The HIPAA Institute

The HIPAA Institute is an organization formed by healthcare industry technology and security companies.

Our Mission:
To establish a baseline level of proficiency for IT personnel interested in working within the healthcare community.

Getting HIPAA Certified
Getting Accredited
Getting Started

The HIPAA Institute's Certificate of Compliance

The Certificate of Compliance, issued through The HIPAA Institute, represents the gold standard in HIPAA testing and compliance. In order to be awarded a Certificate of Compliance, a medical organization must demonstrate they've met the HIPAA requirements published by the US Government and as further defined by the National Institute for Standards and Technology (NIST).

HIPAA Compliance Testing

Becoming HIPAA compliant involves three components: documentation, a risk assessment, and an employee training program. Achieving HIPAA Compliance means being able to prove each component is in place. In order for a HIPAA Certificate to be issued, each medical facility must demonstrate that they satisfy each component of the requirements.

Employee Training

HIPAA Compliance includes privacy and security training for your employees, as required under Section 164.308(a)(5). The HIPAA Institute will verify that training has been conducted, and that a documented policy is in place to address new hires and re-current training.
Risk Assessment

A Risk Assessment must be conducted and documented. The Assessment must include environmental risk factors as well as hardware and software related risk factors. A Risk Assessment report will be reviewed by a HIPPA Institute inspector prior to issuance of a HIPAA Certificate.
Documentation

Comprehensive documentation of your physicial network, computers and mobile devices, user rights, installed software, backup and disaster recovery plans, and much more need to be in place and verified by The HIPAA Institute inspector.
Regular Checkups

Much like your patients, your security requires regular checkups. Achieving compliance includes regular reviews as required under Section 164.308(a)(5)(7). The HIPAA Institute requires these updates be scheduled and the process to be implemented to be documented.

What Accreditation means to you

The HIPAA Institute's Accreditation provides an IT professional with a proven and documented level of proficiency implementing, configuring, and supporting the security related technology needs of a medical facility specifically as it pertains to HIPAA compliancy.

The Accreditation process

Getting your HIPAA Institute Accreditation is an easy process. First, complete the registration form on the next tab. You will then be contacted by a HIPAA Institute representative who will verify you meet the requirements described below. The third step is paying a one time fee that is determined by your current certifications. Fees range from free to $5,000.The fourth step is taking The HIPAA Institute's HIPAA Comprehension Exam. The test is comprised of questions regarding your understanding of the HIPAA laws, specifically as they pertain to medical office compliance, as well as general security related IT questions. The test consits of 50 questions and can be completed by most IT professionals in about 30 minutes.

Accreditation Requirements

To be qualified for Accreditation, an IT Professional:

You demonstrate a thorough understanding of the security and privacy requirements a medical facility must comply with by passing The HIPAA Institute's HIPAA Comprehension Exam; AND
2 years of full time employment as an IT Professional engaged in the day to day management of server/client based network environments, including the implementation and configuration of commercial firewalls; OR
You are CompTIA Security+ certified or higher; OR
You have an MCSE certificate.

The HIPAA Institute is committed to assisting the IT community in it's awareness and understanding of the HIPAA laws, particularly as they pertain to the protection of Protected Health Information (PHI). If you believe you qualify for a waiver to achieve your Accreditation, please contact us and present your case.