Q&A: Certifying your compliance with HIPAA security standards
Compliance Monitor, December 9, 2009
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Q: Does CMS require organizations certify they are compliant with the HIPAA security standards?
A: There is no standard or implementation specification that requires a covered entity to certify compliance. The evaluation standard § 164.308(a)(8) requires covered entities to perform a periodic technical and nontechnical evaluation that establishes the extent to which an entity’s security policies and procedures meet the security requirements. The covered entity or an external organization that provides evaluations or “certification” services may perform an internal evaluation. A covered entity may make the business decision to have an external organization perform these types of services. It is important to note that the Department of Health and Human Services (HHS) does not endorse or otherwise recognize private organizations’ “certifications,” and such “certifications” do not absolve covered entities of their legal obligations under the Security Rule. Moreover, performance of a “certification” by an external organization does not preclude HHS from subsequently finding a security violation.
This Q&A is adapted from the CMS FAQ website page. To view this and other FAQs click here.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Mammography Regulation and Reimbursement Report
Comply with FDA regulations and interpret the Mammography Quality Standards Act with Mammography Regulation Report.
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Laboratory Compliance Insider
Each month with Laboratory Compliance Insider you get more of our exclusive working tools: model guidelines, policies...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
Most Popular
- Articles
-
- Q&A: Notice of privacy practice posting
- Husband and wife plead guilty to HIV infusion fraud scheme
- The National Quality Forum releases 2009 Updates; HFAP adopts safe practices
- Q/A: Billing for six-hour chemotherapy infusion
- HHS announces final rule on meaningful use
- Four CA citizens indicted on 17 counts of Medicare fraud
- Commonwealth Fund report: U.S. healthcare lags behind other countries on performance measures
- The debate continues: Nurses who reported physician to the Texas Medical Board file federal appeal
- Greeley Reflections
- Healthcare systems with more than one hospital can opt for concurrent survey
- E-mailed
-
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- ACDIS seeking new advisory board members
- AHRQ: One out of every eight visits to ED is from mental health and substance abuse patients
- Greeley Reflections
- The role of leaders to mitigate conflict and protect patients
- Choose correct ICD-9-CM codes to effectively screen for medical necessity
- Commonwealth Fund report: U.S. healthcare lags behind other countries on performance measures
- Medication safety group revises its list of high-risk medications
- Clearing up the confusion: CPT codes 76376 and 76377
- Healthcare systems with more than one hospital can opt for concurrent survey
- Searched