HIPAA stands for the Health Insurance Portability and Accountability Act.
It’s a federal law that sets the standard of protection for patient protected health information, PHI for short.
In other words, HIPAA protects patient PHI from being disclosed without a patient’s knowledge or consent. Any company that handles protected health information in any way has an obligation to follow HIPAA laws.
This is true even if you aren’t working in the healthcare industry.
There are 3 categories of covered entities that need to follow HIPAA laws.
Those categories are health plans, healthcare clearinghouses, and healthcare providers.
Another classification of organizations that fall within the scope of HIPAA compliance is known as business associates.
Business associates are those that work with, have access to, or maintain the PHI on behalf of a covered entity. This means that they’re organizations that help entities with their operations .
So if you fall under any of these categories then you know you must follow HIPAA laws. But do you need a HIPAA certification? And how long does it last? Let’s talk about it.
What does it mean to be HIPAA “certified”?
A HIPAA certification is given to a healthcare organization after they have proven to meet the standards of the HIPAA Security Rules. Now, there is no requirement that an organization needs to certify their HIPAA compliance. You must be HIPAA compliant, but this does not mean you have to be certified.
There’s a difference between the two.
If it’s not required, then why seek out a HIPAA certification?
There are benefits to a HIPAA certification:
There’s the potential for an increase of awareness regarding HIPAA processes and procedures. This means heavier protection for PHI as well as a stable company culture.
Not to mention the certification may appeal to your patients or partners.
There is a sense of trust.
All of these are great assets to your organization that will keep you moving in the right direction.
So how do you receive a HIPAA certification?
There’s not just one way.
It’s most common to receive a HIPAA certification through a third party certification company.
The third party will conduct an audit of your organization to determine whether or not your daily practices match up with HIPAA requirements. You can do this in-house but reaching out to vendors for services such as HIPAA training and risk analyses are most common.
A side note for organizations that are not HIPAA certified:
It’s periodically required for a healthcare organization to evaluate both the technical and non-technical aspects of HIPAA security practices.
If you are found to be HIPAA compliant…Congratulations!
You now have informally become “HIPAA certified”.
Informally you may ask…well you cannot become “officially certified”.
As I mentioned earlier, this certification can boost reputation and trust.
But just because you received this certificate doesn’t mean you disregard everything you learned.
The certification doesn’t mean anything unless you put those practices into place.
What I mean by this is that receiving a certification for the Security Rule does not change your obligations under the Security Rule.
HIPAA compliance must be carried out on a daily basis and this is true whether you have been certified or not.
You can still be held accountable for HIPAA violations and fines. Let’s say you got involved in an Office for Civil Rights investigation. Even with your certification, you still have to demonstrate how you comply with HIPAA laws on a daily basis.
HIPAA compliance is a never ending process. The healthcare industry, technology, and processes are always changing.
You must make it a routine to monitor your practices and adjust accordingly in order to meet regulatory requirements.
For this reason, a HIPAA certification has no lifespan and it is a best practice to conduct regular compliance audits.
If you’d like to learn more about HIPAA certifications, reach out to Etactics. And you already made it this far into the video so you might as well like it, share it, and comment below.
►Reach out to Etactics @ www.etactics.com​
►Subscribe: rb.gy/pso1fq​ to learn more tips and tricks in healthcare, health IT, and cybersecurity.
►Find us on LinkedIn: / etactics-inc
►Find us on Facebook: / ​
#HIPAA #HIPAACertification