Health Information Compliance Alert
Don’t Be Fooled By ‘HIPAA Certification’ Schemes
PDF
Question: We recently got a flier from a compliance company touting that it could certify our practice as compliant with the HIPAA Security Rule after a review of our policies and procedures for a flat fee. Is there even such a thing as a HIPAA certification for a medical practice? Texas Subscriber Answer: No, HIPAA certification is not a thing, and vendors marketing that they can certify your policies after looking at your systems and data are not to be trusted. In fact, “there is no standard or implementation specification that requires a covered entity to ‘certify’ compliance” at all, according to HHS Office for Civil Rights (OCR) guidance. However, the HIPAA Security Rule does require covered entities (CEs) to annually evaluate policies and procedures, assess risks, and manage the issues through updates. These compliance check-ups can be done by your IT staff or outsourced to a compliance expert, but there is no certification process or credential for being HIPAA compliant. “It is important to note that HHS does not endorse or otherwise recognize private organizations’ certifications’ regarding the Security Rule, and such certifications do not absolve covered entities of their legal obligations under the Security Rule,” warns OCR guidance. “Moreover, performance of a ‘certification’ by an external organization does not preclude HHS from subsequently finding a security violation.”
Health Information Compliance Alert
- Policy:
Feds Invite Feedback on HIPAA and HITECH Provisions
RFI focuses on aspects of HIPAA security and compensation after breach. Designing and implementing a [...] - Remote Work Compliance:
Bolster Your VPN Security With This Insight
Tip: Make password management a priority. Whether your organization has been part of the pandemic-inspired, [...] - Know the Cyber Risks Associated With RPM
Understand what constitutes an ‘IoT device.’ If your practice ramped up its remote patient monitoring [...] - Toolkit:
Register These Insider Threat ‘Indicators’
HHS provides fresh guidance on what to look for. With cyberattacks on the rise, your [...] - Privacy:
Review State Regulations to Ensure Compliance
Caution: State laws may be tougher than federal regulations. Your organization may operate in a [...] - Reader Question:
Don’t Be Fooled By ‘HIPAA Certification’ Schemes
Question: We recently got a flier from a compliance company touting that it could certify our [...] - Industry News:
Feds Extend COVID PHE for a 9th Time
HHS Secretary Xavier Becerra signed a ninth extension of the COVID-19 public health emergency (PHE), [...] - Industry Notes:
Joint Advisory Warning Offers Insight on Cyber Vulnerabilities
Organizations across a myriad of industries suffered from increases in cyberattacks last year. A recent [...]