Healthcare Compliance Training and Certification

2026 Compliance Training — Built for Dental Practices

Dental Practices Are Facing Multi-Million Dollar Lawsuits. Yours Doesn’t Have to Be One of Them.

Great Expressions. Absolute Dental. First Choice Dental. Dental practices across the US are being hit with ransomware, class action lawsuits, and OCR fines. The 2026 HIPAA + Cybersecurity Training Bundle gives every member of your team the training — and the documentation — to protect your practice, your patients, and your reputation.

  • Self-paced learning
  • Certificates of completion included
  • Accredited training — updated for 2026
  • Built for dental practices of every size
Try a Demo
See the Dental Lawsuits ↓
Dental practice team reviewing compliance training on tablet
$3.3M
Absolute Dental
1.9M
Patients Exposed
55%
OCR Fines on Small Practices
$3.3M
One Dental Group
Absolute Dental Group agreed to pay $3.3 million to settle a class action from a 2025 breach — patients eligible to claim up to $5,000 each.
1.9M
Patients — One Breach
Great Expressions Dental Centers exposed the records of 1,925,397 patients in a single 2023 breach — the largest dental data breach in US history.
55%
Of OCR Fines Hit Small Practices
Small dental and medical practices account for 55% of all OCR financial penalties. This is not a large-organisation problem. It is your problem.
80%
Involve Human Error
The vast majority of healthcare data breaches trace directly back to staff behaviour. Training is your most important and most cost-effective line of defence.

The Risk Is Real

Every Dental Practice is a HIPAA-Covered Entity. Most Don’t Train Like It.

There is a persistent belief in dentistry that HIPAA is a hospital regulation — that the data protection rules written to safeguard patient health information are the concern of large health systems, not independent practices. That belief is costing dental practices millions of dollars, and it is wrong.

Your practice handles Protected Health Information every day. Patient names, dates of birth, Social Security numbers, dental records, X-rays, treatment histories, medical conditions relevant to dental care, health insurance details, diagnosis codes, medication lists — every piece of this data is legally protected under HIPAA. The moment a patient record is created in your practice management system, your HIPAA obligations are active and enforceable.

Under HIPAA, every dental practice that provides treatment, conducts examinations, or submits health insurance claims is a covered entity. You are legally required to train every member of your workforce — dentists, hygienists, dental assistants, front desk staff, and billing personnel — on privacy and security policies. Every year. Failing to document that training is, by itself, a HIPAA violation that OCR can and does act on.

Cybercriminals actively target dental practices. Your patient records contain the complete package: names, birth dates, Social Security numbers, insurance details, and medical conditions — everything needed to commit medical identity theft, tax fraud, and insurance fraud. Unlike a credit card number, a stolen dental record cannot be cancelled. It has a long criminal shelf life, and attackers know it.

The class action law firms know it too. A wave of litigation has specifically targeted dental organisations in the past two years. When a breach happens and your attorneys ask whether your team was trained — your certificates of completion are the answer that determines whether you settle for millions or walk away.

Why Now

Dentistry Is Under Legal Attack

These are not hypothetical risks. In the past three years, dental practices and dental groups across the United States have faced ransomware attacks, mass data exposures, and class action lawsuits that have cost them millions. These are businesses that looked exactly like yours before their breach.

The cases below are not outliers. They are the pattern — and the pattern is accelerating.

Great Expressions Dental Centers
$2.7M Settlement
A 2023 data breach exposed the personal and health information of 1,925,397 patients — nearly two million people. Great Expressions agreed to a $2.7 million settlement fund. The largest dental data breach class action in US history. A stark warning to every multi-location dental group in America.
2023 Breach · 2024–2025 Litigation
Absolute Dental Group
$3.3M Settlement
A February–March 2025 data breach triggered a class action lawsuit against Absolute Dental Group. The Nevada-based dental chain agreed to pay $3.3 million to settle — with affected patients eligible to claim up to $5,000 individually. Filed and resolved within the same year. Class action attorneys are moving fast.
2025 Breach · Settled 2025
First Choice Dental
$1.225M Settlement
A ransomware attack on October 22, 2023 struck First Choice Dental — a 12-clinic Wisconsin network — exposing 159,145 patient records. The resulting class action was settled for $1.225 million. Ransom paid. Lawyers paid. Reputation damaged. All from a single attack on a regional dental group.
2023 Ransomware · Settled 2025
Dental Group of Amarillo
$1M Settlement
A 2023 cyberattack on this six-location Texas dental and orthodontic group resulted in a $1 million class action settlement. Six locations. One breach. One million dollars. The arithmetic is unforgiving — and it applies regardless of how many chairs your practice has.
2023 Cyberattack · Settled 2024
Gums Dental Care
$70,000 OCR Fine
OCR fined this Maryland dental practice $70,000 for failing to provide a patient with timely access to their records — a Right of Access violation with no data breach involved. Just a process failure. OCR filed and resolved the enforcement action and is actively targeting dental practices for exactly this type of compliance gap.
OCR Enforcement · 2024
The Broader Pattern
55% of Fines
Small dental and medical practices account for 55% of all OCR financial penalties. OCR restarted its HIPAA audit programme in 2025 with a specific focus on small healthcare providers. Class action attorneys are monitoring healthcare breach notifications daily. Dental is firmly in their sights.
2022–2026 Enforcement Trend

