If I really want to drive the point home, I tell them, “Go to the competitor that’s offering to do this for 10 percent less, and tell them you want to pay 10 percent less than that. They’ll go as low as you want, because they can’t provide compliance anyway, they’re just hawking a list of commodities.” In my experience, once you have this conversation, the client takes those competitors out of consideration.
It’s another take on the same conversation when clients question specific tools within our Compliance-as-a-Solution offering. For example, we use Beachhead Solutions’ SimplySecure for HIPAA-compliant data encryption and device access control. The cost and specific technology isn’t itemized in our proposals, but when a client questions if it can save money by using BitLocker for encryption because it’s free, I explain that we selected each of our solutions because they allow us to manage and ensure complete and worry-free compliance. Our commitment to compliance can’t be shortcut.
The main message clients need to take away from these conversations is that there’s no such thing as HIPAA-lite, and any compliance plan will fail if you cut corners. Considering that HIPAA non-compliance can mean losing your business, your reputation, and possibly time in prison, cheaping out on security is a pretty foolish way to try to save money.
PAUL REDDING is CEO at Carlin Bradley, a Tennessee-headquartered provider of IT and cloud services for small and mid-sized businesses.