HIPAA Security Certification – Worth the Price?

Is becoming Certified HIPAA Security Professional (CHSP) certified a good career move? Is giving your selected employees the opportunity to achieve the CHSP a good corporate move? The demand for professionals trained in Security and in particular HIPAA Security data breaches is on the move. Those breaches cost the industry $5.6 billion each year. Data breaches targeting medical records is increasing daily. The stolen information’s value is increasing daily.

Most data breaches a few years ago were caused by stolen laptops, unencrypted thumb drives, operator error, etc. Even today, many Healthcare IT professionals feel that these types of breaches make up the majority of the breaches. Too many also feel it couldn’t happen to them. Let’s see some examples of why organizations might want to be prepared. Recently Community Health had a breach of patient information of 4.5 million patients’ data, including names, addresses, birth dates, telephone numbers and Social Security numbers.

St. Joseph Health System (SJHS) in Texas reported a data breach at the beginning of the year that has affected more than 405,000 patients, employees, and employee beneficiaries. Information was reportedly accessed through a single server by hackers from China and other locations. The data included patient names, birth dates, Social Security numbers, and possibly addresses. Medical information for patients was accessible, as well as bank information for current and former employees. A group of hackers breached an agency server of the Department of Public Health and Human Services. This breach continued for a year starting from July 2013 and it resulted in losing data of 1.3 million people

Onsite Health Diagnostics (OHD), a Tennessee government subcontractor, announced over the summer that an unknown party had inappropriately accessed its online scheduler early in the year. It was reported at the time that the source gained access to 60,582 employee data, such as names, date of birth, addresses, email addresses, phone numbers and gender

Other than the breach itself, is any real damage being done? UPMC knows the answer to that. The University of Pittsburgh Medical Center says the total number of employees affected by a recent breach of financial information includes just about its entire workforce of 62,000, although it’s not revealing many details about the incident. So far, the beach has led to nearly 800 workers falling victim to federal income tax fraud, as well as the filing of two class action lawsuits.

Boston Children’s, Kaiser Permanente, Tufts Health Plan, Franciscan Medical Group, Garden City, New York-based NRAD Medical Associates (97,000). All breached in April 2014. And my favorite – In two OHSU incidents, information on a total of more than 3,000 patients was inappropriately posted in unencrypted spreadsheets using cloud-based e-mail and document storage services from Google. OHSU did not have a business associate agreement with Google.

Will the demand for security continue to increase? If the above examples, don’t illustrate the challenge. Think about all the mobile phones that all over healthcare. Each of those represents another area for possible breaches to occur. Plus, now EHRs are tracking and reporting on any breaches that occur by staff. One way to battle against this is to ensure proper security and privacy training for you and your staff.

So, might this be a significant career move? For employers, is this an important investment consideration? Every day, it looks like security and HIPAA compliance training is a great addition for candidates and an equally important investment for healthcare organizations (including business associates). Data Breaches and attempted data breaches will only increase. What’s the old saying? “Pay me now or pay me later”. It seems to fit well here. Don’t wait, make sure your organization is prepared with proper security and privacy training.

With this in mind, we’ve worked out a $100 discount on the Certified HIPAA Security Professional (CHSP) training for Healthcare IT Today readers. That link will automatically apply the HITC100 promo code and save you $100. If you are a HIPAA compliance officer or want to be one, check out the training. The training only takes 4 hours and will get you up to speed on the latest in HIPAA Compliance.

About the author


Paul Smith


  • What is this course going to provide to materially prepare a healthcare IT professional in a meaningful way? What tangible skills will one take away?

  • Asked another way – what will this course offer that a person using the internet is not able to learn on their own? Apologies for two comments but would like to know more before I register for a course like this. Thanks for any insights.

  • Jay,
    The internet contains most of the information in the world. However, that doesn’t mean that there are great resources on the internet that are focused on a very specific topic like HIPAA security and that are compressed into a beautiful, tight package. That’s what this course offers you.

    If you need to know about HIPAA security for your own software or for a clinic, hospital or other covered entity, then this course will provide you the tangible skills to be able to do that.

    If you don’t work for or with one of those organizations, then it might not be valuable for you.

  • Hi,
    Thinking of registering for next course, do I need to be an IT guru to gain value from this HIPAA security course?

  • Hi Laurie,
    You definitely don’t have to be an IT guru to take this course. In fact, most people that take it aren’t IT gurus.

Click here to post a comment