My thoughts on AHIMA’s new Healthcare Privacy, Security certification

Jennifer Lubell at Modern Healthcare Online recently posted her nice article on AHIMA’s new privacy and security certification. She writes:

In April, the American Health Information Management Association will offer a new certification aimed at credentialing the healthcare privacy and security industry.

AHIMA essentially combined its Certified in Healthcare Privacy and Certified in Healthcare Security certifications, said a spokeswoman for the organization. The certification aims to reflect advanced competency in designing, implementing and administering comprehensive privacy and security protection programs in all types of healthcare environments and settings.

Since I work on security and privacy issues (like SSO, data privacy, etc) routinely she asked me about my thoughts on the new program and whether it might actually help reduce fraud and abuse so here’s how I feel about the new certification (some of this is quoted in the article).

First, there is certainly value in the certification in that it establishes a base level of knowledge that sets the “minimum bar” for proficiency. It won’t mean that the person with the certification is truly competent but it’s certainly better than not having the certification at all. I say truly competent versus knowledgeable because I believe true competence comes through real experience, something with certification can’t really test or prove.

I think people will sign up for it because consultants and potential employees who need it to get a job will see the value. If a person has significant experience and a good pipeline of work already they probably won’t sign up. However, if a person can’t get a job without the certification (because it’s a minimum requirement for a job), they will go for it.

I do not believe it will actually reduce fraud and abuse, though. Fraud and abuse are usually criminal activities and having more professionals who understand it won’t reduce it in the same way that having more police officers doesn’t always mean less crime. Along with better “policing” (presumably by better trained personnel) the better way to catch fraud is to put in electronic surveillance (like we do in banking and finance). While I don’t think the certification will actually reduce fraud and abuse I do believe that if a company wants to limit their fraud and abuse and wants to know whether someone is qualified to help, the certification may be helpful to weed out unqualified personnel.