The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects patient and research participant health information and informs patients and participants of their rights with respect to the Protected Health Information (PHI).
Who Needs It:
All workforce members (employees, trainees, and volunteers) at the locations listed below must take the online HIPAA Privacy and Security training within 5 days of employment, enrollment, or appointment. Health Care Component managers must also provide a written or oral review of their specific HIPAA Policies and procedures relevant to the employee’s duties prior to giving the employees physical or electronic access to PHI. The online HIPAA Privacy and Security training must also be taken annually.
Temporary employees and Volunteers are required to take online HIPAA Privacy and Security training if they will be volunteering for five days or more, regardless of whether the days are consecutive. Departments are required to provide personal HIPAA training to individuals who will provide services for fewer than five days before giving the individual physical or electronic access to PHI.
- Goddard Health Center (OU Health Services and University Counseling Center)
- Athletic Department (PROS and Center for Athletic Medicine)
- Office of Legal Counsel and University Collections
- Internal Auditing
- Financial Services
- Human Research Participant Protection Program/IRB
- Researchers and staff performing human subjects research that the IRB has indicated requires a HIPPA Authorization or HIPPA Waiver form
- Information Technology
- Printing Services
- Waste Management
- Human Resources (Benefits)
- Others as may be required
How to Take It: Log in with your OU username and password on the HIPAA Online Training site. If you don't have access to the training, ask your supervisor about it.
Who Needs It:
Supervisors or payroll coordinators will assign the once-yearly safety training below to employees based on job duties and work environment. Training assignments are submitted through the PeopleSoft ePAF system. Contact Payroll and Employee Services about how to assign the safety training. Contact the Environmental Health & Safety Office about training content or requirements.
When to Take It:
Training is required once a year. When it's time for you to take one of the online courses, you will receive an email from the OnPoint Learning Management System (LMS) which includes instructions and a link to access the online training. You may also log in directly to the OnPoint LMS and click on "Take Required Training." No action is required until you receive the email from OnPoint. The From address on the email will be "Learning System Administrator [nopreply@sumtotalsystems.com]".
- Bloodborne Pathogens: Job duties include the reasonable anticipation of exposure to human blood, tissue or cell lines.
- Tuberculosis: Job duties include patient care, working in a patient care setting or participation in the TB Skin Testing Program.
- Laboratory Safety: Job duties include the work or the supervision of work in a laboratory setting.
- DOT Shipping*: Job duties include the shipment of biological materials.
- First Responder: Police, Fire, Facilities Management, some Site Support and others as determined
- Biosafety Training: Employees working with all basic and clinical research activities involving recombinant and synthetic nucleic acid molecule, gene transfers, microorganisms, viruses and biological toxins. This includes anyone that is working in a laboratory where these activities take place.
*DOT Shipping training is required every three years.
Who Needs It: FERPA training is recommended for all employees whose job duties require that they regularly handle or review education records. Education records are defined as any student record that is maintained by the university.
When to Take It: FERPA training should be completed within the first 30 days of employment or before an employee can be given access to any student record systems including Banner and Cognos. This training should be successfully completed every 24 months after the initial FERPA training.
How To Take It: When it's time for you to take this training, you will receive an email from OnPoint Learning Management System which includes instructions and a link to this 30-minute online training. No action is required until you receive the email from OnPoint. The From address on the email will be "Learning System Administrator [noreply@sumtotalsystems.com]". You may also log in directly to the OnPoint LMS and click on "Take Required Training."
The University of Oklahoma complies with federal Red Flag regulations. The following links increase awareness of risks to individuals and describe OU's responses to any Red Flag issue.
University of Oklahoma, Police Department and Identity Theft:
University of Oklahoma, Information Technology
and Identity Theft:
University of Oklahoma, Information Technology and
Pay Card Industry (PCI) Compliance:
PCI Traning is assigned on an as-needed basis. If your position or duties require you to have a PCI card, it will be assigned to you through the Online Learning Management System.
Federal regulators of financial institutions and the Federal Trade Commission, 72 Fed. Reg. 63717 (November 9, 2007) published Red Flag regulations which require each financial institution or creditor that offers or maintains one or more covered accounts to develop and implement a "written Identify Theft prevention program" designed to detect, prevent and mitigate identify theft in connection with the opening of a covered account or any existing covered account.
Who Needs It:
A Campus Security Authority is an official of an institution who has significant responsibility for student and campus activities, including, but not limited to, campus police and campus security, individuals responsible for monitoring entrances into institutional buildings and/or property, individuals or organizations specified as a place where students and employees should report criminal offenses, student housing, student discipline, and campus judicial proceedings." For example, a dean of students who oversees student housing, a student center, or student extra-curricular activities, has significant responsibility for student and campus activities. Similarly, a director of athletics, a team coach, and a faculty advisor to a student group also have significant responsibility for student and campus activities. A single teaching faculty member is unlikely to have significant responsibility for student and campus activities, except when serving as an advisor to a student group or traveling on a university-sponsored overnight trip with students. A physician in a campus health center or a professional counselor in a counseling center whose only responsibility is to provide care to students is unlikely to have significant responsibility for student and campus activities. Clerical staff are unlikely to have significant responsibility for student and campus activities.
When to Take It:
Training is required once a year. When it's time for you to take the courses, you will receive an email from the OnPoint Learning Management System (LMS) which includes instructions and a link to access the online training. You may also log in directly to the OnPoint LMS and click on "Take Required Training." No action is required until you receive the email from OnPoint. The From address on the email will be "Learning System Administrator [nopreply@sumtotalsystems.com]". Employees who need this training, should have it designated by their departmental payroll coordinator in PeopleSoft.