Every one of these practices had patients who trusted them. Every one of them would have preferred to spend the cost of training rather than the cost of settlement. The question is not whether dental practices are being targeted. They are. The question is whether your team is trained — and whether you can prove it.

The Solution

Introducing the 2026 HIPAA + Cybersecurity Training Bundle for Dental Practices

Two Accredited Courses. Built for Healthcare. Designed for Busy Dental Teams.

ComplianceJunction has brought together two of the most comprehensive, healthcare-specific online training courses available in 2026 into a single, powerful bundle for dental practices of every size.

This is not generic compliance training with a dental logo on the cover. Both courses were written from the ground up for the specific realities of clinical practice — the workflows, the risks, the regulations, and the responsibilities that are unique to the healthcare environment. Your dentists, hygienists, dental assistants, front desk coordinators, and billing staff will all find training that speaks directly to their role and their daily responsibilities.

Every staff member who completes both courses receives two certificates of completion — documented proof of your practice’s commitment to HIPAA compliance and cybersecurity readiness. When an OCR investigator asks for your training records, those certificates are the answer that ends the conversation.

The Bundle

Two Courses. Complete Coverage for your staff.

Dental practice team discussing HIPAA compliance in a clinic corridor
Course 1 — Updated for 2026

Accredited HIPAA Compliance Training for Organizations

3 hrs 30 mins
19 Modules
Self-Paced
Certificate Included

Most HIPAA training is built around legal text. This course is built around real people doing real clinical work. Written specifically for healthcare professionals, it goes beyond regulatory definitions to help your entire dental team develop a genuine compliance mindset — one that protects patients and practice every single day.

Across 19 detailed modules, your staff will learn what Protected Health Information actually is in the context of a dental practice, their legal obligations and what happens when those obligations are breached, how to apply HIPAA rules in the real-world situations your team actually faces, and how to recognise and report security incidents before they become class action lawsuits.

The 2026 edition includes updated content covering recent HIPAA Privacy Rule changes, proposed Security Rule updates, and state-level healthcare privacy legislation that may go beyond federal HIPAA requirements in your state.

19 Modules including:
Introduction to HIPAAThe Main HIPAA RulesPHI Disclosure GuidelinesPatient RightsHIPAA & Social MediaThreats to Patient DataProtecting Electronic PHIConsequences of ViolationsPreventing Violations2026 HIPAA UpdatesEmergency Situations+ 8 More Modules
Dentist in navy scrubs standing in a dental practice corridor
Course 2 — Healthcare-Exclusive

Comprehensive Cybersecurity Training for Healthcare Professionals

3 hrs
15 Modules
Self-Paced
Certificate Included

This is what makes this bundle different from every other compliance training on the market. Unlike generic IT security training bolted onto a healthcare label, this programme was written exclusively for healthcare professionals — addressing the specific threats, vulnerabilities, and compliance requirements of the medical environment, including dental practice.

The First Choice Dental ransomware attack didn’t begin with a policy gap — it began with a staff member. The Absolute Dental breach was exploited over weeks before detection. Your front desk team, your hygienists, your billing coordinators are on the front line of these attacks every single day. This course gives them the knowledge to recognise and stop threats before they become settlements.

Across 15 specialist modules, your team will learn why healthcare is ransomware’s number one target, how to identify phishing and social engineering, and how to handle devices, passwords, email, and social media safely in a clinical setting.

