Uncategorized

HIPAA Certified vs. HIPAA Compliant

onlinetech
onlinetech
3 Min Read
HIPAA Certified Data Centers?

This is a blog post on the phrase ‘HIPAA certified’ to inform you that there is no such thing as ‘HIPAA certified.’ What’s the correct term, then? ‘HIPAA compliant.’ This means that you, as a covered entity, or business associate, has been found in compliance with the HIPAA Security and Privacy Rules as established by the Department of Health and Human Services (HHS). You have done your due diligence by putting in policies, processes and procedures to achieve technical, administrative and physical safeguards to protect PHI.

This is a blog post on the phrase ‘HIPAA certified’ to inform you that there is no such thing as ‘HIPAA certified.’ What’s the correct term, then? ‘HIPAA compliant.’ This means that you, as a covered entity, or business associate, has been found in compliance with the HIPAA Security and Privacy Rules as established by the Department of Health and Human Services (HHS). You have done your due diligence by putting in policies, processes and procedures to achieve technical, administrative and physical safeguards to protect PHI.

The HHS does recognize any ‘HIPAA certification’ program as legitimate. When they come to inspect and audit, they will likely not care if you have a ‘HIPAA certified’ seal on your website. They care about the security and design of your controls to protect PHI to the best of your ability, and the actual policies and procedures your organization abides by.

While many use ‘certified’ and ‘compliant’ interchangeably to mean the same thing, they cannot be used to describe data centers, hosting providers or any service provider acting as a business associate to a covered entity that needs to achieve their own compliance. For example, it’s not ‘HIPAA certified data centers,’ it’s ‘HIPAA compliant data centers.’ Or ‘HIPAA compliant hosting,’ not ‘HIPAA certified hosting.’

More Read

Shahid Shah Speaking at NIH Clinical Center on Why Meaningful Use (MU) and EHRs are Insufficient for Evidence Based Medicine (EBM) and Comparative Effectiveness Research (CER)
Data De-Identification – An Easier Way to HIPAA-Compliance
Ramping Up For HIMSS 2012
Health IT Confusion and Clarification
October 3rd and Maximum EHR Incentive Payments

This article, from ZDNet is properly titled Will Your Cloud Be HIPAA Compliant? Yet, despite its title, ‘certified’ appears everywhere in the article as it refers to data center providers:

HIPAA Certified Data Centers?

But at least one person commenting on the article seems to understand the difference:

 

So for service providers in the healthcare industry – and for healthcare organizations that contract out to them, please take heed: the correct term is “HIPAA compliant” not “HIPAA certified.” Be wary of those that claim to be certified – because chances are, they might not really know what they’re talking about at all.

TAGGED:
Share This Article

Stay Connected

Latest News

The Backbone of Successful Trials: Clinical Data Management
Global Healthcare
The Role of Comprehensive Psychiatric Evaluations in Effective Mental Health Care
The Role of Comprehensive Psychiatric Evaluations in Effective Mental Health Care
Mental Health
Outdoor Containment Setup with Medical Personnel in Protective Gear Walking Towards Tent During Autumn Season in a Forest Environment
Engineering Temporary Hospitals for Extreme Weather
Health Hospital Administration
talk junkie mental health support
AI and Emotional Support_ How Talkie Lab is a Valuable Tool
Technology

You Might also Like