HIPAA Certification: What It Is and Why You Need It
The acronym “HIPAA” stands for the Health Insurance Portability and Accountability Act. Enacted in 1996, this act was a crucial part of attempts at healthcare reform. The idea was to ensure that health insurance was portable—so that people didn’t lose their coverage when they changed or lost their jobs. In addition, HIPAA establishes stringent privacy requirements governing the sharing of patient medical records in the United States.
US-based healthcare workers need to understand HIPAA, and earning a certification in HIPAA compliance can make you highly valuable in this industry. Many different companies offer private certifications in HIPAA compliance. These certifications are not approved by the federal government or any overseeing agency, so you’ll need to know what to look for in choosing the right certification. Here’s an overview of the types of certifications available—and how to choose.
Types of HIPAA Certification
Privacy and Security Awareness Training. This certification program is one of the few overseen by the federal government. It is required for all Department of Health and Human Resources employees and contractors on an annual basis. This course covers cyber security awareness training as well as role-based information security training for executives, IT administrators, and managers. While not limited to HIPAA, the course does address HIPAA compliance.
Certified HIPAA Professional (CHP). This level-1 certification program covers the ground-level basics of HIPAA compliance as well as the history of the law, and does not ask for educational prerequisites. This is ideal for employees at healthcare organizations who have access to personal health information; this certification has broad applications and anyone from healthcare providers to administrative staff, executives, supervisors, and IT security staff could make good use of it.
Certified HIPAA Administrator (CHA). This certification is more in-depth, and most useful to those who directly deliver or oversee the delivery of healthcare services. This includes nurses as well as hospital administrators. This certification is most concerned with data privacy compliance, and focuses on the ways in which the HIPAA legislation affects patients and the dissemination of their sensitive medical information. Those with this certification can be expected to understand both how to comply with HIPAA requirements and how these requirements affect patients on a day-to-day basis.
Certified HIPAA Security Specialist (CHSS). This higher-level certification requires that applicants already hold a Certified HIPAA Professional (CHP) certification. The CHSS qualification looks at the technical aspects of HIPAA compliance, including security standards and practices and how they apply to the storage and management of electronic medical records. It is generally designed for IT employees working in the healthcare field.
Why is HIPAA Training Important?
HIPAA’s requirements are highly complex, and a violation could result in millions in fines and even criminal indictments for companies. Here are just a few reasons why HIPAA training is so crucial.
Because HIPAA violations can seem innocuous. It isn’t enough to know not to give out patient information to unauthorized third parties. Behaviors that seem innocuous can also be HIPAA violations. Here are a few examples:
- You leave your desk at work for five minutes, accidentally leaving a patient folder open containing personally identifiable information.
- You email company or patient information to yourself at your personal email address so you can keep working at home.
- You discuss private patient information with a co-worker in a public area, such as a lobby, cafeteria, or elevator.
- You forget to log off your computer at work before going home, and the computer contains personal patient information.
Because the right culture is important. One thing HIPAA training tries to do is foster a culture that allows employees to report a violation without fear of retaliation. It’s important for all healthcare workplaces to have open-door policies and allow anonymous reporting. There have been cases where named whistleblowers have received monetary compensation from penalties levied on a company, and encouraging anonymous reporting helps prevent a culture where whistleblowers may report violations for compensation.
Because patient information is highly vulnerable. In addition to daily risks at all levels of an organization, patient information is digitally vulnerable. It’s also crucial to have a strong cyber-security system and team in place to prevent data breaches. Without those, physician contact information and protected health information is vulnerable to hackers. Employees can easily sell patient information, and outside hackers could steal it. This recently happened to health insurance company Anthem.
HIPAA certification programs are typically not designed to train employees in cyber security. But making sure everyone who needs it has that certification creates an important culture of awareness that can work in tandem with strong cyber-security measures to ensure patient information stays safe.
How to Choose a HIPAA Certification Program
There are many different providers to choose from. Since the government does not endorse or regulate the companies that provide this type of certification, making a selection can be difficult. Here’s an overview of how to narrow down your list.
Ask your employer. Check with your employer to see if they have a preferred provider. This will ensure that your employer will accept the certification you have, and that the program provides the type of information you’ll most likely need at your job.
Check with colleagues. Do others in your field have a HIPAA certification? If so, where did they earn theirs—and what was their experience? How useful did they find the certification in their day-to-day work? Asking others who’ve been through the certification process can help you get a sense of what different programs are like.
Evaluate the provider. How long has the provider been in business? What type of training do they offer—and do you learn best that way? Often, the best providers offer a variety of training methods—through text, video, and online discussion forums, among other methods. Can you talk to a live person on the phone, or is the customer service only available through email or online chat?
Get reviews from former students. Once you’ve narrowed down your list to a few providers, look around online for reviews. See what other people say about the certification. If you can, talk to a few former students. Ideally, the certification you choose will be in-depth, easy to access, and be widely accepted by employers.
It’s not just administrators who need HIPAA certification. Anyone who handles patient data on a daily basis, from IT professionals to nurses and other healthcare providers, could benefit from this certification. There are plenty of options out there—but with some time spent in research, you should be able to find the right certification and the right provider for your job.
Choosing a HIPAA Certification Provider: A Checklist
__The certifying provider has been in business for five or more years.
__There is a phone number allowing you to reach a real customer service person.
__The provider offers training in your preferred method (i.e. videos, class discussions, etc.) or offers training for many different types of learners.
__Your employer will accept the provider’s certification card.
__Previous students speak well of the provider.