HIPAA Server Compliance vs Certification: What’s the Difference?
The issue of HIPAA server compliance vs certification is simple to explain: compliance refers to following a set of rules, imposed by a governmental body. Following the rules is required, not optional. Certification refers to receipt of an award or other document of completion, given to someone to indicate he or she has completed a course of education. Completion of the educational course, whether offered by a private entity or a governmental entity, is optional; that is, the law does not require that the course be completed. The issue of HIPAA server compliance vs certification is discussed in greater detail below.
HIPAA Server Compliance vs Certification: Who Does What?
HIPAA server compliance consists of maintaining an organization’s server in accordance with the HIPAA Security Rule’s administrative, physical, and technical safeguard provisions.
Do you have an effective HIPAA compliance program? Find out now by completing the HIPAA compliance checklist.
The administrative safeguard requirement of the HIPAA Security Rule dictates that covered entities and business associates implement security management practices. To do this, organizations must implement policies and procedures designed to prevent, detect, contain, and correct security violations.
One of the most important administrative safeguard provisions is the requirement for covered entities and business associates to perform a risk analysis for each server. The analysis is necessary to determine whether the server’s existing security measures are reasonable and appropriate.
A server risk analysis process includes the following activities: