March 3, 2021
Short answer? Nope. Long answer, having a ‘HIPAA compliant’ seal can actually get you in hot water – just ask SkyMed International, Inc., who was hit with a 20-year corrective plan – no, not by the Office for Civil Rights, but by the Federal Trade Commission (FTC).
FTC? What? That’s right, this recent HIPAA related event actually got a business in trouble for displaying a ‘HIPAA Compliant’ seal, when the organization falsely advertised their ‘compliance’…except that they ended up experiencing a massive data breach exposing the sensitive information of over 130,000 individuals and after investigation were found to be anything but HIPAA compliant.
So, when it comes to those ‘seals of compliance’ you’ve probably heard about or seen around, in most cases they don’t mean anything – and could actually wind up getting a practice in trouble for false advertising. There’s no industry certification around HIPAA – trust us, we would be first in line if there was! – and having a certified statement is also a no-go, since there’s no legitimate organization that offers those certifications to back it up.
If you DO have a HIPAA seal or badge of some kind, don’t panic! That doesn’t mean you’re in trouble – depending on what your seal proclaims. Where the FTC raises the red flag is if there’s any statement of ‘compliance’ included. On the flip side, consumers can get peace of mind when they know their healthcare provider has a compliance program (note, program, not statement OF compliance) in place. So if you indicate that you follow HIPAA best practices, carry on! If, however, your website states that you ARE compliant, you may want to double-check your verbiage before the FTC gets involved.
As much as we wish HIPAA could be as simple as just following a checklist once and receiving a nice shiny badge of compliance that your practice’s website could wear proudly, it’s not. HIPAA compliance is an ongoing process and requires constant review and updates for ANY organization, regardless of their size or specialty. So while a compliance seal isn’t an option – maintaining a complete compliance program is (and a required one at that!)