What is “HIPAA Certification”?

“HIPAA Certification” is not an officially-sanctioned qualification to show a Covered Entity or Business Associate is HIPAA compliant. It is simply a certificate indicating an individual or organization has undergone some level of training towards HIPAA compliance.

Such is the misunderstanding of the term “HIPAA Certification”, the Department of Health and Human Services has issued a statement on its website to the effect there is no HIPAA Certification process, and that no company has the authority to certify HIPAA compliance.

The statement reads: “It is important to note that HHS does not endorse or otherwise recognize private organizations’ “certifications” regarding the Security Rule, and such certifications do not absolve covered entities of their legal obligations under the Security Rule”.

So, is it Worth Getting HIPAA Certified?

Absolutely. The training provided by HIPAA certification companies – even though not officially sanctioned – can provide valuable information that will help your practice or business towards compliance with HIPAA. Remember, HIPAA compliance is not an option. It is mandatory for individuals and organizations that have contact with Protected Health Information.

Furthermore, such are the complexities of HIPAA, the Final Omnibus Rule and HITECH, it can be an incredible help to have somebody with an extensive knowledge of the regulations guide you through what needs to be done in your specific circumstances. Many HIPAA certification companies offer bespoke training plans to match their clients´ individual requirements.

It should be pointed out that, although certified training will not prevent fines being issued by HHS for HIPAA violations, the fact that you or a colleague/team within your organization has undergone training could be a mitigating factor and reduce the amount of any fine – assuming of course the lessons learned during HIPAA training have been put into practice.

What is the Cost of HIPAA Certified Training?

The cost of HIPAA certified training varies according to the nature of the training and the personnel within a healthcare or healthcare support business that requires training. Personnel working in a 5,000 bed medical center will require considerably more HIPAA training than a sole-trader insurance broker who handles a limited number of healthcare claims each year.

Although the HIPAA regulations apply equally to both entities, there will be more compliance issues to resolve and more policies to establish in larger organizations. Personnel within a 5,000 bed medical center will have access to a greater volume of Protected Health Information – placing the medical center at greater risk of a security or privacy breach.

Although the HIPAA training requirements are vague, HIPAA training is mandatory. But shopping around for the “best HIPAA certification deal” is not an ideal solution. There are companies offering HIPAA certification for $19.99 after thirty minutes of training. Naturally, thirty minutes of training is insufficient to cover he complexities of HIPAA, the Final Omnibus Rule and HITECH.

Two Ways to Reduce the Cost of HIPAA Training

Constantly reviewing processes, updating risk assessments and training staff can be resource-intensive – and expensive if you are using a third-party HIPAA certification company. Many organizations therefore appoint one person as a HIPAA compliance office, pay to have the individual trained as a HIPAA trainer, and then conduct all their HIPAA training in-house.

An alternate way to reduce the cost of HIPAA training is with HIPAA training software. HIPAA training software allows you to achieve HIPAA certified training at your own pace. You can focus on the online training modules that are more relevant to your particular circumstances, pause and restart the modules as you wish, use the same material to train other employees.

The best software-based HIPAA certified training courses combine frequently updated online training modules with ongoing human support. Often advertised as “total compliance solutions”, these courses can be tailored to suit the requirements of each individual entity, and both educate and guide employees through the minefield of HIPAA regulations.

What to Look Out for in a Total HIPAA Compliance Solution

A total HIPAA compliance solution should, by definition, be “total”. Several companies advertise their solutions as “total” while only providing guidance on Security Rule risk assessments and safeguards. Similar to avoiding companies offering HIPAA certification for $19.99, companies that offer anything less than a total solution should be avoided. The key areas to look out for include:

  • Security, administrative, technical, physical, privacy and device risk assessments.
  • A training management feature that tracks who has been trained and when.
  • Implementing administrative, physical and technical safeguards.
  • The development of compliant policies and procedures.
  • How to identify, report and manage breaches of PHI.
  • Business Associate management and due diligence.

One company we have identified that provides a genuine “total” HIPAA compliance solution is the Compliancy Group. The company provides tailored online training courses that include self-auditing questionnaires, document control and gap monitoring/remediation. The online training is supported by live, human compliance coaching.

On completion of the training course, the Compliancy Group awards successful individuals and businesses their “Seal of Compliance”. Again, this is not an officially-sanctioned qualification to show a Covered Entity or Business Associate is HIPAA compliant, but it does indicate a willingness to avoid using the potentially misleading term “HIPAA Certification”.