HIPAA Certified: Not So Fast
HIPAA Certified: Not So Fast
A healthcare organization is looking for a new electronic medical record, secure messaging application or any other solution. It compares a number of vendors, product features and gets close to choosing one. Just before making the ultimate decision, someone asks, what about HIPAA? As this question enters the discussion, another person says that the chosen product is HIPAA “certified.” Hearing that the product is certified, everyone is satisfied and thinks that HIPAA obligations are all set. Unfortunately, HIPAA “certification” does not settle any issue.
The question of certification is one that has been around almost as long as HIPAA itself. From the legal perspective, certification is not even worth the paper it is printed on. The government, specifically the HHS Office for Civil Rights, does not contemplate certification of HIPAA compliance, nor does it authorize any third party to provide an “official” certification. This fact is revealed in a longstanding “Frequently Asked Question” from OCR. As such, any company or product advertising HIPAA certification is providing an unverifiable statement. Since OCR does not endorse or recognize certification, questions should be asked about any product claiming certification. A buyer cannot feel comfortable just be seeing the “certification.”…
Continue Reading this Article by Matt Fisher at Hitech Answers
Be The First To Comment!
New comments are no longer accepted on this article.