MSP Blog Logo

Cyber Security

Business Growth

Sales and Marketing

IT Services


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

Do Your Tools and Services Help You Comply with HIPAA / HITECH Act Registrations?

Posted September 23, 2013by Rob Autor


The new HIPAA regulations are making us all work harder to protect the privacy of patient health information – and for good reason considering the growing use of electronic medical records. Right now managed services providers (MSPs) need to understand their status and requirements as “business associates” in order to comply with the Omnibus Rule and final implementation deadline of September 23, 2013.

Those MSPs that qualify as business associates must implement their own HIPAA compliance program so that they can sign Business Associate Agreements with their healthcare clients and protect themselves from liability. HIPAA requirements are broad – encompassing administrative, technical and physical controls. Since virtually all MSPs use third-party tools and services to serve their clients, they should ensure that they are using these properly to enhance their information security programs.

Obtain Business Associate Agreements (BAAs) from Vendors

MSPs that are required to sign BAAs with their clients may in turn need to obtain signed BAAs from their providers. For example, MSPs may need BAAs from their professional services automation (PSA), remote monitoring and management (RMM), backup and disaster recovery (BDR), and cloud or data center vendors, particularly if they are hosting client protected health information (PHI) off site.

Secure Access

Ensure that your third-party tools can only be accessed by authorized personnel.  Take advantage of access control features such as multi-factor authentication and enforce minimum password length and rigorous password complexity requirements.    


Only transmit and store critical data in encrypted form. For example, passwords and PHI should always be encrypted during transmission and storage. And ensure your solutions use strong encryption algorithms such as AES-256. 

End-User Authentication

When you or your service providers are speaking directly with your clients, how are they authenticated? Review end-user authentication processes to ensure that only authorized personnel receive service.


Most MSPs are quite disciplined about ensuring that their clients’ environments have the latest patches and up-to-date AV and anti-malware software. Third-party RMM tools help by automating assessment, deployment and out-of-compliance reporting. It’s equally critical that MSPs themselves follow best practices for their own environments and confirm that their providers do the same. 

In a new era of stricter privacy regulations, it’s more important than ever for MSPs to be equipped with the best possible backend tools and services, and ensure sure that both they and their healthcare clients meet HIPAA requirements.  Continuum has achieved HIPAA compliance and is focused on helping our MSP partners to do the same.  Continuum’s RMM platform and integrated services support and enable the security best practices described above.  And Continuum is prepared to sign BAAs with its MSP partners that require them.


To learn more about compliance, visit our HIPAA Resource Center.

HIPAA Resource Center

Rob is an operations and technology management wiz with a range of experience at companies like Sallie Mae, Price Waterhouse and driving superior service quality at Continuum’s network operations center (NOC) and Help Desk. When he was a kid, Rob wanted to be a professional tennis player.

Topics: IT Services

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus