Schedule a Demo
Back to Resource Center

The 8 best HIPAA security awareness training providers

Senior woman and medical assistant analyzing diagnosis report
Pim de Vos Marketing Manager

The HIPAA standard requires healthcare organizations to train the security awareness of its employees.

But with so many security awareness training providers out there, which one is the best fit for your organization?

Let’s find out.

8 HIPAA security awareness training vendors

1. Guardey

Guardey is a security awareness training provider that has created a program especially for the HIPAA standard. All the training content was made in collaboration with cyber security experts and experts from the healthcare sector.

Guardey differentiates itself from its competitors by offering a gamified solution. Gamification keeps users engaged during training and allows them to soak up all the information in a way that doesn’t drain energy, but actually makes it fun. Every week, users take on a short challenge, in which they learn about topics such as PHI, social engineering, device security, and more. Which Guardey’s custom content feature, admins can easily add training content that reflect their own specific security policies.

In an organization-wide leaderboard, users can see who is performing the best during challenges. This adds a fun competitive element, which keeps users engaged.


  • Highly customizable.
  • HIPAA-focused training content.
  • Gamification to keep users engaged.
  • Weekly challenges to keep users aware over time.


  • Guardey doesn’t use any video content, which can be a dealbreaker for some.

→ Start a free Guardey trial

2. Hoxhunt

Hoxhunt is a security training solution that offers automated ongoing training. Its modular, customizable structure and extensive library make it suitable for healthcare settings. Although it’s not specifically marketed towards healthcare providers, Hoxhunt’s training programs can be tailored to meet HIPAA requirements. Unlike providers such as KnowBe4 or Guardey, though, Hoxhunt doesn’t seem to offer pre-designed programs for users who must comply with HIPAA. This makes it less relevant for HIPAA security awareness training, although a custom training track could be created.


  • Customizable.
  • Large, high-quality library of teaching materials.
  • Ongoing training and evaluation.
  • Gamification.


  • Not all users find Hoxhunt’s phishing simulations convincing. There’s also a time limit for reporting Hoxhunt’s emails, which can affect scores for some learners.

3. Mimecast

Mimecast isn’t one of the biggest names in cybersecurity training but has consistently drawn positive reviews from its customers. It offers training via instructional videos, interactive learning and phishing evaluation. Mimecast Security Awareness Training can be used as a standalone training program or integrated with Mimecast’s security products.

Mimecast does offer specific materials for HIPAA compliance but lacks some of the features you might want in a training solution, such as gamification and baselining. That said, it’s a solid option for healthcare contexts, especially if you’re working with a smaller budget.


  • Specific materials for HIPAA security awareness training.
  • Convincing phishing simulations.
  • Risk scoring for individual users.
  • Can be integrated with other security products.
  • Reasonably priced.


  • The library is less expansive than some competitors.
  • No gamification.
  • Key features
  • Interactive training, risk assessment.

4. Phished

Phished is a widely used cybersecurity training solution with a strong focus on email security. As its name suggests, Phished’s training programs are largely concerned with helping users spot malicious communication and deal with it appropriately. Phished’s materials are engaging and its training programs are effective, garnering certification from official bodies such as NIST. It offers almost all the features that you’d want in a training product, including baselining, ongoing training, personalization and risk assessment.

One feature that could improve Phished might be gamification to promote user engagement. While programs are customizable and can be tailored to meet HIPAA training requirements, there’s no specific focus on security for healthcare contexts. Otherwise, though, Phished is an excellent product that can effectively help users recognize and respond to threats.


  • Effective, officially certified training.
  • Expansive library of content.
  • Customizable and personalizable.
  • Convincing phishing simulations.


  • No specific HIPAA security awareness training program.
  • Lacks gamification.
  • Focus on phishing leaves other aspects of cybersecurity less well-explored.
  • Some users call the admin dashboard unintuitive.

5. Usecure

Usecure is one of the most well-known cybersecurity training solutions, competing handily with the likes of Hoxhunt and KnowBe4. It uses an ongoing training model, beginning with baselining to understand the current state of play in an organization or department, followed by continuous teaching and evaluation to measure users’ progress.

Usecure’s main selling point is its rich and expansive library of training materials, including slick, well-produced videos, interactive quizzes, games and tests. Users receive convincing simulated phishing emails to help them learn what to look for in malicious communication and gauge their responses. While there’s no dedicated training track, Usecure does provide HIPAA-specific materials which can be used to develop a custom program. Usecure also offers a suite of cybersecurity products which can be integrated with its training programs.


  • HIPAA security awareness training materials included.
  • Ongoing training and evaluation.
  • Interactivity.
  • Polished, well-made videos.


