May 1, 2010

HIPAA Certification: Who needs it?

Categories: HIPAA Certification, Hipaa Law
Written By: admin

Department of Health and Human Services is responsible for enforcing and managing (HIPAA) Health Insurance Portability and Accountability Act. The department mandates certifications for various entities in the compliance of this law. There are no official companies which provide these certifications.

The covered entities, which include hospitals, health care providers, health insurance companies, doctors, etc., are required conduct evaluations which classify the extent to which covered entities comply with the requirements of HIPAA law. These evaluations can be done internally or externally by an organization which will provide a certification that the entity’s policies and procedures regarding security of data are in compliance with the law.

Here, it should be noted that an individual who has the access to confidential identifiable information of people, doesn’t require having HIPAA certification. Rather, he or she must undergo training to learn the right methods to handle the data.

Following entities require HIPAA certification:

  1. Covered Entity – Every conduct entity is required comply with each and every rule listed in HIPAA. The HHS office of General (OIG) conduct regular audits and inspections to ensure that all the security and privacy rules are being followed. These inspections are done onsite and prior information is sent to the entity. OIG provides a list of documents that a covered entity must provide during the inspection.
  1. Business Associates – Every business associate of a covered entity is required to get HIPAA compliance certification. Business associates must comply with the terms f Business associate agreement they have entered with a covered entity. If a business associate is not in compliance with the HIPAA, as per its agreement, then its contract may be terminated and the firm can also be fined.

Business associates must create their Privacy and Security procedures and policies according to HIPAA law. Risk analysis and disaster recovery plan should also be conducted.

HIPAA certification is a way of proving that a covered entity is working according to the requirements given by HIPAA. The entity can prove that it is taking essential steps in securing private health information of every individual under its jurisdiction. It also establishes whether disclosure of information is being performed in the correct manner or not.

Related Hipaa Posts

Leave a Reply

Browse Posts By Category

Choose a category below to browse and subscribe to specific content.

Subscribe

Stay updated with Hipaa.In via RSS (Syndicate).

Featured & Popular Articles