In the electronics industry, the UL stamp of approval means that a product has been deemed safe. But in the healthcare field, there isn’t a single certification that ensures that Protected Health Information is safe – or that risks are being properly managed.

Even if such a silver bullet existed, a certification cannot guarantee that your organization will never suffer a data breach, complaint or penalty from the Office for Civil Rights (OCR).

Any healthcare organization that places its trust solely in the payment card industry standard (PCI-DSS), HITRUST or Service Organization Controls 2 (SOC 2) is on shaky ground. That’s because the OCR has never accepted SOC 2 “opinions”, PCI-DSS audits or HITRUST “certifications” as evidence of compliance with HIPAA regulations. If submitted in response to an investigation or audit, such documentation would be immediately rejected.

Read the entire article at HIT Leaders and News.

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.