HIPAA Certification is a term commonly used by many vendors today which erroneously claim the ability to certify organizations on the HIPAA Privacy Rule and make them HIPAA Compliant. In most situations this is a term used for marketing purposes and has little meaning in terms of HIPAA compliance. This is a misconception actively countered by the Office for Civil Rights (OCR) with oversight of the HIPAA Regulations

The Office for Civil Rights and HIPAA Certification

The Department of Health & Human services (HHS) and OCR have made it clear that in regard to HIPAA certification they do not endorse any private consultants’ or education providers’ seminar, material, or systems, and do not certify any persons or products as “HIPAA compliant.” In addition, the Privacy Rule does not require attendance at any specific seminars. The OCR has taken a further step and indicated that anyone making false or misleading representations about HHS or OCR in regard to HIPAA training and compliance may be reported to the OCR.

Does this mean there is no certification and no guidance from the OCR regarding certification? No, of course, the HHS and OCR have given direct guidance in their Administrative Notices and Guidance as listed below:

“The Privacy Rule requires activities such as:

Training employees so that they understand privacy procedures.

The training requirement may be satisfied by a small physician practice’s providing each new member of the workforce with a copy of its privacy policies and documenting that new members have reviewed the policies: whereas a large health plan may provide training through live instruction, video presentations, or interactive software programs.

HIPAA Associates and HIPAA Certification

We will assist your organization to follow the OCR requirements which expects that each member of the workforce will review and understand privacy policies; HIPAA Associates will provide training through video presentations, or interactive software programs. We are prepared to certify your organization has completed the necessary training in HIPAA which is consistent with the requirements of the OCR. Our staff is prepared to assist you with these requirements through our programs and our personal service.

HIPAA Requirements

In the Administrative Requirements HIPAA requires covered entities to institute HIPAA training programs that address the various procedures and systems to meet HIPAA Privacy Rule regulations. An organization such as a covered entity should determine the appropriate tools for training that are appropriate to the size, nature and needs of the organization. For example, the HIPAA training program should accomplish the following:

  • address the HIPAA privacy and security rules;
  • cover any new organizational policies and procedures;
  • address new software; and
  • general HIPAA awareness training.

Train For Compliance

The Administrative requirements of HIPAA (§ 164.530) indicate that a covered entity must train all members of its workforce on the policies and procedures with respect to protected health information as necessary and appropriate for the members of the workforce to carry out their functions within the covered entity.

  • A covered entity must provide training to each member of the covered entity’s workforce no later than the compliance date for the covered entity.
  • Each new member of the workforce must be trained within a reasonable period of time after the person joins the covered entity’s workforce.
  • A covered entity must train each member of the covered entity’s workforce whose functions are affected by a material change in the policies or procedures within a reasonable period of time after the material change becomes effective.
  • A covered entity must document that the training has been provided.

The Office for Civil Rights does not recognize HIPAA certification and consequently HIPAA Associates does not offer such. We offer to those who take and pass our HIPAA training, a certificate of completion that acknowledges they have received the information related to HIPAA that is pertinent to the HIPAA Privacy Rule and their job function. This is in keeping with the requirements of the OCR.

We offer online HIPAA training programs created with the requirements of the HIPAA Privacy Rule in mind. We base our training on in-depth knowledge of the law and the benefit of many years of experience working with HIPAA and the Office for Civil Rights. Our professionals have over 20 years of experience and have HIPAA/Compliance certifications from the Health Care Compliance Association and the American Health Information Management Association. These courses include information on best practices and cover all of the necessary information you will need to understand the basic concepts of HIPAA. We follow the intent of the OCR in all of our training programs.

Becoming HIPAA compliant?

HIPAA compliance is not a simple one step process covered by an individual HIPAA training program. HIPAA compliance is a multi-step process as described in our HIPAA Compliance Checklist. It involves at least the following steps which must be in place and constantly monitored to ensure they are functional.  These are the same features you will find in HIPAA Privacy Policies.

  • Implement written policies, procedures and standards of conduct. Policies and procedures help establish rules that help employees carry out their roles that ensure compliance with the HIPAA Privacy Rule. An organization must create the policies and procedures necessary to effect the requirements from the OCR.
  • Designate a compliance officer and compliance committee. The compliance officer is responsible with operating and monitoring the compliance program.
  • Conduct effective training and education. It is expected that all employees, physicians, and board members should receive training on the HIPAA Privacy Rule.
  • Develop effective lines of communication. Employees must have avenues available to them for reporting concerns internally.
  • Conduct internal monitoring and auditing. A well-functioning program will have an ongoing process that evaluates and assess the organization to detect inappropriate behavior
  • Enforce standards of conduct through well-publicized disciplinary guidelines. It is important that an organization have well published standards of conduct.
  • Respond promptly to detected offenses and undertaking corrective action. It is imperative for an organization to ensure timely and effective remedial action for offenses.

HIPAA Compliance and Certification of Compliance is only obtained by following these steps and ensuring they are constantly followed. HIPAA Associates can help you take make this happen. We can ensure you meet these requirements and thus will you be able to verify to the OCR that your organization is in compliance with the HIPAA Privacy Rule.