Q&A: HIPAA certification compliance
Compliance Monitor, October 14, 2009
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Q: Are we required to “certify” our organization’s compliance with the HIPAA Security standards?
A:
No, there is no standard or implementation specification that requires a covered entity to “certify” compliance. The evaluation standard § 164.308(a)(8) requires covered entities to perform a periodic technical and nontechnical evaluation that establishes the extent to which an entity’s security policies and procedures meet the security requirements.
The evaluation can be performed internally by the covered entity or by an external organization that provide evaluations or “certification” services. A covered entity may make the business decision to have an external organization perform these types of services. It is important to note that Health and Human Services does not endorse or otherwise recognize private organizations’ “certifications,” and such certifications do not absolve covered entities of their legal obligations under the Security Rule. Moreover, performance of a “certification” by an external organization does not preclude Health and Human Services from subsequently finding a security violation.
This Q&A is adapted from the CMS FAQ website page. To view this and other FAQs click here.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Mammography Regulation and Reimbursement Report
Comply with FDA regulations and interpret the Mammography Quality Standards Act with Mammography Regulation Report.
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Laboratory Compliance Insider
Each month with Laboratory Compliance Insider you get more of our exclusive working tools: model guidelines, policies...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
Most Popular
- Articles
-
- Q/A: Billing telemetry daily monitoring
- Credentialing monthly: What is the role of the credentials committee in addressing unprofessional conduct?
- 2010 ICD-9 code updates now available online
- Master modifiers to ensure accurate reimbursement
- H1N1 hits Maine facility
- Radiologist indicted for fraudulently signing reports
- Don’t be scared into silence: Affiliation letter safeguards allow you to disclose more
- National Quality Forum creates standardized set of data for electronic health records
- New report reveals $47 billion in Medicare fraud
- Understand the H1N1 Flu and how to code it
- E-mailed
-
- Credentialing monthly: What is the role of the credentials committee in addressing unprofessional conduct?
- Q/A: Billing telemetry daily monitoring
- New report reveals $47 billion in Medicare fraud
- Radiologist indicted for fraudulently signing reports
- Revised MS.1.20 'huge improvement', out for comment again
- H1N1 hits Maine facility
- Briefings on Outpatient Rehab Reimbursement and Regulations, December 2009
- Hand hygiene rates improved through variety of reinforcement styles
- Press Ganey report: Patient satisfaction increasing across the country
- Residency Program Alert, December 2009
- Searched