What are the Different Certified HIPAA Designations?

There are several types of certified HIPAA designations, including Certified HIPAA Professional, Certified HIPAA Administrator, and Certified HIPAA Privacy Associate. There is also a certification for healthcare providers. The following discusses the differences between these designations.

Certified HIPAA Professional

A Certified HIPAA Professional (CHP) is a certification that is suitable for a variety of members within a HIPAA-beholden organization including Compliance Officers, Privacy Officers, Security Officers, and Chief Information Officers. Becoming a Certified HIPAA Professional allows for a better understanding of the requirements set forth by HIPAA, such as implementing HIPAA compliant policies and procedures, patient confidentiality, and HIPAA security requirements. Completing a CHP enables professionals to determine what their organization needs to be HIPAA compliant.

• Policies and procedures. Dictate the proper uses and disclosures of protected health information (PHI).
• Patient confidentiality. Requires organizations working with PHI to access only the minimum necessary PHI to perform a job function. It also requires organizations to receive patient consent to share PHI other than for treatment, payment, or healthcare operation functions.
• HIPAA security requirements. Requires organizations to secure PHI through security measures such as encryption, firewalls, and data backup.

Certified HIPAA Administrator

A Certified HIPAA Administrator is a certification that is suitable for administrative staff members. Through the Certified HIPAA Administrator (CHA) certification, staff members’ knowledge of HIPAA Privacy Rule requirements are affirmed. The CHA covers a brief background of HIPAA, the HIPAA Privacy Rule, the HITECH Act and Final Rule, who needs to comply with HIPAA, and HIPAA fines and penalties.  

• HIPAA. Enacted in 1996 to create industry standards ensuring the confidentiality, integrity, and availability of PHI.
• HIPAA Privacy Rule. Requires healthcare providers to adhere to the minimum necessary standard and provide patients with a Notice of Privacy Practices (NPP), among other privacy requirements.
• HITECH Act. Expanded the scope of privacy and security protections for electronic protected health information (ePHI).
• Final Rule. Requires PHI breaches to be reported to the Department of Health and Human Services (HHS), affected individuals, and for breaches affecting more than 500 individuals, the media.
• Who needs to comply with HIPAA. Any organization that creates, receives, transmits, stores, or maintains PHI is required to be HIPAA compliant. This includes covered entities, HIPAA business associates, and managed service providers with healthcare clients.
• HIPAA fines and penalties. Organizations that are not HIPAA compliant are subject to HIPAA fines and remediation efforts. Fine amounts are divided into four tiers and are issued based on perceived negligence.

Certified HIPAA Privacy Associate

A Certified HIPAA Privacy Associate is a certification that is suitable for entry-level healthcare professionals, as well as insurance brokers, business associates, lab technicians, and pharmacy staff. The Certified HIPAA Privacy Associate certification provides HIPAA training on the HIPAA Privacy and Security Rules.

• HIPAA training. Required to be conducted annually, HIPAA training should include material on HIPAA standards and an organization’s internal policies and procedures.
• HIPAA Security Rule. Requires ePHI to be secured to prevent unauthorized access.

Certification for Healthcare Providers

A certification for healthcare providers can take many forms, such as Cardiopulmonary resuscitation (CPR) training, Basic Life Support (BLS) training, Automated External Defibrillator (AED) training, and many more. A certification for healthcare providers varies depending on the providers job function. Some healthcare providers should be certified in all the above mentioned certifications, while others may not need any of these certifications.

• Cardiopulmonary Resuscitation (CPR) Training. Provides healthcare professionals with the knowledge to revive a patient that has gone into cardiac arrest.
• Basic Life Support (BLS) Training. Provides first responders with the knowledge to sustain patients with life-threatening injuries until they can be treated at a hospital.
• Automated External Defibrillator (AED) Training. Teaches first responders on how to use a portable defibrillator to revive patients that are not responding to CPR.