Q&A: HIPAA certification compliance
Compliance Monitor, October 14, 2009
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Q: Are we required to “certify” our organization’s compliance with the HIPAA Security standards?
A:
No, there is no standard or implementation specification that requires a covered entity to “certify” compliance. The evaluation standard § 164.308(a)(8) requires covered entities to perform a periodic technical and nontechnical evaluation that establishes the extent to which an entity’s security policies and procedures meet the security requirements.
The evaluation can be performed internally by the covered entity or by an external organization that provide evaluations or “certification” services. A covered entity may make the business decision to have an external organization perform these types of services. It is important to note that Health and Human Services does not endorse or otherwise recognize private organizations’ “certifications,” and such certifications do not absolve covered entities of their legal obligations under the Security Rule. Moreover, performance of a “certification” by an external organization does not preclude Health and Human Services from subsequently finding a security violation.
This Q&A is adapted from the CMS FAQ website page. To view this and other FAQs click here.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- HealthDataInsights posts new issues for medical necessity claims
- New FAQ posted on storing laryngoscope blades
- Q&A: Incidental disclosures and patient privacy
- Sneak Peek: Effort underway to establish caseload benchmarks
- What does case-mix index mean to you?
- Tip: Perform your own internal investigation prior to government audit
- Tip of the Week: Treat faculty orientation like resident orientation
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Topic: CMS, OESS post new security compliance review information, checklist
- E-mailed
-
- What does case-mix index mean to you?
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HHS task force: Consider privacy, security with text messages
- HIPAA Q&A: Flu shot requirement for hospital employees
- Tip: Know the common bunionectomy procedure codes and how to use them
- Code changes should help ease the pain when coding for facet joint injections
- Documentation and coding for toxic metabolic encephalopathy
- News and briefs: UA study links lack of empathy in residents to long shifts
- OB services: Coding inside and outside of the package
- Correctly code for new cardiac, pulmonary rehab benefits
- Searched