HIPAA + Cybersecurity Training Bundle
Two courses. Your HIPAA and cybersecurity compliance, covered.
The 2026 HIPAA + Cybersecurity Training Bundle is now exclusively available to Ocuco customers — two accredited courses to protect your optical practice, your patients, and your reputation.
Your optical practice team handles sensitive patient data every day. This bundle gives them the training, documentation, and proof of compliance they need, built specifically for eyecare.
- Self-paced learning
- Certificates of completion included
- Accredited training updated for 2026
- Exclusive 30% discount for Ocuco customers
Claim Your Exclusive 30% Discount
Ocuco customers receive a 30% discount on these two training courses*. Fill in the form below and a member of the ComplianceJunction team will be in touch to confirm your access.
Two Courses. Complete Coverage.
ComplianceJunction has partnered with Ocuco to bring two of the most comprehensive healthcare-specific online training courses available in 2026, exclusively to optical practices across the Ocuco network in the United States. This bundle pairs HIPAA compliance training with cybersecurity training: the two pillars every optical practice needs to protect its patients and its business. Both courses are accredited, self-paced, and designed for every role in your practice.
Course 1 — Updated for 2026
Accredited HIPAA Compliance Training for Organizations
3 hrs 30 mins | 19 Modules | Self-Paced | Certificate Included
Most HIPAA training is built around legal text. This course is built around real people doing real clinical work. Written specifically for healthcare professionals, it goes beyond regulatory definitions to help your team develop a genuine compliance mindset: one that protects patients and your practice every day.
Across 19 detailed modules, your staff will learn exactly what Protected Health Information is and how to handle it correctly within an optical practice, their legal obligations under HIPAA, how to apply HIPAA rules in real-world scenarios your team actually faces, and how to recognise and report security incidents before they become class action lawsuits.
The 2026 edition includes updated content covering recent HIPAA Privacy Rule changes, proposed Security Rule updates, and state-level healthcare privacy legislation.
Course 2 — Healthcare-Exclusive
Comprehensive Cybersecurity Training for Healthcare Professionals
3 hrs | 15 Modules | Self-Paced | Certificate Included
Patient records in eyecare contain personal, health, and financial information. A single record with a prescription, insurance details, and date of birth can be used to commit medical identity theft or Medicare fraud. Unlike financial credentials, health data cannot simply be reset. Understanding that value is the first step to protecting it.
Across 15 specialist modules, your team will learn why healthcare is ransomware’s number one target, how to identify phishing and social engineering attacks, and how to handle devices, passwords, email, and social media safely.
- AHIMA Accredited
- HCCA/CCB Approved
- 2.6 CEUs per course
- 500+ healthcare organizations
- 10+ years of HIPAA training
Four Steps. One Documented Compliance Record.
01
Enroll your team
Add every staff member across every location in minutes, from optometrists and dispensing opticians to front desk and billing staff.
02
Train at their pace
Two accredited, self-paced courses. Staff complete modules around the clinic schedule: no fixed timetable, no disruption to patient care.
03
Track in real-time
Cloud-based access gives you quick visibility on completion across every location. No spreadsheets, no chasing individual certificates.
04
Stay audit-ready
Access completion records and certificates on demand for OCR audits, insurer requests, or annual reviews. Everything is audit-ready, with content updated to reflect HIPAA requirements.
Why HIPAA Training Alone Is No Longer Enough
For years, annual HIPAA training was the standard expectation for healthcare practices. Complete the course, file the certificates, move on. But the threat landscape has changed fundamentally and the eye care industry’s recent class action history proves it.
Many of the breaches that have resulted in regulatory fines and civil litigation did not start with a policy gap. They started with a compromised email account, a network intrusion, or an employee action that better cybersecurity awareness could have prevented. 80% of healthcare data breaches trace back to staff behaviour.
HIPAA violations are increasingly the result of cybersecurity failures, not policy ignorance and the consequences are real: the HHS Office for Civil Rights fined an eyecare retailer $1.5M for HIPAA violations, a signal that practices of all sizes are subject to active enforcement.
HIPAA training teaches your team the rules. Cybersecurity training teaches them to recognise and stop the attacks that break those rules. Together, they create the only complete compliance layer available to your practice.
Know the Rules
HIPAA training ensures every member of your optical team understands their legal obligations and how to handle patient data correctly in every situation.
Stop the Attacks
Cybersecurity training equips your team to identify and block the phishing, ransomware, and social engineering threats that are increasingly targeting independent healthcare practices.
Prove Compliance
Two certificates per staff member plus cloud-based reporting means documented, defensible evidence is one click away — for OCR investigators, insurers, and class action defence lawyers.
The Bundle: Everything Included
2026 HIPAA Compliance Training
19 modules, 3.5 hours, updated for 2026 regulatory changes and recent OCR enforcement actions.
Healthcare Cybersecurity Training
15 modules, 3 hours, written exclusively for healthcare, not repurposed IT training.
Two Certificates of Completion
Per staff member; documented evidence of compliance training that stays current with evolving HIPAA requirements.
Real-World Case Studies
Practical, eyecare-specific situations your team will recognize from their day-to-day work, not abstract hypotheticals.
Interactive Knowledge Checks
Reinforcing key learning throughout both courses to ensure genuine understanding.
Fully Self-Paced
Staff complete training around their clinic schedule: no fixed timetable, no disruption to patient care.
Suitable for All Optical Roles
Opticians, dispensing staff, front desk, billing, and practice management, all covered.
Scalable Across Locations
Cloud-based access lets you deploy training seamlessly across every location consistent compliance, one login, one record.
Built for Optical Practices Like Yours
Every member of your team who interacts with patient information needs this training. That includes everyone below.
Practice Owners & Administrators
You are personally liable for your practice’s HIPAA compliance. Documented workforce training is your first line of defence in any OCR investigation.
Optometrists & Opticians
You handle the most sensitive patient health data in the practice. Understanding what constitutes PHI and how to protect it is a core professional responsibility.
Front Desk & Patient Coordinators
Your front desk team is the first point of contact and often the first target for social engineering attacks. They need specific, practical training.
Billing & Insurance Staff
Billing teams transmit PHI to insurance companies, process claims, and manage financial data tied to health records. They carry significant compliance exposure.
Dispensing Opticians
Prescription data, lens specifications, and patient records are handled daily. Every dispensing team member is a workforce member with HIPAA obligations.
Multi-Location Practice Groups
Consistent training across every location ensures no site becomes the weak link in your compliance posture. It also reduces the risk of a breach spreading across your organisation.
What a Practice Just Like Yours Is Saying
WyoVision Associates is an independent eye care practice. Here is what their Clinic Administrator said after three years with ComplianceJunction.
“For the past 3 years, ComplianceJunction has been an indispensable part of our annual staff training across two locations. The platform makes complex HIPAA regulations easy to understand. Our staff consistently find the training clear, engaging, and easy to complete — regardless of experience level. The cloud-based access allows us to deploy training seamlessly across both locations, with quick visibility on completion through the reporting features. Most importantly, the content stays current with evolving HIPAA requirements, giving us confidence that our team is always up to date. We wholeheartedly recommend ComplianceJunction to any practice looking for a reliable and effective compliance training solution.”
Adrian Katschke
Clinic Administrator, WyoVision Associates Independent Eye Care Practice | Wyoming | 2 locations
Accredited. Trusted. Built for 2026.
ComplianceJunction training is accredited and recognised for healthcare compliance. Both courses are updated to reflect 2026 regulatory requirements, including the latest HIPAA Privacy Rule changes and proposed Security Rule updates. Certificates of completion are issued on successful course completion and can be retained as documented evidence of workforce training for any OCR audit or insurer request.
Frequently Asked Questions
Does HIPAA actually apply to my optical practice?
If your practice is based in the United States, yes, without exception. Any optical practice that provides eye examinations, dispenses prescription eyewear, or submits claims to health insurance is a HIPAA-covered entity. This means you are legally required to comply with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule, including the requirement to train your entire workforce annually on privacy and security policies. Recent OCR enforcement actions and civil litigation involving eyecare businesses of all sizes are clear evidence that regulators and plaintiff attorneys are actively pursuing the sector.
What patient data in my optical practice is considered PHI?
A broad range of information your practice handles every day qualifies as Protected Health Information. This includes patient names, dates of birth, addresses, phone numbers, email addresses, eye prescriptions and lens specifications, diagnosis codes (including health conditions affecting vision), treatment history, dates of service, health insurance details, insurance ID numbers, and any financial information tied to a health claim. If a staff member stores any of this in your Ocuco system, in an email, on a spreadsheet, or even on a Post-it note, HIPAA rules apply to how it must be handled, stored, and transmitted.
Who in my practice needs to complete this training?
