The length of time it takes to get HIPAA certified depends on who is getting certified, the reason for getting certified, the criteria for certification, and how much of the criteria already exists. Consequently, there is no definitive answer to how long does it take to get HIPAA certified.
Taking these variables one-by-one, if an individual takes a HIPAA training course to improve their job prospects, and a certificate of achievement is issued when the course is completed, it will take less time to get HIPAA certified than a healthcare system that undergoes a full compliance assessment to get a certificate that demonstrates a good faith effort to comply with HIPAA.
It is also the case that some certification processes can be more complex than others. Returning to HIPAA training, some courses issue a certificate of achievement for watching a 30 minute video, while others require students to complete dozens of modules and answer a test after every one to ensure the students have absorbed what they were taught.
The difference in course criteria might not be a problem is the objective of the video is to raise an individual’s existing level of knowledge to a point where they qualify for a promotion; but it can be a problem for both students and prospective employers if a HIPAA certification implies a student has a full understanding of HIPAA when, in fact, their knowledge is negligible.
How Long for Organizations to Get HIPAA Certified?
The same issue can affect HIPAA certification programs for organizations. Many program vendors offer HIPAA certification based solely on compliance with the Security and Breach Notification Rules. While this may be suitable for some organizations that qualify as business associates, the criteria for certification in this case would not be suitable for covered entities.
Additionally, because most HIPAA certification programs are “off-the-shelf”, they fail to take into account any unique circumstances, any additional compliance requirements, or any existing measures which would make an organization 90% compliant before undertaking the course – thus making the program quicker to complete, without guaranteeing compliance.
While being able to “tick the box” of compliance may satisfy the C-Suite, it is important to note that the Department of Health and Human Services does not endorse HIPAA certification programs and has stated that getting a HIPAA certification does not absolve covered entities and business associates from their legal obligation to comply with HIPAA.
How Long Does It Take to Get HIPAA Certified? Summary
For individuals and organizations looking to get HIPAA certification, the question should not be how long does it take to get HIPAA certified, but how will I/we benefit from being HIPAA certified. Certainly there is a case for individuals to take a HIPAA training course to improve their job prospects, provided the course being taken satisfies an employer’s requirements.
There is also a case for organizations to undergo third party HIPAA assessments to identify gaps in HIPAA compliance that may have been overlooked. If these assessments result in getting HIPAA certified, and the HIPAA certification qualifies as a good faith effort to comply with HIPAA, the certification could be worthwhile in the event of an HHS investigation into a data breach.
However, as mentioned previously, because of the “who, why, and what” variables, there is no definitive answer to how long does it take to get HIPAA certified.