08 Jun The Revelations of Network Assessments
By Michael Mittel, CEO and President, RapidFire Tools
HIPAA presents a tremendous opportunity for MSPs to gain new customers and increase revenues through ongoing HIPAA compliance assessments. If you’re a managed service provider looking to increase or build your HIPAA compliance business, you should be aware of the some of the most common pitfalls that healthcare companies face as they try to comply with the complex regulations. Here are some of the most typical and/or impactful problems that network assessment tools like our HIPAA assessment module tend to reveal about healthcare data networks—and how managed service providers can help their customers address them:
Review Affected Parties: All agencies that work with the healthcare organization (known as “affected parties”) must be HIPAA compliant along with the healthcare organization itself. This includes accounting firms, financial services companies and resellers that work with the healthcare organization. Much of the industry still doesn’t realize that these ancillary partners to healthcare companies must be compliant in order to fulfill the legislation and truly secure electronic healthcare records. Make sure your clients in the healthcare field are aware of this—and that you target those business partners with HIPAA assessment services as well.
Remove Former Employees: One of the first things healthcare network assessment reports often show is that ex-employees still have official access to the network. As with many business organization, healthcare companies often add and drop employees. These companies must ensure that all former employees have been removed from the system, and network assessments identify these unauthorized users.
Perform Regular Risk Assessments: Network assessment audits, when conducted on at least a quarterly basis, will reveal patterns and changes from one period to the next that 1) allow businesses to more quickly identify risk factors and questionable behavior, and 2) produce ongoing documentation for audit purposes which show that the company has taken steps to remain compliant. Such documentation often helps companies elude fines in the case of an audit.
Implement the Fix: Make sure your clients not only conduct assessments, but take seriously the responsibility to address any issues they uncover. Leon Rodriguez is a former director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, the agency responsible for enforcing HIPAA and HITECH regulations. Rodriguez noted that the “failure to perform a comprehensive, thorough risk analysis and then to apply the results of that analysis” was the area in which most healthcare companies suffer the most audit failures.
Savvy MSPs can keep these basic tenants in mind as they ramp up a HIPAA Compliance practice, gaining the trust and loyalty of these healthcare entities in the process.