HIPAA Certification Explained

Many suppliers would like HIPAA certification to confirm they are fully compliant with HIPAA Rules and are knowledgeable with all parts of the Health Insurance Portability and Accountability Act (HIPAA), but can HIPAA certification be achieved in order to confirm HIPAA compliance?

HIPAA Certification Explained

In a perfect world, HIPAA certification would confirm that all parts of HIPAA Rules are comprehended and being respected. If a third-party vendor such as a transcription company was HIPAA certified, it would make it more straightforward for healthcare groups looking for such as service to select an appropriate vendor.

Many firms state that they have been certified as HIPAA compliant or in some instances, that they are ‘HIPAA Certified’. However, ‘HIPAA Certified’ is a not a certifiable term. There is no official, legally recognized HIPAA compliance certification process or accreditation currently.

This is due to the fact that HIPAA compliance is an ongoing process. A group may be determined to be in compliance with HIPAA Rules today, but that does not mean that they will remains so at all points in time going forward.

Suppose a healthcare provider hires a third-party HIPAA-compliance expert to review its policies, procedures, and technology to ensure that HIPAA Rules have been followed completely. HIPAA certification would only mean that the group is in compliance at the point of assessment. Advancements in technology, polices, procedures, staffing, updates to HIPAA Rules, and business practices could all render such a certification invalid.

HIPAA Certification and Training

HIPAA does not obligate employees to complete any specific training program and obtain HIPAA certification, only that workers must be trained on HIPAA Rules and must confirm, in writing, that they have been given HIPAA training. For HIPAA covered bodies and business associates that means training has been provided “as necessary and appropriate for members of the workforce to carry out their functions.”

Since HIPAA Rules are complicated, HIPAA training companies are often contracted. The companies hire HIPAA compliance experts who teach healthcare employees the aspects of HIPAA that are relevant to their role in the group, such as the handling of protected health information and allowable uses and disclosures of PHI.

HIPAA requires covered bodies to adapt a security awareness and training program for all members of staff, although workers must only confirm in writing that this has been given. HIPAA certification for security awareness training is also not an obligation.

Any ‘certification’ awarded will confirm that employees have completed training and possibly been tested on their knowledge of HIPAA Rules. That may be advantageous when seeking work, but it is not officially recognized by any federal agency.

Confirming HIPAA Compliance Using Third Party Audits

Potential business associates of HIPAA-covered entities often undergo audits by third party HIPAA compliance experts to confirm that their products, services, policies, and procedures meet HIPAA requirements. The audits are useful for peace of mind as they confirm HIPAA compliance. However, there are no officially recognized private consultants or companies that offer services like this.

Even if HIPAA certifications are awarded by external auditors and assessors they have no legal grounding. Audits only confirm that technical, physical, and administrative safeguards and company policies and procedures meet HIPAA requirements at the time the audit was completed.