HIPAA Certified OR HIPAA Compliant?
In today’s connected world, almost everyone has heard the term HIPAA, or Health Insurance Portability and Accountability Act, and has some idea that it’s related to healthcare privacy. However, some entities tout themselves as being HIPAA Certified. What does that mean, especially to a company looking for this type of certification?
Per HIPAA Journal’s “What is HIPAA Certification?” article in March of 2018, there are many companies claiming HIPAA Certification. “However, ‘HIPAA Certified’ is a misnomer. There is no official, legally recognized HIPAA compliance certification process or accreditation.” There can’t be, as HIPAA compliance is a continuous process, with constant work on keeping up with changing regulations, training and retraining employees to stay abreast.
HIPAA requires covered entities and healthcare business associates to provide training to their employees regarding HIPAA standards. These policies provide employees with the required practices that protect personal information and health details. Because there is not a true certification for HIPAA, the training materials may encompass company specific videos, online tutorials, reading materials and/or a combination of all. The training is usually coupled with a test specific to the standards of each organization, however, HIPAA only requires written confirmation from employees stating they did receive training. This reflects that the training has taken place and this employee and organization are in fact, HIPAA compliant.
There are third-party auditors that are willing to assess (audit) your policies, workplaces, services, etc., to confirm your organization meets HIPAA regulations and rules, but this can only be attested to at that moment in time. It does not hold up to legal scrutiny, and therefore does not constitute the inaccurate label of HIPAA certification, but does confirm HIPAA compliance.