15 Modules including:
Cybersecurity FundamentalsWhy Healthcare Is TargetedSocial EngineeringPassword SecuritySafe Email & MessagingPHI in Emails & DocsHIPAA Technical SafeguardsReporting IncidentsConsequences of BreachesReal-World Case Studies+ 5 More Modules
Senior dental practice owner reviewing a workflow with a dental assistant

Why the Bundle Works

Why HIPAA Training Alone Is No Longer Enough

For years, annual HIPAA training was the checkbox dental practices needed to tick. Complete the course, file the certificates, move on. The threat landscape your practice operates in today is fundamentally different.

The First Choice Dental ransomware attack didn’t happen because staff didn’t know the HIPAA Privacy Rule. It happened because an attacker found an opening through human behaviour — a phishing email, a reused password, a moment of inattention. Every major dental data breach of the past three years was a cybersecurity event, not a compliance education event.

Know the Rules

HIPAA training ensures every member of your dental team understands their legal obligations, how to handle patient data, and their responsibilities under the law.

Stop the Attacks

Cybersecurity training equips your team to identify and block the ransomware, phishing, and social engineering attacks that have already hit First Choice, Absolute Dental, and Great Expressions.

Prove Compliance

Two certificates per staff member means documented, defensible evidence for OCR audits, malpractice insurers, and — if it comes to it — class action defence lawyers.

The Bundle

Everything Included

2026 HIPAA Compliance Training

19 modules, 3.5 hours, updated for 2026 regulatory changes and the latest OCR enforcement actions.

Healthcare Cybersecurity Training

15 modules, 3 hours, written exclusively for healthcare — not repurposed from generic IT training.

Two Certificates of Completion

Per staff member — documented evidence for OCR audits, dental board inquiries, and insurer requests.

Real-World Case Studies

Including breach events from dental and healthcare practices — real stories, not abstract hypotheticals.

Interactive Knowledge Checks

Reinforcing key learning throughout both courses to ensure genuine understanding, not passive watching.

Fully Self-Paced

Staff complete training around the clinic schedule — no fixed timetable, no disruption to patient appointments.

All Dental Roles Covered

Dentists, hygienists, dental assistants, front desk, billing, and practice management — every role addressed.

Scalable Across Your Practice

Train one location or ten — consistent, documented compliance across your entire dental group.

Who This Is For

Built for Dental Practices Like Yours

Every member of your team who interacts with patient information carries HIPAA obligations. That includes everyone below.

Practice Owners & Principal Dentists

You carry personal liability for your practice’s HIPAA compliance. Documented workforce training is your first and most important line of defence in any investigation.

Office Managers & Administrators

You run the compliance programme day to day. This training gives you documented evidence, a trained team, and confidence that every staff member is covered.

Dental Hygienists & Assistants

Clinical staff handle patient records, X-rays, and treatment data constantly. They need training that connects their daily work to their HIPAA responsibilities.

Front Desk & Patient Coordinators

Your front desk is the most frequent target for social engineering and phishing. Specific, practical training for the people who answer your phones and manage your schedule.

Billing & Insurance Staff

Billing teams transmit PHI to insurers, process claims, and handle financial data tied to health records. They carry significant compliance exposure and need targeted training.

Multi-Location Dental Groups

Consistent, documented training across every location — ensuring no site becomes the weak link that exposes your entire group to liability, as First Choice and Great Expressions discovered.

Trusted by Dental Practices

What a Dental Practice Business Manager Is Saying

Wells Family Dental Group is a multi-location dental practice. Here is what their Business Operations Manager said about ComplianceJunction.

Compliance Junction has been a wonderful partner in our HIPAA Training Program. The platform’s robust features and intuitive interface have streamlined our training process, ensuring that all staff members are well-informed and up-to-date on HIPAA regulations. The customizable options allowed us to tailor the software to our specific needs, resulting in a more efficient and effective compliance program. Overall, I wholeheartedly recommend Compliance Junction to any organization seeking a professional and comprehensive solution for HIPAA training and compliance.

Samantha Sanders

Business Operations Manager, Wells Family Dental Group

Multi-Location Dental Practice

Accredited. Trusted. Built for 2026.

ComplianceJunction training is accredited and recognised for healthcare compliance. Both courses are updated to reflect 2026 regulatory requirements, including the latest HIPAA Privacy Rule changes and proposed Security Rule updates. Certificates of completion are issued on successful course completion and serve as documented evidence of workforce training for OCR audit purposes, dental board inquiries, and malpractice insurer requirements.

