Certification means verifying secure data transmission, storage, backup, access controls, and all the other policies and procedures you must have in place to protect a patient’s privacy; it is the best method by which any organization can ensure that its computer systems are operating under adequate security protocols. In addition, you must document the certification procedure itself to ensure that, in the future, an independent party can verify its validity. 

Note that the HIPAA final rule renamed the formal term “certification” as the more general term “evaluation.” However, in real life, when you use the term “evaluation,” most vendors won’t know what you are talking about. Thus, for practical purposes your security policy still should incorporate the term “certification.” 

Certifications help demonstrate accountability and can serve as security reference guides. In addition, they can form an outline of the policies, guidelines, and standards used to secure a network. 

Certifications can provide:

  • Accountability. Certification provides tangible proof that a computer system is secure. In the event of a computer system compromise, the certification can become a document of accountability to prove that you made efforts to avoid a breach of security.
  • An outline. The certification requirements will provide you with an outline of policies, guidelines, and standards that you can use to protect a computer system.
  • A point of reference. In the case of an audit, the certification also can provide a point-by-point description as to what was secured, how it was secured, and why it was secured.
  • Without proper certification, your practice has no way to provide evidence that its computer systems are operating at a proper standard of security. However, be sure to research the validity of any certification before placing faith in it. While third-party audits and certifications generally are the most valuable, no standard exists by which to judge the certification itself.
All Rights Reserved © HIPPA.com