HIPAA Certification

Migrated from APHA Connect! 2016
In 2016, APHA Connect! was located at its own, separate website. In early 2017, we integrated APHA Connect! with this myAPHA membership site, but we were unable to import the actual discussions from the old site. So, in order to retain those interesting and informative discussions, we have copied and pasted them here to the myAPHA site, minus their old Connect! links.

Find below one of those 2016 discussions. Don’t forget to check out the APHA Connect! Discussion Forums to see if the conversation was continued!

  • #19442

    Gwendolyn Klein


    Hi Everyone,

    Has anyone, or are you all, HIPAA certified? I don’t know that it is a must do, but I am going to get my certification. I found a site where I can get a 2 year certification for $29 http://www.Hipaatraining.com. Does anyone else have any suggestions or thoughts on this?

    Thank you,

  • #19595

    Terry S Merrifield MD


    Here is information from the Health Information Privacy section of the HHS website, posted there in 2003 regarding HIPAA certification:

    “Are we required to “certify” our organization’s compliance with the standards of the Security Rule?


    No, there is no standard or implementation specification that requires a covered entity to “certify” compliance. The evaluation standard § 164.308(a)(8) requires covered entities to perform a periodic technical and non-technical evaluation that establishes the extent to which an entity’s security policies and procedures meet the security requirements. The evaluation can be performed internally by the covered entity or by an external organization that provides evaluations or “certification” services. A covered entity may make the business decision to have an external organization perform these types of services. It is important to note that HHS does not endorse or otherwise recognize private organizations’ “certifications” regarding the Security Rule, and such certifications do not absolve covered entities of their legal obligations under the Security Rule. Moreover, performance of a “certification” by an external organization does not preclude HHS from subsequently finding a security violation.”

    I was not aware that certification services exist, and it sounds like they may be helpful as long as their limitations are recognized. Thank you for your post.

Do NOT follow this link or you will be banned from the site! Scroll to Top