Accredited Training

2026 Updated Content

Certificates on Completion

Healthcare-Specific

OCR Audit-Ready

Trusted by Dental Practices

FAQs

Frequently Asked Questions

Is my dental practice really at risk? We’re a small practice, not a hospital.
Yes — and in fact, small practices are disproportionately targeted. Small dental and medical practices account for 55% of all OCR financial penalties. Cybercriminals target smaller practices precisely because they tend to have fewer technical defences than large health systems. The Dental Group of Amarillo had six locations. First Choice Dental had twelve clinics. Gums Dental Care was a single-location practice fined $70,000 by OCR. Size is not a protection — it is, in many cases, the reason you are targeted.
What patient data in my dental practice is Protected Health Information?
A wide range of data your practice handles daily qualifies as PHI under HIPAA. This includes: patient names, dates of birth, Social Security numbers, addresses, phone numbers and email addresses, dental records and X-rays, treatment histories, diagnosis codes, dates of service, health insurance details and policy numbers, medication information, and any financial records tied to a health claim. If it can be connected to an identifiable patient and relates to their health, treatment, or payment for care, it is PHI — and your obligations around how it is handled, stored, and transmitted apply in full.
Who in my dental practice needs to complete this training?
All workforce members who interact with patient data in any capacity: dentists, dental hygienists, dental assistants, front desk staff, patient coordinators, billing and insurance personnel, office managers, and practice administrators. HIPAA requires covered entities to train their entire workforce, and OCR investigators will look for evidence that every relevant staff member has been trained — including part-time employees and temporary staff.
How long does the training take?
The HIPAA course takes approximately 3 hours 30 minutes to complete. The Cybersecurity course takes approximately 3 hours. Both are entirely self-paced, so your team can complete modules in sessions that fit around clinic hours, lunch breaks, and patient schedules. There are no fixed start times and no group sessions required. Samantha Sanders at Wells Family Dental Group specifically highlighted that the platform streamlined their training process across the entire team.
Do staff receive a certificate when they complete the training?
Yes. Every staff member who completes each course receives a certificate of completion. These certificates are your documented evidence of workforce training for HIPAA compliance. In the event of an OCR audit, a data breach investigation, a dental board inquiry, or a class action lawsuit, being able to produce certificates demonstrating that your entire workforce completed accredited training is a critical element of your defence. This is exactly the documentation that separates practices that navigate investigations successfully from those that settle.
Can we enrol our whole team, including staff across multiple locations?
Yes. The bundle is designed to be scalable for practices of any size — from a sole practitioner with two support staff to a multi-location dental group. Wells Family Dental Group uses ComplianceJunction across their practice group and specifically highlighted the platform’s ability to ensure all staff are trained and up to date. Contact us to discuss volume enrolment options for your team.
Why do we need cybersecurity training as well as HIPAA training?
Because the breaches that led to the $3.3M Absolute Dental settlement and the $1.225M First Choice Dental settlement were cybersecurity events, not HIPAA policy failures. Ransomware, phishing emails, compromised passwords, and social engineering attacks are how attackers get into dental practice systems. HIPAA training teaches your team the rules they are required to follow. Cybersecurity training teaches them to recognise and stop the specific attacks being used against dental practices right now. You need both — because the lawsuits happen when the attacks succeed.
Is this training specific to dental practices?
Both courses are written for the healthcare environment — which is exactly what HIPAA requires. HIPAA does not have a dental-specific variant; it applies uniformly to all covered entities. What these courses provide is training written from the ground up for healthcare professionals, using healthcare-specific examples, scenarios, and language. Your hygienist, your receptionist, and your billing coordinator will all find training that speaks to their actual work — not a generic corporate compliance course with a healthcare label attached.

Enrol Today

Don’t Be the Next Dental Practice in a Class Action Settlement.

Great Expressions didn’t plan to pay $2.7 million. First Choice Dental didn’t budget for a ransomware settlement. Absolute Dental Group’s 2025 breach — filed and settled within the same year — is a sign of how fast class action attorneys are moving.

The difference between a practice that weathers an OCR investigation and one that ends up in a settlement often comes down to one question: can you demonstrate that your staff were trained?

Two accredited courses. Self-paced. Certificates included. Everything your dental practice needs to face 2026 with confidence.

Book a call
Have questions? Contact our team →
Accredited training|2026 updated content|Certificates on completion|Trusted by dental practices
Confident dental practice owner standing in his modern clinic reception