I've left two comments and deleted them both. For a lot of reasons, I feel like an idiot for wanting to weigh in here. Those include: no one takes me seriously, I get no respect, I'm compulsively helpful and it doesn't do a fucking thing for me because no one takes me seriously or thinks a woman has any right to make any goddamned money, so sharing what I know on HN absolutely never constitutes "networking" or "establishing a professional reputation for myself" or similar. Also, I'm short of sleep, running a fever and -- in case you can't tell! -- I'm in a really lousy mood.<p>In addition to my personal crap, I suspect a random question on the internet is not the best way to address this, never mind that it's HN. You are still trusting internet strangers to recommend a thing critical to your business that involves legal compliance.<p>But I worked at a Fortune 500 insurance giant for over five years. I had annual training in HIPAA, information security, fraud training and Gramm-Leach-Bliley (a different federal regulation that you may not be subject to -- it regulates financial services, like banking, and also applies to insurance). And, well, you aren't getting any good replies. So here I am for the third time.<p>First, you can't ignore HIPAA. It's a legal requirement, fines can potentially run into the millions and if they decide your handling of privacy is a criminal offense, you can even go to jail for it. (I imagine "Fuck this noise. I can't be bothered." would make it a criminal offense. Have fun with that.)<p>Having said that, my first-hand experience was that large hospitals had good awareness of HIPAA, but many small medical practices were pretty clueless. If you are a small fry, you may go unnoticed.<p>If you intend to be a "start up" and pursue rapid ("exponential") growth, absolutely do not act like this does not matter. You need to get this right to grow rapidly in a medical related space.<p>I no doubt had world class training, what with working at a mega Corp. Yet I routinely bitched to my sons about its shortcomings. I homeschooled them, so under California law I ran a two student private school for years. I also was Director of Community Life for The TAG Project and a low level presenter one year at a conference, probably Beyond IQ.<p>So I have a background in education and I felt the training sucked. If I ran the company, the annual training would have been done -- because I believe it's a requirement of compliance -- but there would have been much more emphasis on reinforcing best practices and awareness as part of the culture.<p>Some of my annual training involved an online course of like video and slides followed by a multiple choice quiz. It's a format aimed at proving compliance. But it's a lousy format for actually making sure employees know all this and do the right things consistently.<p>If I were the bitch in charge, there would be a checklist on the wall with the most common basic practices and every single shift would start with a huddle in front of that sign and a minute reminding people of best practices and why they matter. I would also have a handy reference manual where people could readily look up the key points covered in the annual training.<p>I think if you work with medical information daily, you ought to be able to pass a quiz on this stuff at the drop of a hat because you do it all day every day, not after your annual refresher course. But I've always had "unreasonable expectations," like actual competence.<p>However, much of the world literally insists I'm insane, so you are quite free to ignore my whacky opinions. Best of luck in getting an actual recommendation for a course.<p>(FWIW, I looked at the websites for the two courses you listed and I liked the demo on HIPAAtraining.com. But I know absolutely nothing about who does this well. The company I worked for probably did in house training and it's been several years since I worked there.)<p>I will add: if you have people making phone calls, they should get phone training. I had my job a few years before I got phone training. I absolutely hated making phone calls. Phone calls are a huge point of vulnerability. It's excessively easy to blurt out the wrong thing on the phone. Ugh.