HIPAA Certification vs Compliance – Do You Know the Difference?

By Stephen Trout

HIPAA Certification & HIPAA Compliance. Should I obtain either or both statuses?

These are common questions that should be addressed when dealing with the protection of medical data and patient records within a HIPAA Compliant hosting environment. First, the differences between HIPAA certification and HIPAA compliance:

  • HIPAA Compliance refers to following the proper rules in accordance with requirements and regulations set forth by policies or guidelines.
  • HIPAA Certification is the process to obtain or be awarded a document or designation to attest a person has completed an educational course.

These statuses cannot be used interchangeably; they each have their own separate purposes. For example, employees and businesses can become “certified” but employees cannot be “compliant.” The difference between the two is that “certification” is obtained by a person or company, whereas “compliance” is maintained by an organization.

HIPAA “Certification” can be obtained by taking an exam to validate knowledge and skills in the core areas of HIPAA regulations and guidelines. It should be noted, however, that Health and Human Services (HHS), the government entity which manages and is responsible for enforcing the HIPAA Rule, does not endorse or otherwise recognize HIPAA Certification as a way to absolve organizations from the legal obligations of the HIPAA Security Rule.

Nevertheless. there are many businesses and websites which offer HIPAA Certification. This “certification” has been designed by private companies that include training and testing, but has not been officially approved by the federal government. Once successfully completed with a passing grade, certification is granted by these companies.

HIPAA Compliance, on the other hand, cannot be achieved by means of taking and passing an exam. HIPAA Compliant companies (known as covered entities, as well as their business associates) are required to perform a periodic evaluation (technical and non-technical) to establish that security policies and procedures meet HIPAA requirements.

When it comes to particular cloud solutions – such as those offered by HIPAA Vault – this evaluation for HIPAA compliance can be verified by independent, third-party auditors and cloud experts. These auditors will perform extensive examinations of controls in data centers, infrastructure, and operations. Still, HHS states there is no one, particular company entrusted to “certify” an organization as HIPAA Compliant.

In summary, there are definitive differences between HIPAA “certification” vs “compliance” when it comes to a hosting provider. HIPAA Compliance is the set of rules and regulations set forth by HHS to follow for proper secure handling and protection of medical information. Following these regulations is vital for compliance. HIPAA certification consists of obtaining credentials which validate understanding of these rules and regulations, but has not have not been approved by HHS.

Learn more about hipaavault HIPAA Compliant Solutions.



Our certifications