MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

HIPAA Compliance – What Steps to Take

Posted September 20, 2013by Rob Autor

iStock_000023212938XSmall

 
September 23, 2013 is the deadline for complying with the new HIPAA regulations.  Healthcare facilities and all of their business associates have been heeding HIPAA's rules and regulations for years, and as of September 23, entities that qualify as Business Associates, namely any subcontractor that handles protected health information (PHI), now need to be HIPAA compliant.

 

 

If your managed services business serves healthcare facilities, here is a brief outline of elements for HIPAA compliance. A list this short cannot cover every minute detail of the updated regulations. Rather, it is intended to provide a broad overview.  For more resources, check out Continuum's HIPAA Resource Center.

 

HIPAA Compliance Overview

The new regulations reflect the increased role technology has in the medical field. For instance, patients will now have the right to request electronic copies of privacy policies. 

Here are the things business associates should have completed by September 23, 2013, to bring the facility into compliance with the IT regulations.

check-orangeA risk analysis assessment should have been conducted to determine the vulnerabilities and risks of
      electronic PHI

check-orangeEncryption policies should have been updated

check-orangePortable electronic device policies should have been updated

check-orangeAll data should be encrypted and only sent over secure connections

 

Employee HIPAA Compliance Checklist

All the effort poured into encrypting data and writing policies will be pointless if employees do not follow the policies and heed the new regulations. Every employee of a business associate, regardless of his or her position, should be briefed on the new rules regarding PHI. 

By now, your company should have:

check-orangeTrained all employees on the new regulations

check-orangeDocumented every employee's training

check-orangeEven though all employees have been trained, it may still be a good idea to hold a brief meeting to
      remind everyone of the new regulations going into effect

 

Recovery Checklist

No matter how well-prepared a facility is for the new regulations, there are bound to be breaches. People will make mistakes. The best way to handle a breach is to immediately address the issue, report it appropriately and take action as necessary. 

Before a breach occurs, your company should have:

check-orangeClearly defined how breaches are to be reported and to whom

check-orangePurchased breach insurance

If all of these steps have already been addressed, then you should be prepared for the new HIPAA regulations. Ignoring these items will only lead to penalties; take action today to bring your managed services business into compliance with the new regulations.

 

Check out Continuum's HIPAA Resource Center for more information.

HIPAA Resource Center

Rob is an operations and technology management wiz with a range of experience at companies like Sallie Mae, Price Waterhouse. He is responsible for driving superior service quality at Continuum’s network operations center (NOC) and Help Desk. Rob is also responsible for Continuum’s IT Division. When he was a kid, Rob wanted to be a professional tennis player. Now he’s our Senior Vice President of Global Service Delivery. He loves this business because he can build a world-class business bringing leading-edge technology to small businesses.

Topics: Industry News

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus