Your healthcare clients trust you with patient data. Get your team HIPAA trained.
You send the claims, manage the systems, build the software, or run the campaigns. When your work touches patient data, your team needs HIPAA training, the kind that keeps contracts moving and clients confident.
Train my teamRun a practice instead? → provider plans
If your company creates, receives, maintains, or transmits patient information for a healthcare client, you're likely a business associate under HIPAA. Put simply: if a healthcare client lets your team see, store, or handle their patients' information, HIPAA most likely applies to you, and your team needs training.
Is this you?
You don't need the words "business associate" to recognize the work. If your company does any of this for healthcare clients, HIPAA training applies to your team.
You send claims for clinics
Medical billing and revenue cycle teams handle patient and payment data every day. That data is exactly what HIPAA protects, and the people who touch it need HIPAA training.
You manage a practice's computers
IT shops and managed service providers with access to a healthcare client's network, servers, or backups can reach patient data, even when they never open a chart.
Your software stores patient records
Health-tech and SaaS teams whose product stores, transmits, or processes patient data are handling it through their systems, support tickets, and servers.
You run ads for a medical practice
Marketing and creative agencies that work with patient lists, intake forms, or campaign data for healthcare clients can end up handling patient information too.
Companies that do this kind of work are often what HIPAA calls business associates. Want the legal detail, the business associate agreement (BAA) requirements, and how the subcontractor chain works? Read our business associate training guide →
Proof your healthcare clients will actually ask for
Before a healthcare client signs a business associate agreement or finishes a vendor security questionnaire, they want to see that your team is trained. EZBunny turns that into a one-click answer.
Verifiable certificates
Each team member earns a certificate with a unique ID and a public verification link. Your client can confirm any person's training without going through you.
Audit-ready export
Your training dashboard shows who's trained and who's due. One click exports a report you can attach to a security questionnaire or BAA review.
Answer the questionnaire in minutes
When a client's vendor risk form asks whether your workforce is HIPAA trained, you already have the evidence on hand. No scramble, no stalled deal.
One flat price for your whole team. Everyone who touches client data, covered
No per-seat charges. No hidden fees. Cancel anytime.
$449/year founder pricing, locked at signup for 2 years (standard $699/year). One flat fee covers up to 50 team members. Figures are estimates for comparison, not a quote.
Start savingWhere vendors run into HIPAA trouble
Healthcare clients won't sign without proof
Prospects ask for evidence that your team is HIPAA trained before they sign a business associate agreement. If you can't show it, the deal stalls or dies.
Certificates clients can verify themselves
Each certificate has a unique ID and a public verification link. Your healthcare clients check every team member's status without asking you for anything.
The liability lands on you, not just your client
Since HITECH, business associates are directly liable for HIPAA violations under the Security Rule and the Breach Notification Rule, not just the healthcare clients they serve. See HHS Office for Civil Rights enforcement.
Training built for people new to HIPAA
Audio-narrated lessons with knowledge checks, written for teams who've never thought about HIPAA before. Your whole team finishes in one sitting.
"Our team doesn't look at patient data"
If your staff can reach production systems, sees patient data in support tickets, or works with healthcare client data in any way, they're handling it. Under HIPAA, they need training.
New hire? They're invited automatically
Add someone to your team and EZBunny sends the training invite. When a certificate is about to expire, they get a nudge. You don't chase anyone.
Your subcontractors are in the chain too
The vendors you rely on that touch a client's patient data carry their own HIPAA obligations. Miss one and the gap can land back on you.
One dashboard, always current
See who's trained and who's due at a glance, and export a report whenever a client asks. Your training status stays ready, not rebuilt from scratch.
HIPAA questions vendors ask us
Does my company need HIPAA training as a vendor?
If your company creates, receives, maintains, or transmits protected health information for a healthcare client, you're likely a business associate under HIPAA, and your team needs HIPAA training. Put simply: if a healthcare client lets your team see, store, or handle their patients' information, HIPAA most likely applies to you. When in doubt, ask your client or your counsel.
We're just a billing, IT, software, or marketing shop. Does HIPAA really apply to us?
Often, yes. HIPAA reaches the work, not the job title. Medical billing firms, managed service providers, health-tech and SaaS teams, and marketing agencies that handle patient data for healthcare clients are commonly business associates. You don't have to call yourself a business associate to recognize the work that brings HIPAA along with it.
What counts as handling patient data?
Patient data is any health information that can be tied to a specific person (the law calls this protected health information, or PHI). You're handling it if you host or store it, see it in support tickets, transmit it, process it for billing, or build software that touches it, even if you never read it yourself. If your systems or staff can reach a healthcare client's patient data, HIPAA training applies to the people who can reach it.
A client sent us a security questionnaire asking about HIPAA training. What do they want?
They want proof that your workforce is trained on HIPAA, usually as part of a business associate agreement or vendor risk review. EZBunny gives each team member a certificate with a unique ID and a public verification link, plus an export of who's trained and who's due, so you can answer the questionnaire with evidence instead of a promise.
Who on our team needs the training?
Anyone whose role can access systems or data that contain a healthcare client's patient data. That usually includes developers, support and operations staff, account managers, and anyone with production or network access. The safe approach is to train everyone who could reasonably reach patient data, then keep their training current as people join and leave.
Is HIPAA training the same as a full HIPAA program?
No. Training is one required piece. A complete HIPAA program also needs written policies, a risk assessment, signed business associate agreements, and security safeguards. EZBunny provides the training and the proof your clients ask for. For the rest, work with a compliance professional or legal counsel who knows your specific setup.
Get your team trained before the next client asks!
Set up takes about 5 minutes. Try it free for 14 days.
Get your team trainedRegulatory Disclaimer
Whether your company is a business associate under HIPAA depends on your specific relationship with each healthcare client, and some arrangements (such as a true conduit) fall outside that definition. This page is general information, not legal advice, and EZBunny is a training provider, not a law firm. Consult your compliance officer or legal counsel for what applies to your organization. Requirements vary by state, payer mix, and the kind of work you do. Last reviewed: June 2026.