The thing about HIPAA compliance is no one knows what they need to do to be compliant. There is a lot of mystery around compliance and MSPs are wary of it. But when you peel away the layers it’s not that difficult to understand. And since healthcare is one of the hottest market segments today, it’s hard to ignore.
It was hard for me to ignore. I started out as a systems architect for a large pharmaceutical company, but left to start an IT company, Entegration Inc., and bring enterprise infrastructure to the SMB market. But it was tough going. I knew potential clients needed networking and infrastructure, but I didn’t know how to differentiate my company from all the others offering similar services.
In the 2006 to 2007 timeframe I looked closely at our client base—our large medical clients stood out. That’s when I decided to focus solely on the healthcare market and build services around it. It would be our differentiator.
But what got me digging into HIPAA compliance was a 2009 conference call during which someone said, “With the new HIPAA regulations, we’re going to need to upgrade the Exchange server for this client.” And I asked myself, “What new HIPAA regulations, and what do they have to do with Exchange?”
So I did a ton of research on HIPAA. I had 75 healthcare clients and not one of them had ever spoken to me or asked me about HIPAA compliance. I assumed none of them were doing anything with regard to HIPAA, and there was a good chance they were simply ignoring it. After doing some more research, realized that our company already did a lot of what was required for HIPAA compliance and security: network security, best practices, securing data. It made a lot of sense.
THE HIPAA MISSION
I was on a mission. My employees thought I was nuts, because I kept talking about HIPAA. But I knew we could really help our clients with it and maybe even others outside our core group of clients. I began building services around compliance and started a second company, HIPAA Secure Now!
HIPAA Secure Now! offers compliance services to organizations subject to HIPAA, both covered entities—medical practices, dentists, chiropractors, hospitals—and their business associates, such as a law practice, billing company, or an IT firm that provides services to the covered entity and has access to patient data. We furnish a HIPAA risk assessment to discover where patient data is stored and how it’s being protected, and how to better protect it. We also provide written policies and procedures that address the HIPAA security rule and the HIPAA privacy rule. The third component we offer is online employee training on the regulations and how to protect patient information.
We follow a channel model with HIPAA Secure Now! An MSP with healthcare clients can refer those clients to us for a commission, or can buy our compliance service at a discount and resell it to their healthcare clients. The MSP doesn’t need to be an expert in HIPAA; we are the experts. We do the risk assessment, policies and procedures, and the training. The MSP must be HIPAA compliant because it is a business associate, but it does not have to be a HIPAA expert.
What our partners like about our service is not only do they get to help clients with HIPAA compliance, but the HIPAA risk assessment generates additional project work. The risk assessment may find that the client has unencrypted laptops or might not be doing off-site backup, for example. So the value to the partner is selling additional services to help clients with compliance.
The bottom line: Channel partners should not be afraid of compliance. It’s not difficult. And if you can use your knowledge to stand out from the competition, you can talk to prospective clients about HIPAA as opposed to servers and desktops. It’s a good way to seize the market opportunity and grow your client base.
Art Gross
President and CEO
Entegration Inc. and HIPAA Secure Now!
LOCATION Morristown, N.J.
FOUNDED Entegration 2001, HIPAA Secure Now! 2010
NUMBER OF EMPLOYEES Entegration 13 and HIPAA Secure Now! 7; some resources in operations and finance, for example, are shared.
COMPANY WEBSITES www.entegration.net, www.hipaasecurenow.com
COMPANY FOCUS Entegration is a full-service MSP focused on clients in the healthcare vertical. HIPAA Secure Now! provides compliance services to HIPAA organizations such as medical and dental practices.
FAVORITE PART OF MY JOB Going to industry conferences, talking business with other MSPs, and explaining the services offered by HIPAA Secure Now! and how those services can help their healthcare clients and their own businesses.
LEAST FAVORITE PART OF MY JOB The frustration of growing quickly while knowing that we could have explosive growth once the demand for HIPAA compliance services reaches its full potential.
WHAT PEOPLE WOULD BE SURPRISED TO KNOW ABOUT ME I am starting another company. Breach Secure Now! is a security platform that helps organizations prevent data breaches that MSPs can white label. www.breachsecurenow.com
