What is HIPAA Compliance Verification?
“HIPAA Compliance Verification” is a term used by training providers to indicate an individual or organization has undergone and passed a course in HIPAA compliance. After passing the course in HIPAA compliance, the successful individual or organization is allowed to display the training provider´s “Certificate” or “Seal of Approval” on their website and other documentation – such as a résumé.
The term “HIPAA Compliance Verification” is often interchanged with “HIPAA Certification” or “HIPAA Certified”. None of the three terms are recognized by the Department of Health & Human Services, who state on its website: “There is no HIPAA Certification process, and no company has the authority to certify HIPAA compliance. Such certifications do not absolve Covered Entities of their legal obligations.”
So, Is There Any Point to HIPAA Compliance Verification?
In a word “yes”. Although HIPAA compliance verification may not be recognized by the Department of Health & Human Services, HIPAA compliance training is mandatory. The training services provided by third-party companies – particularly those who provide online training – can be more cost-effective and less time consuming for an organization than having to create a training program of its own.
Furthermore, although the Department of Health & Human Services publishes a selection of training materials and resources on its website, by its own admission there are no specific HIPAA training requirements. Companies offering HIPAA compliance verification can therefore tailor their training courses to each individual´s or organization´s specific roles within the healthcare industry.
This has the advantage of making a security or privacy breach less likely, as employees are trained to identify risks to the integrity of the Protected Health Information they come into contact with during their day-to-day working lives. Organizations are more likely to conduct relevant risk assessments and develop enforceable HIPAA compliant policies, rather than if there were “one-size-fits-all” training.
But Companies Are Not Authorized to Certify HIPAA Compliance
That is true, and the onus is still on the individual or organization to ensure they comply with HIPAA. A “Certificate” or “Seal of Approval” will not prevent the Department of Health & Human Services issuing a fine if a breach of PHI occurs; but, as long as the content of the training course is implemented, a breach of PHI is less likely to occur. It is the training that is important, not HIPAA compliance verification.
Therefore be wary of companies that offer HIPAA Certification for $20. These companies are unlikely to provide the depth of training needed to understand the complexities of HIPAA. Some companies issue certificates to trainees after the trainees have sat through an online thirty-minute video. Some do not even insist trainees watch the video. They can pay their $20 and download the certificate.