“HIPAA Certification” is not an officially-recognised qualification to show a Covered Entity or Business Associate is HIPAA compliant. It is simply a certificate showing that an individual or organization has completed some level of training towards HIPAA compliance.
Such is the confusion regarding the term “HIPAA Certification”, the Department of Health and Human Services has released a statement on its website to the effect there is no HIPAA Certification process, and that no company has the power to certify HIPAA compliance.
The statement says: “It is important to note that HHS does not endorse or otherwise recognize private organizations’ “certifications” regarding the Security Rule, and such certifications do not absolve covered entities of their legal obligations under the Security Rule”.
So, Should you Seek HIPAA Certification?
The training given by HIPAA certification companies – even though not officially recognized – can provide valuable information that will help your practice or business towards compliance with HIPAA. Remember, HIPAA compliance is not an option. It is legally required for individuals and organizations that have contact with Protected Health Information.
Additionally, such are the complexities of HIPAA, the Final Omnibus Rule and HITECH, it can be a massive help to have somebody with a wide knowledge of the regulations guide you through what needs to be done in your specific circumstances. Many HIPAA certification firms provide bespoke training plans to match their clients´ individual requirements.
It should be emphasised that, although certified training will not stop fines being issued by HHS for HIPAA violations, the fact that you or a colleague/team within your organization has undergone training could be a mitigating factor and reduce the size of any potential fine – assuming of course the lessons learned during HIPAA training have been put into practice.
How much is HIPAA Certified Training?
The cost of HIPAA certified training ranges according to the nature of the training and the personnel within a healthcare or healthcare support company that requires training. Personnel working in a 5,000 bed medical center will require much more HIPAA training than a sole-trader insurance broker who handles a limited number of healthcare claims annually.
Although the HIPAA regulations apply equally to both bodies, there will be more compliance issues to resolve and more policies to establish in larger companies. Personnel within a 5,000 bed medical center will have access to a greater amount of Protected Health Information – placing the medical center at greater risk of a security or privacy breach.
Although the HIPAA training requirements are vague, HIPAA training is legally required. But looking around for the “best HIPAA certification deal” is not a perfect solution. There are companies offering HIPAA certification for $19.99 after 30 minutes of training. Naturally, thirty minutes of training is insufficient to cover the facets of HIPAA, the Final Omnibus Rule and HITECH.