Cloud backup and storage companies are preparing for the HIPAA Omnibus regulation, which becomes effective on Sept. 23, 2013. Indeed, cloud services providers (CSPs) such as Carbonite, Datto and Intronis are educating VARs, MSPs and other channel partners about the updated healthcare regulation and the implications for storage, backup, recovery and data protection.
HIPAA Omnibus, an update to the Health Insurance Portability and Acountability Act, strengthens patient privacy protections, introduces new electronic medical record (EMR) requirements and has a fine of up to $1.5 million per violation. For channel partners in the health care vertical, those fines could be painful.
Even without potential fines looming, it's wise for VARs and MSPs to get ahead of this regulation -- both internally and when dealing with healthcare customers. Master the topic now, and you're in better position to educate your own customers about the issue as their so-called "trusted advisor."
So where can you get some education? I've got three quick recommendations:
The SMB-focused cloud backup provider says it will enter into Business Associate Agreements with HIPAA-compliant businesses. In other words, the company claims, Carbonite can provide the healthcare industry with secure access to cloud backup services.
In a recent press release, Carbonite stated:
"Companies that create, receive, maintain or transmit protected health information on behalf of a covered entity are now considered business associates under the new federal regulations. Carbonite supports the compliance requirements of covered entities by implementing administrative, physical and technical safeguards to protect the backed up data of its Business and BusinessPremier customers."
To request a copy of Carbonite’s Business Associate Agrement (BAA), channel partners can call 1-855-CARB-BIZ or email [email protected]. Carbonite will also offer Webinars in September and October on the HIPAA Omnibus topic.
The business continuity specialist, which works closely with MSPs, is hosting its first-ever Datto Partner Conference from Sept. 11 to 13 in Washington, D.C. It's a safe bet the HIPAA Omnibus topic will be discussed multiple times. We're also working on an October 3 Webcast with Datto about the topic. Watch for registration details soon on this web page.
In the meantime, you can read up on Datto's early HIPAA work here.
The cloud-based backup provider has offered a three-point plan to help channel partners address HIPAA Omnibus concerns. Channel Chief Neal Bradbury is quick to note that channel partners in the healthcare market can't sidestep the HIPAA Omnibus concerns. In a guest blog posted on MSPmentor, he stated:
"On September 23, 2013, the Omnibus Rule goes into effect and will require IT solutions and services providers to sign Business Associate Agreements with their healthcare clients. These agreements acknowledge resellers’ roles in keeping their clients’ PHI (personal healthcare information) safe as well as their shared liability in the event of a breach."
More Guidance Coming
In the days and weeks ahead, it's safe to expect more vendors and industry associations to weigh in on HIPAA Omnibus. We'll cover the issue from all channel perspectives -- CSP, MSP, VAR -- across Talkin' Cloud, MSPmentor and The VAR Guy.
I'd also keep a close eye on HIMSS -- the not-for-profit organization focused on better health through information technology (IT).
If you're a channel partner in the healthcare market and have views to share, feel free to post a comment or reach out to me on Google+.