https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

From the Industry


HIPAA Omnibus, Data Backups, and Your Shared Liability as a ‘Business Associate’

  • Written by Intronis Guest Blog 2
  • August 28, 2013
Whether you’ve been selling IT solutions and services to healthcare practices for a long time or are considering healthcare as a new market, the rules of the game are about to change. Before you sign on the dotted line, here are three guidelines that will help minimize your risk.

If you are an IT service provider with clients in the healthcare vertical, your status as a “Business Associate” is a requirement you need to understand, and quickly. Whether you describe yourself as an MSP, VAR or CSP, the upcoming sweeping changes to the HIPAA Privacy and Security Rules are important to you and your healthcare SMB clients.

On September 23, 2013, the Omnibus Rule goes into effect and will require IT solutions and services providers to sign Business Associate Agreements with their healthcare clients. These agreements acknowledge resellers’ roles in keeping their clients’ PHI (personal healthcare information) safe as well as their shared liability in the event of a breach.

Whether you’ve been selling IT solutions and services to healthcare practices for a long time or are considering healthcare as a new market, the rules of the game are about to change. Before you sign on the dotted line, here are three guidelines that will help minimize your risk:

1. Don’t go it alone:  Select a partner that shares in your liability. As a reseller, you depend on all your vendor partners. But, when it comes to copying your customers’ PHI to your cloud provider’s data center, your dependence on your cloud provider also includes shared liability. Even though some cloud providers may try to convince you they fall into the same “conduit exception” category as mail carriers, a recent article from the BakerHostetler law firm titled, “HIPAA, Business Associates and the Cloud” makes it clear that cloud providers do not meet the exception requirements, and they therefore must sign HIPAA Business Associate Agreements describing how they will protect PHI before storing it in their data centers.

Before choosing a data backup and recovery vendor, or any vendor for that matter, make sure their products and services are appropriate for healthcare. If you can check that box, then be sure to review their Business Associate Agreement to find out exactly what their role is in protecting your customers’ data. The agreement should spell out several “What if?” scenarios, ranging from data breaches to the provider going out of business. Take the time to read the agreement. Ask questions. Push back if you need to and consider alternative options if it looks like the agreement places too much responsibility on your company and not enough on the IT vendor.

2. Know the concerns and lead with backup and security. Today’s technology-driven healthcare industry faces pressing data availability challenges and strict regulatory requirements on data security and integrity. Despite pressure on medical organizations to safeguard critical data, some 19 million patients, hospitals and practices have been affected by major information loss and data breaches in the last two years. Of all the business processes and challenges you could discuss with a new prospect, data backup and security are two good places to start. Here are some suggested questions to ask a prospect:

  • How are you currently backing up your data? The answers given to this first question will give you an immediate sense of how close or far the prospect is to meeting HIPAA/HITECH requirements. For example, perhaps they’re using tape media to back up their data. Even if they’re encrypting the data, there’s a good chance their backups are being performed manually, which almost always leads to backup inconsistency.
  • What is your disaster recovery plan? Some prospects may already be using on-site NAS (network attached storage) devices to back up their data. If that’s the case, ask about their disaster recovery plan. Are they automatically backing up their data to an off-site/cloud data center?
  • How is your off-site data protected? For healthcare customers, there are two critical components to keep in mind with regard to off-site data protection: data encryption and data center security. The data should be encrypted at a high level such as 256-key AES, which is used by the government to protect top secret documents. The data center should be SSAE (Statement on Standards for Attestation Engagements) 16 compliant.

3. Remember — recovery time is the key. No matter what type of backup system a prospect uses,  the big question comes down to this: If the business server crashed or something or someone took your company offline, how long would it take to get up and running? This is where the conversation gets real.

In some cases, youmay need to walk the prospect or customer through a few steps to get them to understand that restoring data is rarely a push of a button (unless of course you’re using our QuickSpin product). But for most, there’s time, resources, and investments to be made to get the business back online.  Some will be surprised to learn that even though their data may be safely stored on a tape or in the cloud, it could take several days for them to recover from a server failure after adding up all the time necessary to order a new appliance, convert the data, load drivers, an operating system, and other files onto the new appliance.

The topic of recoverability isn’t just useful for helping clients understand the business cost of downtime. It’s also useful in helping them understand the negative effects on customer service and compliance.

