LuxSci

Does LuxSci have HIPAA certification?

Does LuxSci have HIPAA certification?

We are often asked who or what certifies that LuxSci's HIPAA compliant services are really HIPAA compliant. The short answer is that there is no governmental regulatory body responsible for certifying vendors as HIPAA compliant.

In fact, the HIPAA Final Security Rule specifically states HIPAA does "not assume the task of certifying software and off-the-shelf products" (p. 8352 of the Final Security Rule) nor does it set criteria to accredit independent agencies that do HIPAA certifications.

Per the HIPAA HITECH Act of 2010, two government entities are jointly responsible for regulation and certification of health care technology:

The Office of the National Coordinator for Health Information Technology (ONC) and the National Institute of Standards and Technology (NIST).

As of February 2016, the HITECH legislation only provides for the testing and certification of Electronic Health Records (EHR) programs and modules--this is generally used to qualify health operations to make healthcare organizations eligible for Medicare and Medicaid EHR incentives.

Companies that perform HIPAA certifications are not regulated by any federal accreditation agency.