full view of the lobby

Patients register on shared tablets within earshot and eyeshot of the waiting room. One screen that doesn't clear is a privacy incident.

New hire Friday, trained by Monday

Rotating staff? High turnover? EZBunny sends training invites automatically. When a certificate's about to expire, the reminder goes out. You don't track any of it.

Records going back to the patient's PCP

After the visit, your staff faxes or sends follow-up notes to the patient's primary care doctor. Each handoff is a disclosure that needs to be secure and documented.

Certificates auditors can verify online

Each certificate has a unique ID and public verification link. Credentialing bodies, corporate partners, or state auditors can confirm it in seconds.

Same price whether you staff 5 per shift or 50

No per-seat charges. No hidden fees. Cancel anytime.

How big is your team?

Typical compliance training (5 courses) $4,050/yr

EZBunny $449/yr

Your cost per person $14.97/person/yr

You save $3,601/yr (89%)

Start saving

Compare HIPAA training options for urgent care clinics →

Beyond HIPAA: All the Training Urgent Care Centers Need

HIPAA is just the start. Here's what urgent care teams also need.

OSHA Safety (Required)

High-volume clinical environments require Bloodborne Pathogens, OSHA General Safety, Hazard Communication, and Infection Control training. If you're AAAHC accredited, Infection Control is explicitly required. OSHA enforces these independently of HIPAA.

Workplace Violence Prevention

Urgent care centers see higher rates of patient agitation and violence than other outpatient settings. If you operate in California, New York, Oregon, or Washington, Workplace Violence Prevention training is required by state law. It's a recognized best practice everywhere else under OSHA guidance.

Fraud, Waste & Abuse

CMS FWA training is required if your center bills Medicare or Medicaid. Billing staff and providers need to understand billing compliance, upcoding risks, and OIG guidelines. Compliance & Ethics training covers the broader fraud prevention framework.

Emergency Preparedness (If AAAHC Accredited)

AAAHC-accredited urgent care centers must have Emergency Preparedness training. Even without accreditation, this training helps your team respond to mass casualty events, natural disasters, and active shooter scenarios.

Cybersecurity Awareness

Multi-provider urgent care chains are targets for ransomware. Phishing awareness training helps rotating staff, who may be less familiar with your systems, recognize and report suspicious emails before they become incidents.

Mandatory Reporting (Required)

Providers at urgent care centers encounter domestic violence, child abuse, and elder abuse in walk-in populations at higher rates than scheduled care. Mandatory Reporting training ensures your clinical staff understands their reporting obligations.

Training by Role

Different roles need different courses. Here's a breakdown for urgent care teams.

Role	Core Courses	Additional
Physician / NP / PA	HIPAA Privacy & Security, Bloodborne Pathogens, CMS FWA, Compliance & Ethics, Mandatory Reporting, OSHA General Safety, Sexual Harassment Prevention	Medical Records; Telehealth if applicable
Medical Assistant	HIPAA Privacy & Security, Bloodborne Pathogens, Infection Control, OSHA General Safety, HazCom, Sexual Harassment Prevention
Radiology / X-Ray Tech	HIPAA Privacy & Security, Bloodborne Pathogens, OSHA General Safety, Sexual Harassment Prevention
Front Desk / Registration	HIPAA Privacy & Security, Sexual Harassment Prevention, Business Associate Awareness	Phishing & Risk Analysis
Center Manager	HIPAA Privacy & Security, CMS FWA, Compliance & Ethics, Mandatory Reporting, Medical Records, Sexual Harassment Prevention	Cybersecurity, Workplace Violence Prevention
Lab Staff	Bloodborne Pathogens, HIPAA Privacy & Security, Infection Control, OSHA General Safety, HazCom, Sexual Harassment Prevention
Billing Staff	HIPAA Privacy & Security, CMS FWA, Compliance & Ethics, Medical Records, Phishing, Sexual Harassment Prevention

State-Specific Requirements

State-specific content currently covers CA, TX, FL, NY, and IL. Additional states may have requirements not listed here.

If you operate in California: CMIA privacy training; workplace violence prevention (SB 553, required for all CA employers); cultural competency for licensed clinical staff
If you operate in Texas: HB 300 privacy training within 90 days of hire - Texas penalties up to $1.5M per incident
If you operate in Florida: HIV/AIDS training for applicable licensed practitioners per FL Statute 381.0034
If you operate in New York: Infection control every 4 years for licensed clinical staff (PHL Section 239); workplace violence prevention (NY Labor Law); sexual harassment prevention annually

Proposed changes to the HIPAA Security Rule (expected 2026) may expand cybersecurity requirements for urgent care centers. Browse all 25+ courses →

HIPAA questions we hear from urgent care centers

How do you handle HIPAA training for part-time and rotating urgent care staff?

Every person who accesses PHI must complete HIPAA training before handling patient information, including part-time and locum tenens staff. For urgent care centers with high staff turnover, on-demand online training is the most practical approach: new staff complete it on their first day, and the compliance dashboard tracks who has and has not finished.

What are the HIPAA rules for shared workstations in urgent care?

Shared workstations must have automatic session timeouts, individual logins, and privacy screens, with no exceptions for fast-paced environments. Staff must log out or lock screens when stepping away, even briefly. Recommended timeout is 2-5 minutes of inactivity, and no shared passwords are permitted. Shared workstations are one of the most common HIPAA audit findings in urgent care settings.

How should urgent care centers send patient records to the primary care physician?

Sending records to a patient's PCP is permitted under HIPAA's treatment exception but must use encrypted, verified transmission. The information must be transmitted securely via encrypted EHR-to-EHR messaging, secure fax, or a HIPAA-compliant health information exchange. Staff should verify the recipient's fax number or address before sending, share only the minimum necessary information, and document the disclosure.

What are the HIPAA requirements for walk-in patient registration?

Walk-in registration must prevent other patients from seeing or hearing PHI during check-in. Sign-in sheets should not require patients to list their reason for visit. Registration conversations should take place at a private window or lowered voice. Electronic check-in kiosks should have privacy screens and automatic session clearing. Patients must receive a Notice of Privacy Practices.

What is the breach notification timeline for urgent care facilities?

You must notify affected individuals within 60 days of discovering a breach of unsecured PHI. For breaches affecting 500 or more individuals, you must also notify HHS and prominent media outlets in the affected area within the same 60-day window. The 60-day clock starts when the breach is discovered or reasonably should have been discovered, not when it occurred.

Cover your whole center, every shift, every provider

Set up takes about 5 minutes. Try it free for 14 days.

Get started free

Training requirements vary by organization type, size, state, payer mix, and accreditation. This guide reflects common federal and state requirements as of April 2026 and is not legal advice. Consult your compliance officer or legal counsel for requirements specific to your organization. State-specific content currently covers CA, TX, FL, NY, and IL. Additional states may have requirements not listed here. Last reviewed: April 2026.