Skip to main content
Annual HIPAA Training

Configure annual HIPAA training within Drata

Dana Mauger avatar
Written by Dana Mauger
Updated over a week ago

Personnel should complete HIPAA Training annually in order to satisfy specific requirements within the HIPAA framework. Configuring this training within Drata is a key step to addressing the associated control.


Only account administrators have access to this section within Drata.


Drata provides multiple ways to manage HIPAA training within the application. When HIPAA is enabled for your account you’ll have a setting for HIPAA Training section on your Internal Security page. From here you can select one of four options:

  1. Embedded training with automatic evidence upload

  2. Internal training with manual evidence upload by employee

  3. External training with manual evidence upload by user with the admin or information security lead roles

  4. Training opt-out if HIPAA training is not required for personnel

Once you've selected an option using the radio button, save your changes.


Drata has developed our own embedded HIPAA Training. This enables personnel to complete the training directly in Drata during onboarding and easily fulfill their annual requirement, thereafter.

When an employee or contractor completes their HIPAA training, Drata will generate a certificate of completion. This PDF is automatically uploaded to Drata and can be viewed/downloaded by admins/information security leads from the personnel drawer and by personnel in ‘My Drata’.


If your organization uses another tool or conducts internal trainings, select the second radio button. You can optionally add a URL for the external HIPAA training which will link personnel to the training directly from the ‘My Drata’ onboarding.

Once training is complete, personnel will need to return to ‘My Drata > Complete HIPAA Training’ and upload proof of completion—such as a screenshot or other file. Once uploaded, the file can be viewed/downloaded by admins/information security leads from the personnel drawer and by personnel in ‘My Drata’.


If you wish to keep HIPAA Training completely independent from Drata, you can select the third option which will exclude the ‘Complete HIPAA Training’ step from personnel onboarding.

With this option, an admin or information security leads will need to manually upload a file directly in each personnel drawer by selecting the HIPAA Training ‘View / Upload Evidence’ button.


If HIPAA training is not required for your personnel or organization, select the fourth option to opt out of training. When selected, there will be no references to HIPAA training in Drata.


Compliance is determined by the presence of evidence of HIPAA Training—such as a certificate of completion, screenshot, or other file—for each current employee or contractor within your organization.

Navigate to the ‘Personnel’ page to see the status of HIPAA Training compliance for all personnel under the 'HIPAA Training' columns, or select a specific person to open the ‘Personnel Detail’ drawer and view or upload evidence.

Did this answer your question?