How Long Does HIPAA Certification Last?

How Long Does HIPAA Certification Last?

Compliance training companies often provide trainees with a certificate at the conclusion of a HIPAA training course to demonstrate trainees have completed the course. This is sometimes referred to as HIPAA Certification, but what exactly does HIPAA Certification mean and how long does HIPAA Certification last?

What is HIPAA Certification?

HIPAA certification is a proof of training certificate provided by a third-party compliance training company to members of a Covered Entity´s or Business Associate´s workforce when they have completed a HIPAA training course. In many cases, a copy of the certificate is also provided to the Covered Entity or Business Associate to demonstrate compliance with the training requirements of the HIPAA Privacy and Security Rules.

Depending on the nature of the training course, the certificate can list the topics or modules covered in the training. Listing the topics helps Covered Entities and Business Associates determine whether refresher training is required due to a “material change in policies and procedures“ (under CFR 45 § 164.530) because it makes it simpler to identify the group(s) for whom refresher training is “necessary and appropriate”.

It can also be beneficial for members of the workforce to have HIPAA Certification when applying for new jobs or a promotion. The certification demonstrates that the member of the workforce has an understanding of HIPAA and, if the topics covered in the training are itemized, what further training might be necessary to promote the individual to a role with more responsibility and increased access to Protected Health Information.

How Long Does HIPAA Certification Last?

Although a certificate awarded at the end of a training course is a point-in-time recognition, it is also a proof-of-compliance document that training has been provided. As Covered Entities and Business Associates are required to retain HIPAA-related documents for a minimum of six years, HIPAA Certification also has a six-year shelf life in theory – although the shelf-life could be much longer in practice.

This is because whenever a material change occurs for which refresher training is necessary, members of the workforce who complete the refresher training will be provided with a new certificate. The new certificate also has to be retained for six years but will only list the topics covered in the refresher training. Therefore, it may be necessary to retain the original proof-of-compliance document for longer than six years to complement the original document.

This scenario applies not only to refresher training for material changes, but also when refresher training is provided due to a patient compliant, a risk analysis identifying a need for further training, or a corrective action order from HHS Office for Civil Rights. In certain states, biennial refresher training is a requirement of the state´s own data privacy regulations, so it could be possible that HIPAA Certification lasts indefinitely.