HIPAA, HITECH and Shark Attacks: Here's What MSPs Need to Know

HIPAA, HITECH and Shark Attacks: Here’s What MSPs Need to Know

Written by Dan Kobialka 1
June 5, 2014

What are the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)? And how do these regulations impact managed service providers (MSPs)?

How are the Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH) and shark attacks related? Legal expert Bradley Gross yesterday described the connection during a breakout session at LabTech Software‘s Automation Nation 2014 in Orlando.

“Regulatory issues are similar to shark attacks,” Gross said. “Shark attacks are cool to hear about; not cool to experience.”

Gross noted the government can be “Freddy Krueger scary” at times, but managed service providers (MSPs) can avoid regulatory problems if they understand both HIPAA and HITECH.

HIPAA was instituted in 1996 by the U.S. Department of Health and Human Services (HHS). It set standards for the security of electronic protected health information (PHI) and made “covered entities” such as healthcare providers responsible for securing sensitive data.

HITECH today requires all “business associates,” which the federal government defines as “anyone who creates, receives, maintains or transmits PHI,” to take responsibility for securing this information.

“As a business associate, as long as you are doing the right thing, you are not responsible for the sins of the covered entity,” Gross said. “Make sure your own house is in order.”

Gross also highlighted the five most investigated compliance issues in order of frequency during his presentation:

Impermissible uses and disclosures of PHI
Lack of safeguards of PHI
Lack of patient access to their PHI
Uses or disclosures of more than the minimum necessary PHI
Lack of administrative safeguards of electronic PHI

Compliance issues might appear scary at first, Gross said, but an MSP that takes steps to comply with government regulations now can avoid problems down the line.

“Do the right thing. The government understands that compliance doesn’t come overnight,” Gross said.

Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at dan.kobialka@penton.com.