  • No pre-made HIPAA security awareness training program.
  • Opaque pricing structure.
  • No free trial option.
  • Onboarding can be sub-par, notably so in US time zones.


Ninjio emphasizes user engagement and personal investment as a way to ensure that training is effective. The developers are very conscious of training fatigue and its impact on the effectiveness of any training program. To address this, Ninjio has produced a library of fun and entertaining training videos that deliver important cybersecurity knowledge in an accessible way.

The animated videos are rather less polished in terms of production than some similar products but get highly positive reviews from learners. As a caveat, the informal style might be seen as unprofessional in some contexts. Usecure’s main advantage in healthcare contexts is its strong emphasis on HIPAA compliance training. Unlike some competitors, Ninjio offers a dedicated training program relating to HIPAA and regulatory compliance in the healthcare world. This is a three-episode training track that draws on real-life breach incidents.


  • Gamification helps keep users engaged.
  • Entertaining and informative videos help address training fatigue.
  • Interactive learning.
  • Dedicated HIPAA security awareness training track.


  • While the videos are fun and effective, the informal style might deter some viewers.
  • The videos are on the long side.
  • The admin dashboard lacks intuitivity.

7. Arctic Wolf

Arctic Wolf is a managed cybersecurity provider, offering concierge-style services. Its training program is designed to be integrated with other security products from the same company. This is fantastic for large enterprises seeking a fully integrated solution but less helpful if you’re happy with your security and just need a standalone training product.

That said, Arctic Wolf’s training programs come highly recommended. The focus is on delivering targeted content that’s both timely and relevant. The materials are updated regularly to ensure that new and emerging threats are covered. By drawing on data from its other security products, Arctic Wolf helps ensure that users get the most pertinent training materials for their needs.

Arctic Wolf’s training system offers gamification, with scores and a leaderboard to encourage user engagement. While Arctic Wolf’s security products specifically cover HIPAA requirements, there doesn’t seem to be a dedicated HIPAA training track on offer. Pricing is not transparent but many customers comment on the high cost of Arctic Wolf’s products.


  • Ongoing, targeted training.
  • Gamification promotes engagement.
  • Effective, high-quality training materials.
  • Continuous updates ensure that emerging threats are tackled in training.


  • Designed to be integrated with other Arctic Wolf products — not ideal as a standalone training solution.
  • No dedicated HIPAA cyber security awareness training track.

8. Metacompliance

Metacompliance, as its name suggests, focuses on ensuring that users are properly trained to comply with relevant legal and regulatory requirements. To that end, Metacompliance offers a range of training programs tailored to specific departments and roles, from legal and HR to executive roles. This makes it a particularly attractive choice for contexts where HIPAA compliance is relevant, even though there’s no specific program for healthcare departments.

Metacompliance also offers a lot of scope for personalization, which adds to its utility in healthcare settings. The library has drawn a lot of praise from users. Not only is it expansive, with a wide choice of videos and interactive content, but it’s also better organized and easier to search than some competitors’ libraries.

Metacompliance uses gamification to encourage users to stay engaged with the program, as well as ongoing evaluation to ensure that they’re putting their knowledge into practice.


  • Specific HIPAA cyber security awareness training materials.
  • Emphasis on regulatory compliance.
  • Ideal for role-based training.
  • High-quality materials.


  • Campaign creation can be labor-intensive.

What is HIPAA?

HIPAA (The Health Insurance Portability and Accountability Act) is an American law that was enacted in 1996. It is the standard that protects the privacy and security of important data within healthcare organization. The entities that need to comply with law are healthcare providers (doctors, hospitals, pharmacies), health plans, and healthcare clearinghouses.

What does HIPAA say about security awareness training?

So is security awareness training required when you’re a covered entity? The answer is yes. You need to provide training on your policies and procedures concering information security. They should understand what their roles and responsibilities are and what is expected of them within the context of information security.

What should employees learn during training?

The right training program focuses on information security topics that are relevant to your users. This means that a regular training provider that doesn’t have a program specifically for HIPAA may not suffice.

During Guardey’s HIPAA security awareness training program, your users will learn about the following topics:

  • The importance of PHI (Protected Health Information)
  • Recognizing phishing and social engineering
  • Password security and device security
  • How to respond to a data breach

With Guardey’s custom content feature, you can also add training content about your organization’s specific security policies.

Maintain HIPAA compliance with Guardey

HIPAA security awareness training is a key element of HIPAA compliance. With 95% of all hacks and data breaches leading back to human error, the right training program can make the difference.

Guardey’s HIPAA security awareness training program was especially made for healthcare organizations. You can try it out during a 14-day free trial, or request a demo.

→ Request a HIPAA security awareness training demo

Anouk CTA Guardey website

Experience Guardey today.

  • Try completely risk free
  • 24/7 support
Start 14-day free trial