Published Feb 1, 2006
meta41023
1 Post
One quick look at Google (
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=hipaa%2C+certification ) and you'll see hundreds of vendors trying to make a buck out out this!
They are selling PRIVACY certification - which is not required....
Some "real" companies are selling Transaction compliance certification (not related to Privacy) that are OK --
here is a good article:
http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,61815,00.html
And, don't let vendors imply that the 2005 Security Rule (the third part of HIPAA) requires "certification" either!
....(from here - http://www.hipaadvisory.com/regs/finalsecurity/summaryanalysis.htm
"Periodic technical and non-technical evaluation of the organization's compliance with the Security rule. The term "evaluation" in the final rule replaces "certification" required in the draft Security Rule. HHS responded to criticisms of this original requirement by replacing it with a mandate to "periodically conduct an evaluation...to demonstrate and document...compliance with the entity's security policy and the [security Rule] requirements.
Covered entities must assess the need for a new evaluation based on changes to their security environment since their last evaluation."
============
Bottom line:
Read FAQ #1 here: http://www.hipaagroup.com/HIPAAFAQs.asp http://www.hipaagroup.com/HIPAAFAQs.asp
As far as "certifying" individuals or specific Covered Entities (as defined by HIPAA), for being HIPAA Compliant or "Certified", there is no such thing, at least not in an official, federally approved capacity. Some organizations are beginning to offer "certification" training and testing. Be aware that many of these firms are
private, un-official ventures that have simply made up a HIPAA certification, and designed training and testing to match. These are for-profit ventures, designed to exploit the current HIPAA certification requirements with no federal authority to create or designate such "certifications". There is no federally approved, chain-of-trust-based, official HIPAA certification for individuals. If you choose to pursue one of the privately offered programs, be clear on what you are really getting.
===
Hope this helps!