Certification Tests

Professional Certification and HIPAA

It seems no one questions what a college degree means. At the Baccalaureate level it represents that the holder has completed some course of study competently and is now ready to apply the knowledge gained in the working world, but frequently has little to no relevant work experience. Holders of Master’s degrees are accorded higher status in the given area, with learning and experience (often assumed) more focused and deeper than the undergraduate. And holders of Doctorates are revered as true experts in their fields and become court wizards for Presidents and Captains of Industry. But I digress…

When we consider hiring an entry-level individual we look at their history and credentials to determine a suitable match. Typically, we are often seeking basic knowledge, drive, and attitude, while we seldom require more than modest experience in the area. For advanced roles, advanced degrees and substantial experience are pivotal, and they come in ready to run with minimal startup time expected. Still, even with such things on their CV and our gentle interrogation at an interview, we still have no independent assurance of their ability to apply the knowledge and execute effectively.

Everyone must start somewhere, and those of us who hire them need some way to discriminate between candidates to make the best possible decision for hiring or promotion. This is where professional certifications enter the process and add vital information to improve the quality of our decision-making.

Unlike a college degree program that is built on a foundation of the “pure” and “applied” book learning, and then verifies the somewhat clinically-acquired knowledge by examination, a certification frequently starts with an individual that has verified experience already in the real-world environment. The program then puts them through a skills-focused course that integrates knowledge with the experience by filling gaps, solidifying a better conceptual foundation, and proves competence through labs and examinations.

In a field like healthcare, a field that already requires independent certification of products, accreditation of facilities, licensing of workforce members, it is natural to require certification of those entrusted with the safeguarding of the information used in it. Given how this information can be used or misused in delivering care, justifying payment, documenting claims and treatments and the myriad other uses it has, it seems all but imperative that those professionals charged with its protection need not only the foundational knowledge but proof of performance and capability to do this extremely important job.

The systems and networks in use in a hospital, as an example, are of the same type used anywhere else; but the similarity could very easily stop there. Access control, wireless networks, biometrics, Internet usage, electronic transactions, privacy and all the rest are more widely variable in their configurations and service needs that anywhere else. Add to this the necessary integration with a vast array of devices and machines that test, irradiate, monitor, and report on every action of a human body – not to mention that they all do what they do in their own unique languages on incompatible protocols. Crowning this is that all of these generate information that must then be normalized, homogenized and standardized to flow into the administrative systems for management of resources, payments processing, strategic planning, and all other business functions.

Is it any wonder that certification of the IT professionals that work on these is becoming more a requirement than an option? This is especially true with respect to security and privacy and the wealth of laws that now govern them. The professional in such a role must grasp not just the technological component, but must also understand the regulations involved, the consequences of noncompliance, clinical data needs, and the business processes of the organization in which these all work; sometimes cohesively, many times not.

The professionals doing this work normally have years of experience, and are frequently holders of the CISSP, CISA, CIPP, or CISM certifications, which are industry standard general certifications in (respectively) IT security, IT audit, privacy, and IT processes and governance. A specialist certification like the Certified HIPAA Privacy and Security Expert (CHPSE) adds a proven credential focused on a crucially important are in today’s healthcare world.

These same holders frequently have degrees, often at the advanced level. Having the certification provides clear evidence of competence and capability. It adds clear and significant value: for the holder, it sets them apart from their peers, and for the employer it provides increased confidence in a candidate’s qualifications, and reduced risk of making a poor selection for the role. Even so, the importance of actually verifying credentials, background, employment history and references cannot be overstated.

There is no denying the importance of a degree: it is a strong and positive indicator of potential to perform and grow at a tactical level. Advanced degrees bring further evidence of the individual’s ability to grow and expand, and to apply the tactical experience gained in more strategic ways. There is still no substitute for demonstrated experience and performance, and these are the key elements that professional certifications, like the CHPSE, contribute. It is an important form of risk reduction; something we do in our environments, our systems and networks, and our resources management processes in our healthcare operations. It enables us to reduce the risk, and thus increase our trust in the most important resource we have to deliver quality service in healthcare: our people.