Should we look for CISSP, CISA, or other security certification when hiring a consultant to perform our HIPAA security assessments?
HIPAA Weekly Advisor, March 27, 2006
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
HHS does not require the person assessing your security to have these credentials. Much like college degrees, people often hold these certifications on a pedestal and place a higher value on them than necessary. This isn't to say such certifications can't add value and prove a certain baseline of knowledge, but experience, combined with technical and business knowledge, are the best indicators that the person is right for the job.
Your best bet is to look at the applicant's history and check references. However, from a realist's perspective, having a certified individual performing your security assessments does look good on paper-especially in the eyes of executives, business partners, and customers.
Editor's note: Kevin Beaver, CISSP, security consultant with Acworth, GA-based Principle Logic, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- What does case-mix index mean to you?
- Identify potential Medicaid RAC target areas
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched