The HIPAA Institute

  • The HIPAA Institute is an organization formed by healthcare industry technology and security stake holders.

    Our Mission:
    To establish a baseline level of proficiency for IT personnel interested in working within the healthcare community.

  • To establish and implement a HIPAA compliance certification for Covered Entities and Business Associates

  • To advocate for policies and standards that will enhance the privacy and protection of health information.

Bullet Icon

HIPAA Certification

The HIPAA Certificate, issued through The HIPAA Institute, represents the gold standard in HIPAA testing and compliance. In order to be awarded a HIPAA Certificate, a medical organization must demonstrate they've met the HIPAA requirements published by the US Government and as further defined by the National Institute for Standards and Technology (NIST).

Bullet Icon

HIPAA Compliance Testing

Becoming HIPAA compliant involves three components: documentation, a risk assessment, and an employee training program. Achieving HIPAA Compliance means being able to prove each component is in place. In order for a HIPAA Certificate to be issued, each medical facility must demonstrate that they satisfy each component of the requirements.

  • Bullet Icon

    Employee Training

    HIPAA Compliance includes privacy and security training for your employees, as required under Section 164.308(a)(5). The HIPAA Institute will verify that training has been conducted, and that a documented policy is in place to address new hires and re-current training.

  • Bullet Icon

    Risk Assessment

    A Risk Assessment must be conducted and documented. The Assessment must include environmental risk factors as well as hardware and software related risk factors. A Risk Assessment report will be reviewed by a HIPPA Institute inspector prior to issuance of a HIPAA Certificate.

  • Bullet Icon


    Comprehensive documentation of your physicial network, computers and mobile devices, user rights, installed software, backup and disaster recovery plans, and much more need to be in place and verified by The HIPAA Institute inspector.

  • Bullet Icon

    Regular Checkups

    Much like your patients, your security requires regular checkups. Achieving compliance includes regular reviews as required under Section 164.308(a)(5)(7). The HIPAA Institute requires these updates be scheduled and the process to be implemented to be documented.

What Accreditation means to you

The HIPAA Institute's Accreditation provides an IT professional with a proven and documented level of proficiency implementing, configuring, and supporting the security related technology needs of a medical facility specifically as it pertains to HIPAA compliancy.

The Accreditation process

Getting your HIPAA Institute Accreditation is an easy process. First, complete the registration form on the next tab. You will then be contacted by a HIPAA Institute representative who will verify you meet the requirements described below. The third step is paying a one time fee that is determined by your current certifications. Fees range from free to $5,000.The fourth step is taking The HIPAA Institute's HIPAA Comprehension Exam. The test is comprised of questions regarding your understanding of the HIPAA laws, specifically as they pertain to medical office compliance, as well as general security related IT questions. The test consits of 50 questions and can be completed by most IT professionals in about 30 minutes.

Accreditation Requirements

To be qualified for Accreditation, an IT Professional:

  • Bullet Icon

    You demonstrate a thorough understanding of the security and privacy requirements a medical facility must comply with by passing The HIPAA Institute's HIPAA Comprehension Exam; AND

  • Bullet Icon

    2 years of full time employment as an IT Professional engaged in the day to day management of server/client based network environments, including the implementation and configuration of commercial firewalls; OR

  • Bullet Icon

    You are CompTIA Security+ certified or higher; OR

  • Bullet Icon

    You have an MCSE certificate.

The HIPAA Institute is committed to assisting the IT community in it's awareness and understanding of the HIPAA laws, particularly as they pertain to the protection of Protected Health Information (PHI). If you believe you qualify for a waiver to achieve your Accreditation, please contact us and present your case.

Your Accreditation starts here!

Stay up to date on our advocacy efforts!


Follow Us

You can follow us on any of the social networks for product updates.

  • Delicious
  • Digg
  • Facebook
  • StumbleUpon
  • Twitter

Subscribe for HIPAA updates

Enter your email below to subscribe to our HIPAA Alerts.

© Copyright 2012 - 2017 The HIPAA Institute. All rights reserved.