Is Your MSP HIPAA Compliant?
Stuart R. Crawford / Stuart Crawford
Is your managed services business adhering to the standards for HIPAA compliance? If not, you need to be. Any business entity that works with medical organization falls under the Business Associates category.
We read recently that 20% of the HIPAA breaches were caused by business associates. Click here to read about many of the HIPAA violations and breaches.
Examples of HIPAA Business Associates include:
- Shredding companies
- Electronic Medical Records providers
- Collections Companies
- IT companies that help support your network
- Independent transcriptionists and billing specialists
- Health care equipment companies
- (new in the 2013 Final Rule) companies that provide storage for paper and electronic data, even if they never access the data.
You will see that your MSP falls under the business associates classification in more than one category. Your IT support services and your BDR solution.
So is your managed services business HIPAA compliant?
I had a great discussion with a medical MSP in New York this week who offered this great advice. Set up a separate LLC (I believe that is the entity) for each medical organization you work with. Sure it is a bit more effort but this effort may just save you headaches in the future.