Skip Navigation

Certification modifications will change face of compliance

13 March 2014

As previously announced, approved changes to the NAID AAA Certification Program will not take effect until June 2014. Among those changes are two high-profile modifications that will change the way customers view the program and its role in establishing compliance.

One of the alterations will allow customers to request a copy of the NAID Certification Audit Report. The way it is structured, customers will not be allowed to request the report directly from the association but, rather, request it through the service provider. According to NAID Director of Certification Operations Katie Mahoney, this allows the service provider to be aware of who is accessing their report, while still compelling them to provide it to the customer when requested.

“If the customer knows they are able to request the audit report,” said Mahoney. “It is difficult to see how a service provider could decline that request without raising serious concerns, especially when the customer needs a copy of the report to establish their due diligence.”

Another modification likely to get the attention of customers who rely on NAID certified vendors is requiring and validating employee training. 

“With the publicity regarding NAID’s online training reaching the marketplace, it is likely customers will take note,” said Mahoney. “With contractors being the focal point of recent, high profile data breaches, vendors’ protocol for employee training is becoming an increasingly important compliance consideration.”

Mahoney also pointed out that providing the audit report and validating employee training are critical components to the required HIPAA risk assessment.