MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

Do Your Tools and Services Help You Comply with HIPAA / HITECH Act Registrations?

Posted September 23, 2013by Rob Autor

iStock_000014954811XSmall

The new HIPAA regulations are making us all work harder to protect the privacy of patient health information – and for good reason considering the growing use of electronic medical records. Right now managed services providers (MSPs) need to understand their status and requirements as “business associates” in order to comply with the Omnibus Rule and final implementation deadline of September 23, 2013.

Those MSPs that qualify as business associates must implement their own HIPAA compliance program so that they can sign Business Associate Agreements with their healthcare clients and protect themselves from liability. HIPAA requirements are broad – encompassing administrative, technical and physical controls. Since virtually all MSPs use third-party tools and services to serve their clients, they should ensure that they are using these properly to enhance their information security programs.


Obtain Business Associate Agreements (BAAs) from Vendors

MSPs that are required to sign BAAs with their clients may in turn need to obtain signed BAAs from their providers. For example, MSPs may need BAAs from their professional services automation (PSA), remote monitoring and management (RMM), backup and disaster recovery (BDR), and cloud or data center vendors, particularly if they are hosting client protected health information (PHI) off site.

Secure Access

Ensure that your third-party tools can only be accessed by authorized personnel.  Take advantage of access control features such as multi-factor authentication and enforce minimum password length and rigorous password complexity requirements.    

Encryption

Only transmit and store critical data in encrypted form. For example, passwords and PHI should always be encrypted during transmission and storage. And ensure your solutions use strong encryption algorithms such as AES-256. 

End-User Authentication

When you or your service providers are speaking directly with your clients, how are they authenticated? Review end-user authentication processes to ensure that only authorized personnel receive service.

Patching/Antivirus/Anti-malware

Most MSPs are quite disciplined about ensuring that their clients’ environments have the latest patches and up-to-date AV and anti-malware software. Third-party RMM tools help by automating assessment, deployment and out-of-compliance reporting. It’s equally critical that MSPs themselves follow best practices for their own environments and confirm that their providers do the same. 


In a new era of stricter privacy regulations, it’s more important than ever for MSPs to be equipped with the best possible backend tools and services, and ensure sure that both they and their healthcare clients meet HIPAA requirements.  Continuum has achieved HIPAA compliance and is focused on helping our MSP partners to do the same.  Continuum’s RMM platform and integrated services support and enable the security best practices described above.  And Continuum is prepared to sign BAAs with its MSP partners that require them.

 

To learn more about compliance, visit our HIPAA Resource Center.

HIPAA Resource Center

Rob is an operations and technology management wiz with a range of experience at companies like Sallie Mae, Price Waterhouse. He is responsible for driving superior service quality at Continuum’s network operations center (NOC) and Help Desk. Rob is also responsible for Continuum’s IT Division. When he was a kid, Rob wanted to be a professional tennis player. Now he’s our Senior Vice President of Global Service Delivery. He loves this business because he can build a world-class business bringing leading-edge technology to small businesses.

Topics: Industry News

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus