IT and Business Insights for SMB Solution Providers

Is There Gold in Supporting IT for Group Medical Practices? : Page 2 of 2

Maybe, but you better know HIPAA inside and out first. By Michael O'Hara

CEs and BAs are on the hook for this too. The OCR reported levying $28,638,400 in Civil Money Penalties to CEs and BAs who failed to comply with HIPAA and adequately safeguard patients’ PHI.

The takeaway? While it may seem like a great idea to support group medical practices (and I am not saying it isn’t) you must have a concrete and well-thought-out HIPAA compliance program in place that includes policies and procedures on handling and securing PHI for your company and clients. Start by conducting an honest security risk analysis (preferably by a qualified third party), which will shine a light on your strengths and weaknesses for protecting PHI, and then create a risk mitigation plan.

If you can court a group medical practice by showing you’ve already done the legwork on HIPAA compliance, you will have a built-in advantage over other MSPs. However, if you go into this market blindly you could be one breach away from financial ruin.

MICHAEL O’HARA, CISSP, CHP, CSCS, CCSA, is a security consultant. Contact him at [email protected].

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.