MSPmentor Blog
HIPAA: 5 Tips for MSPs Embracing Healthcare Vertical

HIPAA: 5 Tips for MSPs Embracing Healthcare Vertical

For MSPs, the healthcare vertical can generate plenty of monthly recurring revenue (MRR). But if you're new to the healthcare industry, you'll need some guidance -- especially as regulations like HIPAA evolve to include new requirements. Here are five tips to get started.

1. The Risk Is Real (And Regulations Can Be Confusing)

Let's start with the most basic risk of all -- a data breach. Nearly 95 percent of healthcare organizations have had at least one data breach in the last two years. Alas, only 40 percent of organizations think they can prevent or quickly detect patient data loss or theft. And only about half of healthcare organizations conduct annual security risk assessments, according to Ponemon Institute.

At first glance that's all bad news. But think about the situation a bit and you'll realize all of those challenges are actually opportunities for MSPs. Indeed, the healthcare industry is crying out for IT guidance and ongoing services.

2. HIPAA: A Closer Look

Still, many MSPs -- and even healthcare organizations themselves -- don't know how to navigate HIPAA (Health Insurance Portability and Accountability Act) regulations.

HIPAA includes privacy, security and breach rule components to ensure organizations protect patient health records, defend against threats, and disclose when information may have been compromised.

In addition to impacting health plans, healthcare providers and clearing houses, HIPAA can also affect one to two million business associates and another 700,000 entities in the market. In other words: HIPAA certainly impacts MSPs working in the healthcare industry.

Why focus on HIPAA now? Effective Sept. 23, 2013, healthcare MSPs must sign business associate agreements (BAAs). The agreements basically ensure that you understand HIPAA rules, implement proper safeguards -- and even assume levels of liability. If you don't comply the penalties can be stiff -- ranging up to $50,000 per violation and up to $1.5 million per year across all HIPAA violation categories.

3. HIPAA: What MSPs Need to Compete

Potential HIPAA fines may scare "pretender" MSPs out of the market, leaving the best opportunities to MSPs that really want to master this industry.

To compete, your business will need expertise in such areas as:

  • Risk analysis
  • Business continuity planning
  • Security policies and procedures
  • Incident response planning
  • Training
  • Documentation

Each of those areas could warrant a dedicated blog. Instead of doing a deeper dive on each bullet point here, I encourage you to reach out to me with questions.

4. HIPAA: Why MSPs Must Partner

When it comes to addressing healthcare customers and HIPAA, MSPs can't go it alone. You're going to need integrated, reliable, scalable solutions from your RMM (remote monitoring and management), backup and disaster recovery partner.

Start with strong security solutions (i.e., firewalls), a security event and incident management (SEIM) system, top-tier data center and a comprehensive information security program that ties everything together.

Building out those solutions on your own is cost-prohibitive. Not by coincidence, our team here at Continuum has already addressed those issues for MSPs. Indeed, we’re lowering the barrier to entry for MSPs by delivering:

  1. a signed BAA
  2. secure access
  3. encryption
  4. end-user authentication
  5. patching, antivirus and anti-malware
  6. And plenty more.

5. HIPAA: Big Opportunity for Your Existing Expertise

Just to drive home the point, the healthcare vertical is a big opportunity for MSPs. Healthcare IT spending will top $34.5 billion in 2014, according to Technology Business Research.

Some of the spending involves healthcare-centric applications like EMR (electronic medical records). But much of the spending involves IT expertise you and your technology partners may already have -- before you even enter the healthcare market.

And don't forget: MSPs that go vertical tend to have the highest valuations during potential M&A (merger and acquisition) discussions. (That's a separate blog for another time.)

If you have questions on HIPAA, the healthcare vertical or the ways Continuum empowers MSPs, please visit

Nick Bruno is Chief Information Security Officer at Continuum, a leading provider managed services solutions that power MSP growth.



Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.