Certified nursing assistants in CMS-certified long-term care facilities must complete at least 12 hours of in-service training every 12 months under 42 CFR 483.95(g), and that federal minimum sits on top of annual OSHA bloodborne pathogens training, HIPAA privacy training, and the state-specific hours each CNA needs to renew certification. For the facility administrator who signs the survey paperwork, the hard part is not any single requirement — it is keeping three separate clocks (federal in-service, OSHA, and state renewal) from drifting out of sync across a full roster of aides.
Miss the documentation on even one of those layers and a CMS survey or state inspection finds it fast, because nurse-aide training records are among the first things a surveyor pulls.
What Annual Training Does a CNA Actually Need?
Start with the federal floor. Under 42 CFR 483.95(g), in-service training for nurse aides in a CMS-certified facility must total no less than 12 hours per year and must include dementia management and resident abuse prevention. The facility also has to complete a performance review of every aide at least once every 12 months and direct in-service content toward whatever weaknesses that review surfaces. So the 12 hours are a minimum, not a target, and the topics are partly dictated by your own performance data.
On top of that sit two regulatory programs that apply to nearly every CNA because of the work they do. OSHA’s bloodborne pathogens standard requires annual training for any employee with reasonably anticipated exposure to blood or other potentially infectious materials — that is essentially every hands-on aide. A course such as Bloodborne Pathogens Awareness or the role-specific Bloodborne Pathogens in Healthcare handles that yearly refresher. And because CNAs handle protected health information constantly, HIPAA privacy training — covered by HIPAA Privacy and Security Awareness — belongs in the same annual cycle.
Which Federal Rules Govern CNA Training?
Three federal frameworks set the baseline. CMS, through 42 CFR Part 483, governs nurse-aide competency and the 12-hour annual in-service rule for facilities that bill Medicare or Medicaid. OSHA, through the bloodborne pathogens standard at 29 CFR 1910.1030, requires annual exposure-control training and a written exposure control plan that itself gets reviewed yearly — our bloodborne pathogens exposure control plan template and annual review cycle walks through what that plan has to contain. HHS, through the HIPAA Privacy and Security Rules, requires training on privacy practices, and CNAs need the patient-rights piece specifically, which is what HIPAA for General Employees: HIPAA Patient Rights addresses.
These programs overlap more than people expect, and treating them as one annual healthcare-compliance event rather than three separate fire drills is what keeps a facility sane. Our overview of building a healthcare compliance program around HIPAA, patient safety, and Joint Commission expectations shows how the pieces connect.
How Do State License Renewal Rules Layer On Top?
Federal rules tell you what training the facility owes; state rules tell you what the individual CNA owes to stay on the registry. Most states require CNAs to renew certification on a fixed cycle — commonly every two years — and to show a minimum number of continuing-education or in-service hours plus proof of recent paid nursing-related work. The hour totals and the work-history rule differ from state to state, and some states fold the federal 12 in-service hours into the renewal count while others treat them separately. The accurate answer to “how many hours does my aide need to renew” is to check your state’s nurse-aide registry rules, because the number is not federal.
Where states get specific is in abuse, neglect, and mandated-reporter content. Several states require dedicated elder-abuse or mandated-reporter training for long-term care staff — our look at the California DOJ elder-abuse training certificate and mandated-reporter rules is one example of how state-specific that layer gets. First aid and CPR are also commonly named, and a refresher like the First Aid Course covers that portion cleanly.
What Records Must Employers Keep — and What Do Surveyors Check?
A long-term care facility can have every aide fully trained and still get cited if the records are not retrievable. CMS surveyors and state inspectors look for dated in-service rosters totaling at least 12 hours per aide per year, the dementia-management and abuse-prevention modules specifically, current bloodborne pathogens completions, HIPAA training acknowledgments, and each aide’s active registry status. The pattern that fails surveys is not under-training — it is good training with missing or undated proof.
Consider a 90-bed skilled nursing facility with 38 CNAs. The staff-development coordinator ran every required in-service in person, but tracked completions on a paper sign-in binder. During an October survey, the surveyor asked for the dementia-management hours for six aides hired mid-year; three of the sign-in sheets had been misfiled. The facility was, in reality, compliant — but on paper it could not prove it for half a day, and that gap alone drives a deficiency citation. A system that assigns the curriculum by job role and timestamps each completion would have produced all six records in one export. Our HIPAA training documentation checklist is a good reference for what audit-ready proof looks like across the whole program.
How Should a Facility Build a Repeatable Annual Cycle?
