By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    What Are the Benefits of CBD?
    November 27, 2021
    How to Measure Adult Diapers- The Ultimate Guide to Picking the Right Size
    March 8, 2022
    medicine cabinet
    The Effect Of Finished Dosage Form Manufacturing In New Drugs
    July 5, 2022
    Latest News
    7 Most Common Healthcare Accreditation Programs: Which Should You Use?
    August 20, 2025
    Hospital Pest Control and the Fight Against Superbugs
    August 20, 2025
    Hygiene Beyond The Clinic: Attention To Overlooked Non-Clinical Spaces
    August 13, 2025
    5 Steps to a Promising Career as a Healthcare Administrator
    August 3, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Ebola Education, Hospital Marketing, Healthcare Marketing, Healthcare Communication
    Hospital Marketing and Ebola: Communication and Education Needed
    October 30, 2014
    healthcare IT
    The Billion Dollar Healthcare IT Opportunity That the US Government Wasted
    January 27, 2013
    red bull
    Downing Energy Drinks: A Real Buzz Kill
    March 17, 2015
    Latest News
    How Social Security Disability Shapes Access to Care and Everyday Health
    August 22, 2025
    How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
    August 22, 2025
    How One Fall Can Lead to a Long Road of Medical Complications
    August 22, 2025
    How IT and Marketing Teams Can Collaborate to Protect Patient Trust
    July 17, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Should App Developers Get HIPAA Certified?
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Social Media > Should App Developers Get HIPAA Certified?
eHealthSocial Media

Should App Developers Get HIPAA Certified?

morgan_truevault
morgan_truevault
Share
11 Min Read
Image
SHARE

ImageIf you are a developer and you create apps, software, or other technologies that are connected to healthcare information, you are likely dealing with the question of HIPAA compliance and whether the laws around compliance apply to you and your app. One of the first things that probably come to mind is whether you need to get HIPAA certified.

Contents
  • HIPAA Certification
  • The Benefits of HIPAA Certification
  • How do you become HIPAA certified?
  • Step One: Determining HIPAA Certification Level
  • Step Two: Completing HIPAA Training
  • Step Four: The HIPAA Certification Test
  • Step Five: Keeping Up to Date
  • Other Considerations

ImageIf you are a developer and you create apps, software, or other technologies that are connected to healthcare information, you are likely dealing with the question of HIPAA compliance and whether the laws around compliance apply to you and your app. One of the first things that probably come to mind is whether you need to get HIPAA certified.

It’s a reasonable question. Especially if you’ve built applications that use sensitive data like payment information, you’re used to the notion of required certifications. For example, online payment processors are required by law to be certified PCI compliant. If you’ve had to deal with PCI compliance, healthcare should have similar protections and certifications as well, right?

Unfortunately, it’s not that straightforward.

More Read

ICE BUCKET CHALLENGE
7 Viral Marketing Lessons from the ALS Ice Bucket Challenge
Pros, Cons of mHealth Fitness Devices in Health Care
HealthCare, Social Media, and Google+ – Information and Tips
‘Practical Data’, ‘Actionable Data’ and ‘Useful Data’ vs. ‘Big Data’ in Healthcare
How Can You Reduce Workplace Stress In 2016?

HIPAA Certification

Who Certifies HIPAA Compliance? The short answer is no one. The Health Insurance Portability and Accessibility Act doesn’t require you or your company to obtain a third party certification by law, and there is no governing body that can officially certify your company as compliant.

That doesn’t mean you can’t get HIPAA certified, but rather any certification you get is optional, and offers no guarantee of compliance in the eyes of the U.S. Department of Health & Human Services (HHS), the governing entity that enforces HIPAA.

The law only requires that you are HIPAA compliant. It does not recognize third party certifications as any more reliable than a self-assessment that deems your company is compliant. Companies must ensure that they are compliant, but they can do the audits and assessments on their own, without the help or use of an outside entity.

Additionally, even with a third party certification, you and your company are still responsible for ensuring compliance. There is no safe harbor or protection from violations by having a third party certification.

While there is no legal obligation, you may want to consider becoming HIPAA certified anyway. The law requires HIPAA compliance when any personally identifiable medical information about a patient is handled by your application and shared with a Covered Entity (such as a doctors office.) The law refers to this information as Protected Health Information or PHI.

Doctors, nurses, and other professionals in the healthcare field have to be HIPAA certified and retrained regularly. And as of September 2013, all companies that work with Covered Entities, called Business Associates, must be HIPAA compliant as well. If you’re building an application that manages, stores, or shares PHI with covered entities you fall under HIPAA regulations.

The Benefits of HIPAA Certification

HIPAA was written nearly twenty years ago, and can be difficult to navigate due to it’s age, repeated updates, and wide regulatory reach. Figuring it out for yourself can be daunting. Getting certified as HIPAA compliant as a developer can help ensure you have the systems and processes in place to properly safeguard PHI and meet compliance standards outlined by the law. When you work with a compliance specialist you’ll have someone who knows the right questions to ask, what to look for, and understand how the law applies to your software application.