All workforce members who interact with patient data in any capacity — optometrists, opticians, dispensing technicians, front desk staff, patient coordinators, billing and insurance personnel, and practice managers. HIPAA requires covered entities to train their entire workforce, and OCR investigators will specifically look for evidence that every relevant staff member has been trained. Gaps in training records — even for part-time or temporary staff — are a common finding in OCR investigations.
How long does the training take?
The HIPAA course takes approximately 3 hours 30 minutes to complete. The Cybersecurity course takes approximately 3 hours. Both are entirely self-paced — staff can complete modules in sessions that fit around their working day and clinic schedule. There are no fixed start times, no video calls, and no group sessions. Your busiest receptionist and your lead optometrist can both complete the training at times that work for them.
Do staff receive a certificate?
Yes. Every staff member who completes each course receives a certificate of completion. These certificates serve as documented evidence of compliance training for HIPAA purposes. In the event of an OCR audit or a class action lawsuit, being able to produce certificates demonstrating that your entire workforce completed accredited training is a critical piece of your defence. WyoVision Associates, an eye care practice that has used ComplianceJunction for three years, specifically highlighted the reporting and completion visibility features as a key benefit.
Is this training specifically for eye care and optical practices?
Can we enroll our whole team, including multiple locations?
Yes. The bundle is designed to be scalable for practices of any size — from a sole practitioner with two support staff to a multi-location optical group. WyoVision Associates uses ComplianceJunction across two locations and specifically highlighted the ease of deploying training across sites and monitoring completion in one place. Contact us to discuss volume enrolment options and Ocuco customer pricing.
Why do we need cybersecurity training as well as HIPAA training?
Because the incidents that are resulting in enforcement action and litigation are not primarily caused by staff not knowing the HIPAA Privacy Rule. They are caused by ransomware attacks, phishing emails, compromised passwords, and social engineering; all of which require a cybersecurity-aware workforce to prevent. Recent eye care breaches resulting in significant financial exposure began with a compromised email account or a network intrusion that a trained employee could have recognized and stopped. HIPAA training sets the rules. Cybersecurity training prevents the incidents that break them.
Every Optical Practice is a HIPAA-Covered Entity. Most Don’t Train Like It.
There is a common assumption in the optical industry that HIPAA is a hospital problem; that the regulations designed to protect patient health information apply to large health systems, not independent practices selling frames and conducting eye exams. That assumption is wrong, and it leaves practices unnecessarily exposed.
Your practice handles protected health information every single day. Patient names, dates of birth, eye prescriptions, health insurance details, diagnosis codes, medical conditions affecting vision, treatment history. Every piece of this data is legally protected under HIPAA. The moment a patient’s information is stored in your Ocuco system, in your filing cabinet, or in your staff member’s email inbox, your HIPAA obligations are active.
Under HIPAA, every optical practice that provides eye examinations, dispenses prescription eyewear, or bills health insurance is a covered entity. This means you are legally required to train your entire workforce: front desk staff, opticians, dispensing technicians, billing personnel, and practice managers. They must all be trained on privacy and security policies. Every year. Failure to document that training is, by itself, a HIPAA violation.
The risk is not just regulatory. Cybercriminals specifically target independent healthcare practices, including optical, because they know these businesses often lack the security posture of large health systems. A single phishing email to your receptionist, a staff member using a personal device to access patient records, or an employee sharing login credentials is all it takes to expose thousands of patient records and trigger a class action lawsuit.
Your patients chose your practice because they trust you. They trust you with their vision, their insurance details, and their health history. That trust takes years to build and is hard to recover once lost. Handling patient data responsibly is part of delivering the standard of care your patients expect.
$12.6M One Eyecare Company
Total exposure from a single optical industry data breach, including fines, settlements, and remediation costs over five years.
725 Large Breaches in 2024
Healthcare reported nearly two major data breaches every single day in 2024. Eyecare practices are not immune.
80% Involve Human Error
The majority of healthcare data breaches trace back to staff behaviour. Training your team is your most important line of defence.
$1.5M Fine for Non-Compliance
The HHS Office for Civil Rights fined an eyecare retailer $1.5 million for HIPAA violations, a signal that practices of all sizes are subject to active enforcement.
Why it Matters Now
Compliance Standards for Eyecare Are Rising
In recent years, eyecare practices of all sizes have faced increasing regulatory scrutiny, with OCR enforcement actions and civil litigation making clear that compliance obligations apply equally to independent practices and large providers.
The question is not whether these requirements apply to you; it’s whether your team is prepared to meet them.