Forays into Health IT aren’t for everyone. The need for specialized industry insight and knowledge of specific regulations and purpose-built technologies offers a great divide. But, the broad market opportunity and demonstrated need for partner help makes healthcare IT a promising opportunity. VARs and MSPs with solid backup and data recovery solutions that fit the bill for healthcare organizations are well positioned to take advantage of this lucrative market and build a firm foundation for a healthcare IT practice that will grow and thrive.

Interested in learning more about healthcare IT? See the Intronis e-book, “Backup & Recovery in Health Care IT” for the in-depth information you need on everything from analysis of the healthcare market to suggestions on how to sell IT in the healthcare vertical.

Neal Bradbury is the Co-founder and VP of Channel Development at Intronis, a cloud-based backup and disaster recovery provider that works closely with VARs and MSPs.

Tags: Agents Cloud Service Providers MSPs VARs/SIs From the Industry

Most Recent


  • Focus New Year’s resolutions on operational impact, innovation and community.
    Make the Most of the Gift of Time in 2023
    Focus New Year’s resolutions on operational impact, innovation and community.
  • A team effort enabled a grocery store chain to attain zero downtime throughout a complex UPS upgrade.
    Strong Partnerships Ease Challenging UPS Upgrade
    A team effort enabled a grocery store chain to attain zero downtime throughout a complex UPS upgrade.
  • The Advantages of Managed Networking and Security During Economic Uncertainty
    The Advantages of Managed Networking and Security During Economic Uncertainty
    Managed networking can offload operational complexities while adding the benefit of faster change management with higher responsiveness.
  • The Foundation of Trust
    The Foundation of Trust
    Trust is gained in the one-on-one interactions we have with our customers and partners.

One comment

  1. Avatar Scott Whitsitt August 29, 2013 @ 4:09 pm
    Reply

    Good overview, but the ending
    Good overview, but the ending regarding SSAE16 could be misleading to some readers. The SSAE16 (or SOC1) report is designed to provide financial auditors assurance about financial reporting related control procedures. Another alternative, and one that might be better, would be the SOC2 report as it covers a potentially broader set of criteria (Security, Availability, Processing, Privacy, and Confidentiality). The SOC2 reports all have the same criteria, whereas the controls in a SOC1 report are custom to each report. So, asking about an SSAE 16 report without understanding what it covers could pose a risk if you don’t fully understand what was covered.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • 5G
    5G: Revolution or Evolution?
  • M&A
    Why All MSPs Need to Understand the M&A Landscape
  • hurricane season
    4 Things MSPs Should Consider When Prepping for Hurricane Season
  • zero-trust
    The Benefits of Zero-Trust Security over VPNs

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Deal to Buy Unify from Atos Seals New Direction for Mitel, CEO Explains

January 26, 2023

Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap

January 26, 2023

Ivanti: Everyone Should be Concerned About ChatGPT and Cybersecurity

January 25, 2023

Industry Perspectives

View all

Make the Most of the Gift of Time in 2023

January 25, 2023

Strong Partnerships Ease Challenging UPS Upgrade

January 24, 2023

The Advantages of Managed Networking and Security During Economic Uncertainty

January 5, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

Cybersecurity Certifications: Their Evolving Role in the Fight Against Increasing Attacks

December 13, 2022

White Papers

View all

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

October 25, 2022

Embracing the Zero Trust Mindset For Endpoints

October 24, 2022

Endpoints are the Destination

October 24, 2022

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

The CEO of @Mitel discusses the likely outcomes of buying @Atos Unify. Note: @RingCentral will play a role post acq… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@msftsecurity surpasses $20 billion in annual revenue, analysts say it's a formidable #cybersecurity market conten… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

The adoption of cloud-based services ☁️ has spiked in the last few years and is among the top growth segments. See… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

[email protected], @NICECXone, @lumencpp, @CiscoPartners joined @IntelisysCorp and partners for a day of marketing worksho… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@IBM and @SAP announce #layoffs of thousands of employees dlvr.it/ShV2VY https://t.co/7QK1YqVpwa

January 26, 2023
ChannelFutures

#MSPs can boost #Channel business if they personalize the #DigitalExperience for partners, says @AvePoint.… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

Consider mental health in the context of DE&I. Create safe spaces where employees can feel comfortable being who th… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@GoIvanti's CSO says #ChatGPT poses numerous cybersecurity concerns. dlvr.it/ShRmdt https://t.co/n22RZ4PZaO

January 25, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X