To ensure that any apps or software you develop are HIPAA compliant, completing a certification process will accomplish three things: 1. You will know the laws and regulations surrounding HIPAA compliance and how to best manage the PHI collected by your software. 2. You will have a knowledgeable person or entity asking the right questions and looking for potential violations you are unaware of. 3. Your certification may assist you in securing new partnerships with Covered Entities who will need to ensure your compliance before taking data from your application.

How do you become HIPAA certified?

There are a number of different programs and providers, but they all typically follow a similar process. Before you choose a provider however, ensure that they are reputable. If they promote any kind of message that the law requires certification, walk away. That’s a red flag.

Step One: Determining HIPAA Certification Level

As you do your research you’ll find that certification providers offer several different levels of HIPAA certification that focus on the different parts of the law and job functions that typically go into managing PHI. You’ll find certifications on privacy, security, HIPAA awareness, transaction, and becoming a HIPAA administrator for your company. (How to Get HIPAA Certification)

The first thing you need to do is determine what level you wish to obtain and which employees will be certified for which roles. This will depend purely on what you will be doing, how much data you will handle, and your role in developing the app or device.

As a developer the transaction and security certifications are typically most relevant as they are focused specifically on electronic data handling, medical application development and PHI encryption. Other team members may desire different certifications based on their role in the company.

Because the Final Omnibus Rule that was passed in September of 2013 is most relevant to you as a third party developer of applications who transact with covered entities, you’ll want to ensure that the compliance course has been updated to account for those rule changes.

Step Two: Completing HIPAA Training

The next step is completing the provider’s HIPAA training program. HIPAA awareness certification goes through the basic information about the law, while certifications for privacy and administrator levels are much more advanced. As mentioned above, the transaction and security certifications address the issues that come from electronic data handling.

You have a few different options for completing the training depending on the program you choose. Some programs offer self-paced online courses while others include classroom and seminar time. In some cases, certification centers will even allow you to offer a private course at your company, which is probably useful if you want to certify a large number of employees at once. Costs vary so you may want to shop around to see what options are available to you.

Step Four: The HIPAA Certification Test

After you have completed the training, most providers will require you to pass a certification test. If you choose the most basic of the HIPAA certifications you may not have to take an exam. However, any of the in-depth options will likely require passing a test with a minimum acceptable grade before being certified.

There are no specific government standards for the testing process, and that means the exam can vary widely from one training center to another and from one type of certification to another. Additionally, the actual titles of the certifications can be different from one program to the next. You’ll want to pay attention to the descriptions of the course to ensure you’re getting certified with the qualifications you’re looking for.

Step Five: Keeping Up to Date

Even after you’ve been HIPAA certified, you’ll want to keep up to date on changes to the law through the US Department of Health and Human Services website. HIPAA information is updated regularly, and it’s important you stay on top of any changes to ensure you remain in compliance.

Of course, you don’t have to go through the training at all and can get all the compliance information through the US Department of Health and Human Services website. You can even develop your own in-house training for employees. Documenting this program and process is essential should HHS audit you down the line.

Other Considerations

In addition to the formal training, you may want to consider having other employees who aren’t directly involved in the handling of PHI to sign a HIPAA awareness form. This simply states that they know HIPAA exists and they know what it is about. This is a good way to create extra awareness around your company and ensure that there aren’t any accidental breaches of private data.

If you are building applications for the healthcare industry that will fall under HIPAA guidelines, the becoming HIPAA certified might be worthwhile. Of course, making your application HIPAA compliant in the first place can take considerable time and effort. That’s why TrueVault created the first HIPAA-compliant secure healthcare API for applications.

With TrueVault, any PHI resides within TrueVault’s HIPAA compliant environment and is transmitted securely via our RESTful API. That means as a developer you can spend more time on building your application and less time worrying about compliance and red tape.

However, whether you decide to seek a HIPAA certification or not, if you are developing healthcare apps that may collect, store or transmit protected health information, it’s critical that you comply with HIPAA guidelines. For more information, checkout our Developers Guide to HIPAA Compliance on GitHub.

Resources: How to Get HIPAA Certification: http://smallbusiness.chron.com/hipaa-certification-2810.html Health Information Privacy: http://www.hhs.gov/ocr/privacy/

TAGGED:HIPAA
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

engineer fitting prosthetic arm
How Social Security Disability Shapes Access to Care and Everyday Health
Health care
August 20, 2025
a woman explaining the document
How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
Public Health
August 20, 2025
physiotherapist at work
How One Fall Can Lead to a Long Road of Medical Complications
Health care
August 20, 2025
Common Healthcare Accreditation Programs
7 Most Common Healthcare Accreditation Programs: Which Should You Use?
Health News
August 20, 2025

You Might also Like

Amping Up Community Dialogue

August 6, 2014

Australian Providers Now Have Access to TotalExam

June 23, 2012
patient engagement
eHealthHospital Administration

Person-Centered HealthCare: What Makes a Patient-Centered Provider Website?

April 5, 2013
Telemedicine
BusinessMedical DevicesMobile HealthNewsTechnology

Video:Telemedicine on the Frontier

April 21, 2012
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?