HIPAA Compliance Services Are a 'Path to New Recurring Revenue'HIPAA Compliance Services Are a 'Path to New Recurring Revenue'
There's a void when it comes to knowledge and IT expertise around HIPAA that MSPs can fill.
March 18, 2020
There’s no abatement when it comes to privacy and security regulations in the health care industry. In fact, industry experts see a number of HIPAA-related trends in 2020: cybersecurity, cloud, the growing pressure for increased and easier access to medical records by patients, states stepping up privacy and security regulations, as well as the use of apps and health data devices. And that’s only a handful of the trends likely to impact existing regulations. The changing compliance and security HIPAA (Health Insurance Portability and Accountability Act) landscape points to a strong compliance practice opportunity for channel partners.
Without even looking ahead at trends that will reshape the HIPAA landscape, health care providers today struggle with compliance. One look at the most recent HIPAA news press releases on HHS.gov, reveals a long list of regulatory infringements.
Semel Consulting’s Mike Semel
During a recent RapidFire Tools webinar for MSPs on selling and delivering HIPAA compliance services, Mike Semel, president of Semel Consulting, shared some figures on Federal HIPAA enforcement penalties: 2014-2015, $14 million; 2016-2017, $42 million; and 2018-2019, $41 million.
“We expect HIPAA penalties to increase even more,” he said.
Why? According to Semel, a 35-year IT industry veteran, IT solution provider business owner, and compliance and HIPAA certified professional, in 2020 expect to see the government make up budget cuts with increased enforcement. That’s going beyond the increase in enforcement that occurred in 2019 that focused more on business associates, and rule changes that penalize organizations who do not self-report breaches.
Business associates are one of two groups – covered entities and business associates — both of whom the government says must comply with HIPAA. There are between 2 and 3 million business associates who work with the covered entities (about 700,000 and include health care providers and health plans).
“For every covered entity, they work with vendors, some of them work with hundreds of vendors. These are companies like yours, like mine that support covered entities and we may come in contact with either protected health information (PHI) or the systems that process and store it,” he said. “You don’t have to have access to the records themselves to comply with HIPAA as a business associate.”
RapidFire’s Mark Winter
Mark Winter, vice president sales at RapidFire Tools, a Kaseya company, noted that the next generation of MSPs will offer managed compliance services such as: HIPAA, GDPR and other privacy standard compliance; cyber liability insurance policy compliance, NIST Cybersecurity Framework compliance, and PCI compliance, among others.
“This is important because every business is regulated by at least one data breach law and many are regulated by other laws and rules,” said Winter. But, that’s not all. Penalties can be assessed for a single incident and can flow down to MSPs, in many cases. “So, compliance is becoming more important for us…
…as MSPs and for our clients,” he said.
New and increased services mean new opportunities for MSPs. While an entity can have security and privacy without compliance, businesses can’t be compliant without documentation. And, neither security or privacy management are ongoing rather than one -time events, as is compliance that ensures that data is secure and private.
“Compliance-as-a-service is that new path to new recurring revenue,” said Winter. Focusing on HIPAA, RapidFire Tools offers Compliance Manager for HIPAA. HIPAA Manager is a framework that address HIPAA audits and compliance services.
HIPAA came about in 1996 and was revised in 2009 with the HITECH Act, both federal laws that include rules such as Privacy Rule, Security Rule, Breach Notification Rule, and HIPAA Omnibus Final Rule.
MSPs and IT solution providers with a HIPPA compliance practice can offer customers a soup to nuts services including consulting, basic and advanced assessments of their existing IT, providing a solution road map and offering solutions that provide the network, data and reporting capabilities that keep customers HIPAA compliant.
About the Author(s)
You May Also Like