Back to all glossary articles

HIPAA certification

The Health Insurance Portability and Accountability Act (HIPAA) is a restrictive data security law regulating US healthcare organizations’ use of protected health information (PHI). Covered entities and business associates handling US patients’ PHI are subject to HIPAA.

The Department of Health and Human Services (HHS) doesn’t formally recognize the certification, it can be issued by private companies that specialize in HIPAA certification. HIPAA certification is not an obligatory training program; it is granted after a successful audit. The HIPAA certification audit proves that healthcare organizations met the standards of HIPAA and didn’t violate HIPAA guidelines at the time of the audit. It must be noted that HIPAA certification doesn’t mean the organization is HIPAA compliant. Third-party auditors give the certification, while the official HIPAA compliance process must be completed internally to properly secure patients’ data and avoid penalties and fines.

The course is not official but may better prepare a facility and its workers for achieving and maintaining compliance. It also may serve as a confirmation to patients and business associates that the organization is patient-first and approaches PHI with privacy and care.

Learn more about HIPAA:

A review of HIPAA-compliant analytics platforms Is your analytics project HIPAA-compliant? A complete checklist with 32 questions HIPAA, marketing and advertising: How to run compliant campaigns in healthcare

  • Privacy by design in practice: How “just enough” data beats “just in case” collection

    While collecting more data “just in case” feels safer, according to Matt Gershoff, it’s also one of the biggest sources of unnecessary compliance risk, analytical noise, and wasted organizational resources in the analytics industry today. His approach of “just enough” data collection is more intentional, more aligned with privacy regulation, and often more analytically effective.

  • 4 ways to make your analytics HIPAA-compliant: Implementation guide

    Healthcare organizations have four main approaches to achieving HIPAA-compliant analytics. Each has different trade-offs in cost, technical complexity, and analytics capabilities. This guide compares all four implementation methods – from using Google Analytics with workarounds to deploying fully HIPAA-compliant analytics platforms – so you can choose the right approach for your organization’s needs and resources.

Other definitions

Recent posts from Piwik PRO blog