You’ve probably already heard and read a lot about the opportunity that exists for IT services in the healthcare vertical, and it’s a topic that won’t be going away for a while because it is still BIG, BIG, BIG. If you don’t have any clients in the healthcare vertical – or don’t have any clients who, themselves, work with healthcare organizations – you can go back to sleep. I’m talking about 700,000 hospitals, Emergency Medical Clinics, Dental Offices, Nursing Homes, Psychiatric Care Facilities, Diagnostic Labs, Corrections Facilities and Pharmaceutical Companies. These are the so-called “Covered Entities” that must comply with the Health Insurance Portability and Accountability Act (HIPAA).
Additionally, I'm talking about another 2+ million companies known in the law as “Business Associates” that are ALSO covered by HIPAA – that would be the lawyers, accountants, billing services and, yes, IT Service Providers!
Yes, it’s true. If you service any clients covered by the HIPAA regs, that means that YOU TOO have certain legal obligations and responsibilities that add to your own business risk profile if not addressed. Here’s a useful resource from the federal Health and Human Services web site that talks about this requirement, and also includes a sample contract that Business Associates (you) should have with Covered Entities and/or other Business Associates. You might need a HIPAA expert or lawyer to interpret some of the provisions, but at a minimum they’ll tell you that you need to do your own HIPAA Risk Analysis… and document it.
I’ve talked to a fair number of MSPs and IT Service providers who have some clients that are Covered Entities and other clients that are covered Business Associates. Most of the MSPs with Healthcare clients knew those clients were covered by the HIPAA privacy and security law, but only a few knew that some of their clients are Business Associates of Covered Entities. And hardly any of them knew that they themselves are required BY LAW to do their own documented HIPAA Risk Analysis on their own business. Unfortunately, the truth is, very few MSPs are doing adequate HIPAA Assessments today for their clients, to say nothing about doing their own.
If this is you, there’s a very real risk that you or your clients could get hit with a business-busting fine by the government if there’s ever a data breach. But this also presents a mega opportunity for you: First get your own house in order, and then go out to every Covered Entity in your town – and everyone who does business with them – educate them about the law, and then offer them a comprehensive HIPAA Assessment.
Don’t know anything about how to perform a HIPAA Assessment – for yourself or an existing client or prospect? Well, you’re in luck!
As it turns out, you don’t need to be fully-versed in all aspects of the HIPAA regulations. There are many parts of HIPAA that focus on privacy and really have nothing to do with IT. Your responsibility lies in the electronic data aspects of HIPAA, and how this “electronic protected health information” (ePHI) is collected, stored, transferred and disseminated. You're also accountable for the associated access and security requirements.
RapidFireTools, Inc., makers of Network Detective, has teamed up with Continuum to provide you with a powerful HIPAA Compliance Tool that will get you in the game, and help you build a new and profitable revenue stream.
You may already be familiar with the Continuum Network Detective IT assessment modules that have been available for some time now. The new HIPAA compliance tool starts where the IT assessment modules leave off, and includes a variety of new interactive components to integrate some of the required additional data that can only be gathered through on-site observations.
That means, in addition to collecting a bunch of network data required for a valid HIPAA Risk Analysis, it also provides you with a set of worksheets and questionnaires that you complete through onsite observations and interviews with the client. The tool then compiles all of the data you collect through automation and observation and seamlessly combines it into a complete set of all the official documents required to be in compliance with the law -- it simply can’t be done any easier or faster.
RapidFire Tools is a sponsor of the upcoming Navigate 2014 Continuum User Conference and will also be a contributing presenter for one of the technical tracks. If you plan to attend, be sure to stop by our booth for a quick product demo and to review sample reports.
To learn more about Continuum Network Detective, visit the Continuum partner portal or contact your account representative.
For everything healthcare IT, check out the HIPAA Resource Center!
Will we see you at Navigate?
By Richard Harber
By Gretchen Hoffman
By Meaghan Moraes