MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

Top 3 Questions MSPs Have About HIPAA Compliance

Posted June 1, 2016by Hunter Smith

HIPAA (Health Insurance Portability and Accountability Act) compliance is a complex, but critical issue for many businesses. For many of these businesses who outsource their IT management needs, the onus for ensuring HIPAA compliance falls on these managed services providers (MSPs), like yourself. Your clients in the healthcare industry will likely pepper you with lots of questions and concerns around staying HIPAA compliant and avoiding the costly consequences of a HIPAA violation.

Here are the three most commonly asked questions about HIPAA compliance for MSPs. 

1. Who’s covered under HIPAA?

Virtually every business that falls under the broad umbrella category of healthcare - from private practice therapists to small doctors’ offices to health insurance companies - has to comply with HIPAA, and that includes the MSPs who manage these healthcare networks and data. Although many of these organizations think primarily about their in-office software and hardware, the truth is that HIPAA well extends beyond those boundaries. For example, if a doctor has access to corporate information or even electronic medical record systems on his or her cell phone, then that device needs to be HIPAA compliant as well.
 

2. Why the recent focus and industry-wide emphasis on HIPAA compliance?

Although the first pass point in HIPAA regulations dates back to 1996, it’s clear that there’s been a real push toward compliance more recently. One of the reasons for this is the new set of requirements that now must be met under the HITECH Act as of September 2013. Among other things, the HITECH Act requires that managed IT services providers sign a business associate agreement. By doing so, you’re assuming liability for dealing with the sensitive data found within electronic Protected Health Information (ePHI); without a business associate agreement in place, you can no longer work on clients’ systems if they require HIPAA compliance. This extends not only to vendors as covered entities but even to subcontractors.

Learn more about why HIPAA Compliance is a critical part of Managed IT Services in Healthcare

3. What are the consequences of non-compliance?

If you’re functioning as part of the ecosystem of vendors and providers that are required to maintain HIPAA compliance, you’re also part of the liability chain. Violating HIPAA regulations results in fines from $1,000 to $5000 per instance on the low end of the spectrum up to $1.5 million for willful neglect (those companies who know the requirements, but violated them anyway). HIPAA compliance is not a luxury; it’s the law, and if your MSP or the healthcare clients you work with are found to be on the wrong side of this law, these violations can get pretty pricey pretty quickly. 
 

Moving Toward Compliance

The average cost of a data breach is $3.8 million, with 94% of organizations reporting some type of data breach over the past two years. Approximately 44% of businesses believe they are HIPPA compliant, while 28% aren’t sure of the requirements themselves, let alone whether their own organization is capable of meeting them. Make sure you're not part of that 28%. 

View Continuum's Statement of Compliance!

what-it-means-to-be-HIPAA-compliant

As Chief Information Officer (CIO), Hunter is expected to take Continuum's IT operations to the next level of performance as our company continues its rapid growth and expansion. Most recently, Hunter served as Senior Vice President and Chief Technology Officer for Acadian Asset Management. Prior to Acadian, Hunter held positions at Plymouth Rock Companies as Director of Enterprise Technology Services as well as positions at Hobbs/Madison, MFS Investment Management and CSC Consulting. Hunter has a bachelor’s degree in computer science from Dartmouth College. He is responsible for all IT resources for Continuum’s U.S. and India locations.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus