top of page
Writer's pictureSherwin Gaddis

Does CMS certify any entity as HIPAA compliant

Updated: Oct 8

No, the Centers for Medicare and Medicaid Services (CMS) does not certify entities as HIPAA compliant. The responsibility for complying with the HIPAA Privacy, Security, and Breach Notification Rules rests with covered entities (such as healthcare providers, health plans, and healthcare clearinghouses) and their business associates.


HIPAA certified can leave you exposed

HIPAA compliance is enforced by the Department of Health and Human Services (HHS), Office for Civil Rights (OCR), which is responsible for investigating complaints and enforcing penalties for noncompliance. However, the OCR does not "certify" entities as HIPAA compliant either. Instead, the OCR conducts audits and investigations to determine whether covered entities and business associates are complying with the HIPAA rules.


Entities that handle protected health information (PHI) must implement and maintain reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI. They must also develop policies and procedures that comply with the HIPAA rules and provide training to their workforce on these policies and procedures.

While there is no official certification process for HIPAA compliance, some third-party organizations offer assessments and audits to evaluate an entity's compliance with the HIPAA rules. These assessments can provide valuable feedback and guidance to covered entities and business associates on ways to improve their HIPAA compliance efforts.


We have a trained HIPAA compliance officer who can help guide you in the right direction to HIPAA compliance if you are worried about your policies and procedures meeting HIPAA requirements.





Our HIPAA compliance officer is waiting to speak with you


21 views0 comments

Bình luận


bottom of page