How long it takes to get HIPAA certified varies depending on the purpose of the certification, the intensity of the certification program, and the depth of knowledge required to get HIPAA certified.
HIPAA certification has two meanings. For an individual, HIPAA certification is recognition for completing a HIPAA training course; while, for an organization, it is a point-in-time accreditation that the organization complies with specific requirements of the HIPAA Administrative Simplification Regulations. Neither is endorsed by HHS’ Office for Civil Rights, but both have their uses.
HIPAA Certification for Individuals (1)
There are two ways for an individual to get HIAA certified. The first is when an individual is a member of a covered entity’s or business associate’s workforce and the covered entity or business associate issues certificates for completing HIPAA training. HIPAA does not require certificates to be issued when training is completed, but some organizations choose to do it to recognize the achievement.
How long does it take to get HIPAA certified for an employer’s training course can vary according to the content of the course. Some workforce members may only need a minimal knowledge of HIPAA if they have administrative roles that require limited access to PHI; while public-facing employees should have a greater depth of knowledge to understand permitted uses and disclosures of PHI.
HIPAA Certification for Individuals (2)
The second way for an individual to get HIPAA certified is through a third-party training course. The difference between an employer’s training course and a third party’s training course is that employers who are covered entities or business associates are required to provide training on HIPAA policies and procedures and security awareness. Third party training courses are more flexible.
Typically, a third party training course will contain the basics of HIPAA – for example, what is the purpose of HIPAA? What is considered PHI? What is the HIPAA Privacy Rule? etc. The purpose of the training course (basic/refresher/advanced), whether the course is full-time or part-time, and the number of modules in the course will determine how long does it take to get HIPAA certified.
The Benefits of HIPAA Certification for Individuals
HIPAA certification for individuals is not only a recognition of achievement. It is also a record of what HIPAA training has been undertaken so that if (for example) you are promoted to a more responsible role, your employer is aware of what training you have been provided with and what further training is required – saving both you and your employer from repeating previously accredited training.
The benefits of third-party HIPAA certification is that it demonstrates to prospective employers you have an understanding of HIPAA. This might not only be important if you are applying for a job with a healthcare provider, but also if you are applying for a job with any business that provides a service for or on behalf of a healthcare provider (i.e., healthcare IT, billing company, legal firm, etc.).
HIPAA Certification for Organizations (1)
Although HHS’ Office for Civil Rights does not endorse HIPAA certifications, the agency acknowledges that covered entities and business associates are required to conduct periodic technical and non-technical evaluations to assess the effectiveness of their security policies and procedures (see §164.308(a)(8)). The evaluations can be done internally or via a third party certification company.
As these evaluations are only required to assess Security Rule compliance, how long does it take to get HIPAA certified can vary from a couple of hours to several weeks depending on the resources required to conduct self-assessments and third party evaluations, the current state of compliance, and the measures that need to be implemented to assure compliance with the Security Rule.
HIPAA Certification for Organizations (2)
Although the HIPAA Privacy Rule does not have the same requirements for periodic evaluations, a HIPAA certification assessment for healthcare providers can help identify gaps in other healthcare-related regulations – for example, the Medicare conditions for participation (including EMTALA compliance and LEIE screening) and the Occupational Safety and Health Regulations for Healthcare.
HIPAA certification for organizations can also be a way to demonstrate compliance with a corrective action plan issued by HHS’ Office for Civil Rights – or HHS’ Centers for Medical and Medicaid Services if the organization has been sanctioned for failing to comply with HIPAA’s Part 162 Regulations. In most cases, a third party accreditation will carry more weight with HHS than a self-assessment.
The Benefits of HIPAA Certification for Organizations
The reason HHS’ Office for Civil Rights does not endorse HIPAA certifications is that HIPAA certifications do not guarantee compliance beyond the point in time the certificate is issued. Nonetheless, achieving a HIPAA certification of compliance demonstrates a good faith effort to comply with HIPAA and can be a mitigating factor if an organization is accused of a HIPAA violation.
Furthermore, achieving a HIPAA certification of compliance does not have to disrupt business operations. Covered entities and business associates can take advantage of HIPAA compliance software that can be customized to each organization’s specific requirements. Thereafter, how long does it take to get HIPAA certified will depend on the purpose of the certification, the intensity of the certification program, and the depth of knowledge required to get HIPAA certified.