25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

HIPAA Training for Physical Therapists

Posted By on Feb 8, 2026

Physical therapists must receive documented HIPAA training that covers the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule, is provided during onboarding and refreshed annually as an industry best practice, and is reinforced through security awareness training so protected health information is used, disclosed, safeguarded, and reported in a manner consistent with HIPAA requirements and organizational policies.

Physical therapy services routinely involve protected health information in evaluations, plan of care documentation, progress notes, referrals, prior authorizations, billing records, and communications with physicians, payers, and care coordinators. Training must account for these routine touchpoints where privacy, security, and incident reporting obligations arise.

HIPAA training should be provided to physical therapists during onboarding within a reasonable period after the start of work or access authorization and aligned with the point at which access to systems and records is granted. Training completion should be tracked before independent access to protected health information when operationally feasible.

Annual HIPAA training is an industry best practice. Annual HIPAA refresher training should reinforce rule requirements and recurring operational risk areas such as communications, documentation, access control behaviors, and incident reporting, while also addressing material changes to policies, technologies, or workflows.

HIPAA Rules That Drive HIPAA Training Requirements

The HIPAA Privacy Rule requires HIPAA Covered Entities to train workforce members on policies and procedures related to protected health information as necessary for them to perform their functions. Physical therapists need training that connects HIPAA Privacy Rule requirements to clinical documentation practices, permissible uses and disclosures, patient rights, and internal processes for handling requests and restrictions.

The HIPAA Security Rule requires HIPAA Covered Entities and Business Associates to implement a security awareness and training program for all workforce members, including management. Physical therapists commonly access electronic protected health information through electronic health record systems, scheduling systems, billing platforms, imaging repositories, and secure messaging tools. Security awareness training must address how to protect electronic protected health information and how to recognize and report security threats.

The HIPAA Breach Notification Rule requires covered organizations to evaluate impermissible uses and disclosures and to provide notices when a breach of unsecured protected health information occurs. Physical therapists need training on incident recognition and internal reporting pathways because early escalation supports timely investigation and notification decision-making.

HIPAA Training Curriculum for Physical Therapists

HIPAA training should begin with HIPAA rules and regulations to establish baseline requirements before internal policies and procedures. Internal policies then define how the organization applies HIPAA requirements in its environment, including approved tools, documentation standards, disclosure workflows, and reporting processes.

HIPAA Privacy Rule training should cover permitted uses and disclosures for treatment, payment, and healthcare operations and the limits that apply to other disclosures. Physical therapists often coordinate with referring providers, specialists, home health agencies, durable medical equipment suppliers, and payers. Training should address verification practices, documentation expectations, and how to respond to requests from family members or third parties.

HIPAA Minimum Necessary Rule should be addressed in the context of disclosures and access patterns that occur outside treatment. Physical therapy settings frequently involve disclosures to payers, employers in workers’ compensation contexts, attorneys, schools, and case managers. Training should cover how to limit information to the amount reasonably necessary for the purpose of the disclosure and how to follow organizational procedures for authorizations and release of information.

HIPAA Security Rule training should cover secure access, authentication, workstation practices, mobile device use, remote access, and secure transmission of electronic protected health information. Physical therapists often move between treatment areas, shared workstations, gyms, and patient rooms. Training should address screen privacy, session locking, secure storage of printed materials, and handling of patient exercise photos or videos when permitted by policy.

HIPAA Breach Notification Rule training should cover identification of potential incidents and the organization’s reporting process, including misdirected communications, lost devices, unauthorized access, and improper disposal of records. Training should reinforce that reporting is required when an issue is suspected, even when scope is unclear.

HIPAA security awareness training for physical therapists should address workforce behaviors that create security events, such as phishing, credential sharing, weak password practices, use of unapproved communication channels, and connecting to unsecured networks. Training should address reporting of suspicious emails, abnormal account behavior, and device loss without delay so the organization can initiate containment and investigation steps.

Online HIPAA Training for Physical Therapists

Online HIPAA training can support onboarding and annual refresher requirements when it covers HIPAA rules and regulations, requires completion verification, and produces completion documentation. The HIPAA Journal Training is online, comprehensive, and suitable for onboarding and annual refresher training.

The HIPAA Journal

HIPAA Training

for Employees

Our training provides employees with a clear and practical understanding of what to do and why in real-world HIPAA scenarios.

View Training

The Gold Standard in HIPAA Training

by The HIPAA Journal Team

HIPAA Training for Individuals

The HIPAA Journal

HIPAA Training for Employees

Our training provides employees with a clear and practical understanding of what to do and why in real-world HIPAA scenarios.

View Training
See Team Pricing
Talk To Us

The Gold Standard in HIPAA Training by The HIPAA Journal Team

Lessons Cover Emerging Issues Like AI Tools | CEUs & Certificate | Completion Tracking | HIPAA Training for Individuals

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist