The Benefits of Third Party Verification and Validation

Recent regulatory initiatives like Cybersecurity Maturity Model Certification (CMMC) highlight the government’s belief that HIPAA Security Rule self-assessment is no longer sufficient against today’s risks. To be secure and compliant, the use of a third party is essential to protect data. Like having the right answer in an algebra test, having the right security answer is not enough to pass: you need to show your work to someone who can confirm it.

Recent FTC enforcement actions, like the SkyMed case, illustrate the federal government’s focus on protecting consumer information, and its having little or no tolerance for companies that benefit from promoting false comfort by making unsubstantiated false claims of compliance and security.  

Common sense suggests that a company should display a third party’s “seal,” only if that third party has met or followed a specific set of legitimate criteria to earn the seal.

A World Without Third Party Verification and Validation Is Impossible to Navigate

A world without verification and validation seals is not very realistic – it’s a fantasy land, or perhaps more to the point, a nightmare land. Think about the types of companies that issue third party seals. Good Housekeeping issues its “Seal of Approval” to products that have undergone testing by the Good Housekeeping Research Institute, a private entity. Green Seal awards products that meet life-cycle-based criteria for sustainability. Before Green Seal declares a product as “green,” the company seeking Green Seal’s seal must submit performance testing results, labels, and marketing materials, for rigorous evaluation.

The SOC 1 report is also provided by a third party, in this case an accounting firm. Also known as the Statement on Standards for Attestation Engagements (SSAE) 18, the SOC 1 report addresses an organization’s controls that are likely to be relevant to an audit of a user entity’s (customer’s) financial statements.

Let’s Simplify Compliance

Do you need help verifying your HIPAA compliance? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

These companies – Good Housekeeping, CPAs –  would not exist in a seal-less world. They would be rogue lawbreakers. 

Wait… Good Housekeeping? A lawbreaker? How…

Think this through. If verification and validation seal issuance were illegal, self-regulating organizations and third party accreditation bodies, home inspection services – in short, anyone claiming to certify, verify, or validate anything – would not exist. There would be two groups in the regulatory universe: the regulator and the regulated. The regulated would be unable to enlist the services of a third party in an attempt to differentiate their products or services, or to assist in meeting a set of criteria. The government, with its army of lawyers, could in effect fight freestyle while its regulatory targets would be left to fight with their hands tied behind their backs.

The government, of course, in our real world, is not this unfair. Indeed, federal and state governments recognize or permit third party verification and validation on a routine basis. The government has an interest in ensuring its laws are satisfied, not ignored or misunderstood by companies forced to act as their own compliance consultant/legal advisor.

What is the Benefit of Working with Compliancy Group?

Third Party Verification and Validation

Compliancy Group issues its Seal of Compliance to covered entities and business associates that have undergone our proprietary compliance process using The Guard, our web-based compliance tracking solution. The Guard enables users to complete guided self-audits. To be awarded the Seal, users must make a good-faith effort to complete (and document completion of) the Guard’s:

  • HIPAA-required Audits, Assessments and Remediation Plans
  • Privacy and Security Policy & Procedures
  • HIPAA, Fraud Waste & Abuse Training
  • Employee Training and Attestation Management
  • Business Associate Audits and Management
  • Incident Management Module
  • Reporting and Document Version Control Module

The Guard’s requirements are taken directly from the HIPAA regulations. Our verification and validation is provided with a uniquely personal, and at this point, necessary, touch: dedicated, Compliance Coaches, real people, who guide users through every step of the compliance process. By making a good-faith effort to complete The Guard’s compliance process, a user will be in an enhanced position in the event of an audit by the Department of Health and Human Services. Compliancy Group, through its Audit Response Program, Compliance Coaches, and guided self-audits, assists businesses facing an audit by verifying and validating, through extensive documentation, that a business has made a good-faith effort to comply with the full measure of HIPAA. We don’t create confusion. We erase it. We make sure that you’ve made the effort to satisfy the law, that you’ve put in the work, that you know what’s required of you and how to do it with our help.  In our fifteen years of being in business, no client has ever failed an audit. It’s what’s behind the Seal that matters.