There Is No Such Thing as HIPAA Certification. Let’s Stop Pretending There Is.
HIPAA compliance is not a trophy you win once and keep on the shelf. It is a working system: policies people actually follow, access controls that match job duties, audit logs someone reviews, breach procedures that have been thought through before a bad day, business associate agreements that reflect the real service being provided, and a risk analysis that is more than a stale template with today’s date on it. I have seen certificates that meant the workforce completed a training module. That can be useful. I have seen certificates that meant a consultant did a narrow document review. Also useful, if everyone understands its limits.
