What is HIPAA Certification?

“HIPAA Certification” is not an officially-recognized qualification to indicate that a Covered Entity or Business Associate is HIPAA compliant. It is just a certificate indicating a person or group has undergone some level of training towards HIPAA compliance.

The Department of Health and Human Services has released a statement on its website to the effect there is no HIPAA Certification process, and that no company has the authority to award HIPAA compliance.

The statement says: “It is important to note that HHS does not endorse or otherwise recognize private organizations’ “certifications” regarding the Security Rule, and such certifications do not absolve covered entities of their legal obligations under the Security Rule”.

The training conducted by HIPAA certification companies – even though not officially recognized – can supply valuable information that will help your practice or business towards compliance with HIPAA. Remember, HIPAA compliance is mandatory.

In addition to this, such are the complexities of HIPAA, the Final Omnibus Rule and HITECH, it can be an incredible help to have somebody with an extensive knowledge of the regulations guide you through what needs to be completed in your specific circumstances. Many HIPAA certification companies offer bespoke training plans to meet their clients´ individual requirements.

It should be emphasized that, although certified training will not stop fines being issued by HHS for HIPAA violations, the fact that you or a colleague/team within your organization has completed training could be a mitigating factor and reduce the amount of any fine – assuming of course the lessons learned during HIPAA training have been put into use.

The cost of HIPAA certified training is different depending on the nature of the training and the personnel within a healthcare or healthcare support business that needs training. Personnel working in a 5,000 bed medical center will require much more HIPAA training than a sole-trader insurance broker who handles a limited number of healthcare claims annually.

Although the HIPAA regulations apply at the same level to both bodies, there will be more compliance issues to resolve and more policies to establish in larger groups. Personnel within a 5,000 bed medical center will have access to a greater amount of Protected Health Information – placing the medical center at greater risk of a security or privacy violation.

Although the HIPAA training requirements are vague, HIPAA training is mandatory. But searching for around for the “best HIPAA certification deal” is not an ideal solution. There are companies offering HIPAA certification for $19.99 after thirty minutes of training. Naturally, thirty minutes of training is insufficient to cover he complexities of HIPAA, the Final Omnibus Rule and HITECH.

Constantly reviewing processes, updating risk assessments and educating staff can be resource-intensive – and expensive if you are employing a third-party HIPAA certification firm. Many groups therefore appoint one person as a HIPAA compliance office, pay to have the person trained as a HIPAA trainer, and then conduct all their HIPAA training in-house.

A different way to cut the cost of HIPAA training is with HIPAA training software. HIPAA training software allows you to achieve HIPAA certified training at your own pace. You can concentrate on the online training modules that are more relevant to your particular instances, pause and restart the modules as you wish, use the same material to train other staff .

The best software-based HIPAA certified training courses use constantly updated online training modules with ongoing human support. Often sold as “total compliance solutions”, these courses can be customized to suit the requirements of each individual entity, and both train and guide employees through the minefield of HIPAA regulations.

A complete total HIPAA compliance solution should, by definition, be “total”. Many companies advertise their solutions as “total” while only providing advice on Security Rule risk assessments and safeguards. Similar to avoiding companies offering HIPAA certification for $19.99, firms that offer anything less than a total solution should be avoided. The key things to look out for include:

  • Risk assessments in relation to security, administrative, technical, physical, privacy and devices.
  • A training management utility that records who has been trained and when.
  • Configuring administrative, physical and technical safeguards.
  • The formulation of compliant policies and procedures.
  • How to spot, report and handle breaches of PHI.
  • Business Associate management and due diligence features.