HIPAA Certification Explained

by | Jul 13, 2021

Many suppliers would like HIPAA certification to confirm they are fully compliant with HIPAA Rules and are knowledgeable with all parts of the Health Insurance Portability and Accountability Act (HIPAA), but can HIPAA certification be achieved in order to confirm HIPAA compliance?

HIPAA Certification Explained

In a perfect world, HIPAA certification would confirm that all parts of HIPAA Rules are comprehended and being respected. If a third-party vendor such as a transcription company was HIPAA certified, it would make it more straightforward for healthcare groups looking for such as service to select an appropriate vendor.

Many firms state that they have been certified as HIPAA compliant or in some instances, that they are ‘HIPAA Certified’. However, ‘HIPAA Certified’ is a not a certifiable term. There is no official, legally recognized HIPAA compliance certification process or accreditation currently.

This is due to the fact that HIPAA compliance is an ongoing process. A group may be determined to be in compliance with HIPAA Rules today, but that does not mean that they will remains so at all points in time going forward.

Suppose a healthcare provider hires a third-party HIPAA-compliance expert to review its policies, procedures, and technology to ensure that HIPAA Rules have been followed completely. HIPAA certification would only mean that the group is in compliance at the point of assessment. Advancements in technology, polices, procedures, staffing, updates to HIPAA Rules, and business practices could all render such a certification invalid.

HIPAA Certification and Training

HIPAA does not obligate employees to complete any specific training program and obtain HIPAA certification, only that workers must be trained on HIPAA Rules and must confirm, in writing, that they have been given HIPAA training. For HIPAA covered bodies and business associates that means training has been provided “as necessary and appropriate for members of the workforce to carry out their functions.”

Since HIPAA Rules are complicated, HIPAA training companies are often contracted. The companies hire HIPAA compliance experts who teach healthcare employees the aspects of HIPAA that are relevant to their role in the group, such as the handling of protected health information and allowable uses and disclosures of PHI.

HIPAA requires covered bodies to adapt a security awareness and training program for all members of staff, although workers must only confirm in writing that this has been given. HIPAA certification for security awareness training is also not an obligation.

Any ‘certification’ awarded will confirm that employees have completed training and possibly been tested on their knowledge of HIPAA Rules. That may be advantageous when seeking work, but it is not officially recognized by any federal agency.

Confirming HIPAA Compliance Using Third Party Audits

Potential business associates of HIPAA-covered entities often undergo audits by third party HIPAA compliance experts to confirm that their products, services, policies, and procedures meet HIPAA requirements. The audits are useful for peace of mind as they confirm HIPAA compliance. However, there are no officially recognized private consultants or companies that offer services like this.

Even if HIPAA certifications are awarded by external auditors and assessors they have no legal grounding. Audits only confirm that technical, physical, and administrative safeguards and company policies and procedures meet HIPAA requirements at the time the audit was completed.


Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy