When dealing with sensitive patient data, HIPAA guidelines come into play. The Health Insurance Portability and Accountability Act (HIPAA), is the standard for healthcare organizations to ensure patient confidentiality stays intact, but does the HIPAA certification actually exist?
The real answer to this question – no. There is no legal or official HIPAA certification process or accreditation. If there’s no HIPAA certification, why do organizations say they are certified? What is HIPAA Certification definition? In most cases, they want customers to feel they are in compliance with HIPAA standards. Truthfully, the compliance standards are always evolving, so it’s an ever-changing process.
Why doesn’t the HIPAA certification exist?
There are a number of reasons why there is no “official” certification, but one of the biggest: HIPAA rules are complex. HIPAA requires organizations that have to follow compliance rules to have security awareness and training programs in place for their employees. In turn, the employees must provide written confirmation of their training and ability to pass an exam on their knowledge.
With the standards consistently being updated, many organizations utilize third-party compliance specialists to help ensure all rules are being met. An organization may find external auditors who claim to award HIPAA certification, but again, there is no official certification process and those claims will not hold up in the event of litigation or fines. An organization may find companies offering certifications in:
- Privacy and Security Awareness Training
This program is overseen by the federal government and is required for all Department of Health and Human Resources employees and contractors annually, but again, it is not a certification for HIPAA. It only addresses HIPAA compliance.
- Certified HIPAA Professional (CHP)
This is a class for an individual, and only covers the basics of HIPAA compliance. Again, it does not certify the organization. Someone taking this course would be an asset on the HIPAA compliance team.
- Certified HIPAA Administrator (CHA)
This is a course for those who oversee healthcare services. Many hospital administrators and nurses often take this course. It has nothing to do with certifying the organization.
- Certified HIPAA Security Specialist (CHSS)
This course deals with the technical requirements of HIPAA compliance, providing insight for IT employees and those dealing with electronic medical records.
How serious is this?
OCR has clear language on their website informing organizations that any “certifications” obtained won’t absolve them of security violations. HIPAA violations could result in millions of dollars in fines, which is the driving factor for intense training. It is very important to train every employee on what is required by HIPAA to keep the organization in compliance, but there are no legal HIPAA certifications. Having everyone on the same page, and understanding the rules is the first step in deciphering the complex policies and procedures required of the organization. By doing this, the organization will have better internal risk management and compliance standards, solidifying their compliance at a higher level.