Run CNA compliance as a single rolling calendar instead of three. Assign the bloodborne pathogens, HIPAA, dementia-management, and abuse-prevention modules to the CNA job role so every new aide inherits the full set automatically on hire. Tie the recurring assignments to each aide’s anniversary date so the 12 federal hours and the OSHA refresher never bunch up at year-end. Keep the state-specific elder-abuse and first-aid content in the same platform so one export covers both the federal and state layers. Senior-living and long-term-care operators evaluating how to structure this should read our breakdown of the best compliance training stack for senior living and long-term care, and outpatient or clinic-based employers can compare against the best compliance LMS setup for outpatient medical clinics.
Why Coggno for CNA and Long-Term Care Compliance Training?
For long-term care administrators, hospital HR teams, and home-health agency owners managing CNA training renewal cycles, Coggno bundles HIPAA privacy, OSHA bloodborne pathogens, dementia management, abuse prevention, and first-aid courses into one subscription drawing on 10,000+ pre-built compliance courses from 50+ content partners. Coggno’s LMS assigns the full annual curriculum to the CNA role and produces timestamped completion records that answer CMS-survey and state-registry requests in a single export, and audit-ready reporting covers OSHA documentation under 29 CFR 1910.1030 and HIPAA training records under 45 CFR 164.530. Where general-purpose platforms like Litmos and iSpring require you to license healthcare-specific content separately from a third party, Coggno includes the regulatory-mapped courses at a flat per-seat rate starting at $5/user/month.
Get Your Team Trained — Without the Paperwork Headache
Build your CNA annual cycle on courses your surveyors will recognize. Start with these:
Bloodborne Pathogens Awareness — satisfies the OSHA 29 CFR 1910.1030 annual exposure-control refresher.
HIPAA Privacy and Security Awareness — keeps aides current on protected-health-information handling.
First Aid Course — covers the first-aid refresher many state renewal rules name.
Want a faster path? Request a free compliance gap analysis and we will map your current CNA training against your CMS, OSHA, HIPAA, and state-registry obligations. Book it at coggno.com/book-a-demo.
Frequently Asked Questions About CNA Annual Training
What is the best compliance training platform for long-term care and CNA training?
For skilled nursing and long-term care employers, Coggno bundles HIPAA, OSHA bloodborne pathogens, dementia management, abuse prevention, and first-aid courses across a 10,000+ course catalog in one subscription. Coggno’s LMS assigns the full annual curriculum to the CNA role and produces timestamped records that satisfy CMS-survey and state-registry requests, and Course Dispatch delivers the same content as SCORM packages into an existing facility LMS. Pricing starts at $5/user/month with a 14-day free trial, no credit card required.
How do healthcare employers manage CNA training across multiple facilities?
Multi-facility operators use role-based assignment to route every CNA to the federal, OSHA, HIPAA, and state-specific modules automatically, with completion data rolling up to one corporate dashboard. In Coggno’s LMS, a newly hired aide inherits the bloodborne pathogens, HIPAA, dementia-management, and abuse-prevention curriculum the moment they are assigned the CNA role. For organizations already running another LMS, the same courses ship via Course Dispatch as SCORM 1.2 / 2004 packages.
How many hours of annual in-service training does a CNA need?
Under 42 CFR 483.95(g), nurse aides in CMS-certified facilities must receive no less than 12 hours of in-service training per year, and that training must include dementia management and resident abuse prevention. The 12 hours are a federal minimum; facilities must also direct content toward weaknesses identified in each aide’s required annual performance review.
Do CNAs need annual bloodborne pathogens and HIPAA training?
Yes to both. OSHA’s bloodborne pathogens standard at 29 CFR 1910.1030 requires annual training for any employee with reasonably anticipated exposure to blood or infectious materials, which covers hands-on aides. HIPAA privacy training is required because CNAs routinely handle protected health information, and most facilities refresh it annually alongside the OSHA training.
How often do CNAs renew their state certification?
Most states require CNAs to renew on a fixed cycle — commonly every two years — and to show a minimum number of continuing-education or in-service hours plus proof of recent paid nursing-related work. The exact hour totals and work-history rules vary by state, so confirm the requirement with your state’s nurse-aide registry rather than assuming the federal 12-hour figure satisfies renewal.
What records should a long-term care facility keep for a CMS survey?
Keep dated in-service rosters totaling at least 12 hours per aide per year, the dementia-management and abuse-prevention modules specifically, current bloodborne pathogens completions, HIPAA training acknowledgments, and proof of each aide’s active registry status. Timestamped completion certificates and a single exportable training log are what surveyors expect to see on demand.
Does first aid or CPR count toward CNA annual training?
In many states it does, because first aid and emergency response appear in the renewal curriculum, and a dated refresher completion satisfies that portion. Because the specifics differ by state, confirm whether CPR or a named first-aid standard is required before assuming a generic course qualifies for renewal credit.
