Health Insurance Portability and Accountability Act (HIPAA)

Wrong interpretations of the Health Insurance Portability and Accountability Act can sometimes jeopardize patients safety.

In addition, errors in interpretation can subject organizations to unreasonable costs on materials or systems not endorsed or required by the federal government and even threaten business relations with U.S. based entities.

Unlike ISO, SOC, PCI, etc. there are no implementation specifications nor any authorized legal entities that can certify organizations as HIPAA compliant. While The Office for Civil Rights (OCR) as part of the Department of Health and Human Services (HHS) demands a periodic evaluation to establish the extent to which an organization’s security policies and procedures meet the security requirements based on the 164.308(a)(8) security rule as a way to achieve compliance with HIPAA, it does not specify or advise for or against performing it internally or with the help of external organizations. However, external evaluations do not equate to HIPAA legally recognized certifications.

Despite the fact that a plethora of private security and health companies offer HIPAA “certification”, courses and even HIPAA compliance software, they represent nothing but means of providing awareness and education for organizations who wish to educate their staff on the regulations, adherence to and maintenance of compliance with HIPAA.

Participating in educational courses, collaborating with external parties for the periodic evaluation as well as implementing compliance software represent additional tools towards achieving and maintaining compliance with HIPAA, however, they are not to be mistaken for legally recognized certifications.

Final thoughts

Rather than referring to HIPAA certifications, organizations should aim for compliance with the act. How? Apart from performing periodic evaluations as requested through the security rule of HIPAA’s section 164, adopting best privacy and technical security practices and keeping up-to-date with latest security developments will help your organization reduce liability significantly and avoid HIPAA infringements.

Are you curious about HIPAA and its impact on your business? Understanding these regulations is crucial for your success and compliance. At Chekt, we specialize in helping businesses navigate the complexities of HIPAA. Reach out to us today to learn more about how HIPAA affects your operations and how we can support you in staying compliant and thriving in your industry.