HIPAA Training for Marriage and Family Therapists: Requirements, Courses, and CE Credits

HIPAA Training Requirements for MFTs

Who must train and when

If you transmit protected health information (PHI) electronically in standard transactions (such as electronic billing), you are a HIPAA covered entity and must train your workforce under the HIPAA Privacy Rule and HIPAA Security Rule. Training should occur at hire, when job duties change, and whenever policies or technologies affecting PHI are updated.

What the training must cover

• Privacy Rule basics: permitted uses/disclosures, minimum necessary, authorizations, and patient confidentiality in couples and family contexts.
• Security Rule safeguards: passwords, access controls, device security, encryption, and secure telehealth workflows.
• Breach prevention and response: risk recognition, incident reporting, and breach notification steps.
• Role-based expectations: front-desk, billing, supervisors, interns, and contractors.
• Documentation: keep records of dates, attendees, content, and results of assessments or quizzes.

Federal HIPAA rules do not prescribe a specific number of training hours. Annual refreshers are widely adopted as a CE compliance best practice and are often required by employers or licensing board mandates tied to ethics continuing education.

Available HIPAA Training Courses

Course types that fit MFT practice

• Foundations courses covering HIPAA Privacy Rule, HIPAA Security Rule, and breach basics.
• Role-based modules for clinicians, supervisors, and administrative staff.
• Telehealth and mobile device security focused on video platforms, messaging, and EHR access.
• Case-based ethics courses emphasizing patient confidentiality in conjoint therapy, minors, and collateral contacts.
• Security awareness microlearning for ongoing reinforcement.

What to look for

• Clear learning objectives mapped to ethics continuing education outcomes.
• Interactive scenarios, knowledge checks, and a scored assessment.
• Course accreditation or board recognition to satisfy CE compliance when applicable.
• Downloadable certificates and training logs for audits.

Continuing Education Credit Guidelines

HIPAA itself does not set CE hour minimums. CE credits are determined by your state licensing board mandates, employer policies, and payer contracts. Many boards count HIPAA content toward ethics continuing education if the course is properly accredited and objectives address confidentiality, security, and lawful disclosures.

Converting HIPAA training into CE

• Select courses from providers with recognized course accreditation accepted by your state MFT board.
• Verify that objectives, agenda, and assessment align with ethics or laws-and-rules categories.
• Ensure the certificate lists hours, topic area, date, and provider approval details to support CE compliance.

State-Specific CE Requirements

Requirements vary by jurisdiction. Typical renewal cycles require a set number of hours (often across one or two years) with designated ethics hours and, in some states, topics like telehealth, supervision, or laws-and-rules. Some boards require a jurisprudence component or mandate training for suicide prevention or cultural competency.

How to stay aligned with licensing board mandates

• Confirm accepted providers and topic categories on your state MFT licensing board site before enrolling.
• Track deadlines, carryover rules, and any first-renewal or reinstatement nuances.
• Retain proof of completion in case of CE audit, and reconcile totals against required ethics and clinical hours.

Online HIPAA Training Options

Formats

• Self-paced eLearning for flexible scheduling and role-based assignments.
• Live webinars for real-time Q&A and immediate policy updates.
• Hybrid pathways that combine foundational modules with live case discussions.

Features that support compliance

• Secure learner tracking, identity attestation, and time-stamped completion records.
• Accessible design (captions, transcripts) and mobile compatibility.
• Built-in policy acknowledgment forms and breach-response simulations tailored to MFT scenarios.

CE Course Approval and Documentation

Verifying course accreditation

Prioritize courses from providers recognized by your state MFT board or by professional accreditors the board accepts (for example, AAMFT-approved providers or other board-recognized accreditors). Always verify acceptance for your specific license type before purchase.

What to keep for audits

• Certificate of completion showing course title, date, number of hours, topic area (ethics/privacy/security), and provider approval details.
• Training roster/log with attendee names, roles, and completion dates.
• Copies of learning objectives, agenda, and assessment results or post-test scores.
• Signed acknowledgments of privacy and security policies.

Maintain HIPAA training documentation and related policies for at least six years, and keep CE records for the duration your licensing board requires. Organize files by renewal cycle so CE compliance evidence is easy to produce during an audit.

Importance of HIPAA Training for Ethical Practice

Consistent HIPAA training safeguards patient confidentiality, strengthens therapeutic trust, and reduces breach risk in complex family systems work. It equips you to navigate disclosures, releases of information, and technology choices while honoring ethical standards and licensing board mandates.

Conclusion

Focus on role-appropriate training that covers the HIPAA Privacy Rule and HIPAA Security Rule, choose accredited courses that count toward ethics continuing education, and document everything thoroughly. By aligning daily workflows with CE compliance and board requirements, you protect clients and your license.

FAQs.

What are the HIPAA training requirements for marriage and family therapists?

If you are a covered entity or workforce member, you must receive training on your organization’s HIPAA policies and procedures. Provide training at hire, when duties or policies change, and periodically thereafter. Make it role-based, document completion, and reinforce security awareness throughout the year.

How many continuing education hours are needed for HIPAA compliance?

HIPAA does not mandate a specific number of CE hours. Your total CE and any ethics-hour minimums come from your state licensing board mandates. Many boards accept accredited HIPAA courses toward ethics continuing education; confirm acceptance before enrolling.

Are online HIPAA training courses accepted by licensing boards?

Often yes, if the course is from a provider with recognized course accreditation and the objectives fit an approved category (ethics, laws-and-rules, privacy/security). Acceptance varies by state, so verify with your board and retain the certificate and provider approval details.

How can MFTs document their completed HIPAA training?

Keep a certificate showing course title, date, hours, provider, and approval details; maintain a training log, copies of objectives/agenda, assessment results, and signed policy acknowledgments. Store HIPAA training records for at least six years and CE records per your board’s retention rules.