The HIPAA Questions Every MSP Should Be Asking
Client: “Do you know about HIPAA compliance?”
MSP: “I know of HIPAA compliance.”
That answer is not going to cut it anymore (if it ever did). For today’s MSPs, HIPAA compliance is either a subject they would rather not discuss, or one that elevates them in the minds of current and prospective clients. There is very little middle ground.
“MSPs should think about HIPAA compliance as more than just a check box item,” said Ted Hulsy, VP of Marketing at eFolder. “Compliance expertise is an opportunity to seriously set yourself apart from the competition.”
Generally speaking, MSPs have neglected to become HIPAA experts because many of their clients already were. You know cloud technology, they know HIPAA. Why learn about the law when the client already knows everything about it? Just tell me what’s required and I’ll give you a solution.
There are a few glaring problems with this mindset. For one, you’re assuming the in-house HIPAA expert will be readily available to provide you with the info you need. Often times you’ll be on your own, or interfacing with someone who doesn’t fully understand the requirements – so the more you know about HIPPA, the faster you can deploy a solution.
The other major problem is that some smaller companies that need to adhere to HIPAA compliance don’t truly understand what it entails. Do an internet news search for “HIPAA compliance” and you can read hundreds of horror stories about companies not in compliance with the law. Never assume the client knows everything about anything.
So how can you help your clients with their HIPAA problems? Before you know the right answers for your clients, you need to know the right questions. Here are a few HIPAA-related questions that every MSP should be asking of themselves and their clients:
- How can I educate clients and prospects on why HIPAA compliance is so important? The first part of part of marketing is education. What am I, as an MSP, doing to educate my clients? Do my clients truly understand the requirements, and more importantly, the risk of non-compliance? What are the most common mistakes? How can I highlight certain aspects of my solutions/services that address some of these questions and concerns?
- Have we truly built a security minded company culture, where the mindset, policies, and procedures are all geared for comprehensive data protection? Security trumps every other factor for companies under the HIPPA umbrella. Without it, the brand will suffer and the business will stall. MSPs need to instill this sense of priority company-wide, not just to a few members of the team. It’s got to be a part of the culture in other words, not a one-time memo.
- Are we turning a blind eye to looming security risks from consumer-grade services which can cause data leaks or jeopardize patient data privacy? MSPs must be able to convey how dangerous these tools are for HIPPA-compliant companies. It only takes one cavalier use of these tools to cause a major headache. Is a zero-tolerance policy the answer?
Nobody can force you to become a HIPAA expert. But if you take it upon yourself to learn – bit by bit – the specific details of the law, you’ll have a major advantage over the competition.