Is there HIPAA Certification?

One quick look at Google (
http://www.google.com/search?hl=en&i...+certification ) and you'll see
hundreds of vendors trying to make a buck out out this!

They are selling PRIVACY certification - which is not required....

Some "real" companies are selling Transaction compliance certification
(not related to Privacy) that are OK --
here is a good article:
http://www.computerworld.com/securit...,61815,00.html

And, don't let vendors imply that the 2005 Security Rule (the third
part of HIPAA) requires "certification" either!
.....(from here - http://www.hipaadvisory.com/regs/fin...ryanalysis.htm

"Periodic technical and non-technical evaluation of the organization's
compliance with the Security rule. The term "evaluation" in the final
rule replaces "certification" required in the draft Security Rule. HHS
responded to criticisms of this original requirement by replacing it
with a mandate to "periodically conduct an evaluation...to demonstrate
and document...compliance with the entity's security policy and the
[Security Rule] requirements.
Covered entities must assess the need for a new evaluation based on
changes to their security environment since their last evaluation."

============

Bottom line:

Read FAQ #1 here: http://www.hipaagroup.com/HIPAAFAQs.asp
http://www.hipaagroup.com/HIPAAFAQs.asp


As far as "certifying" individuals or specific Covered Entities (as
defined by HIPAA), for being HIPAA Compliant or "Certified", there is
no such thing, at least not in an official, federally approved
capacity. Some organizations are beginning to offer "certification"
training and testing. Be aware that many of these firms are
private, un-official ventures that have simply made up a HIPAA
certification, and designed training and testing to match. These are
for-profit ventures, designed to exploit the current HIPAA
certification requirements with no federal authority to create or
designate such "certifications". There is no federally approved,
chain-of-trust-based, official HIPAA certification for individuals. If
you choose to pursue one of the privately offered programs, be clear on
what you are really getting.
===

Hope this helps!

.

Relevant Pages

  • Re: Is there HIPAA Certification?
    ... Ever since the word HIPAA was ever uttered here people have been overzealously over-interpreting, ... They are selling PRIVACY certification - which is not required.... ... don't let vendors imply that the 2005 Security Rule (the third ... "Periodic technical and non-technical evaluation of the organization's ...
    (sci.med.transcription)
  • RE: HIPAA and endpoint certification
    ... HIPAA makes no mention certification of endpoints for the transmission ... a person or entity seeking access to electronic protected health ...
    (Security-Basics)
  • Re: AAMT Guided Tour of Online Resources for MTs Class for $5
    ... I actually saw where AAMT thought they ... were going to try to take over certification for HIPPA or something similar. ... Chiliday, it's HIPAA, HIPAA, HIPAA! ...
    (sci.med.transcription)
  • Re: Common Criteria Certification
    ... go the entire Microsoft evaluation staff two months ago - we know this ... evaluations but Microsoft had pulled the plug on the project so he suddenly ... Vista in D.C. before 2010 when we see that certification. ... Kim Jong, MCSE ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Certification (was RE: realpath(3) et al)
    ... > security' is often the most prominent thing in the minds of the people ... SuSe has a low assurance evaluation against a custom-written ... before, if you want to get into the certification game, what you really ... evaluation of FreeBSD in their organization so that once you have it ...
    (FreeBSD-Security)