Your Latest HIPAA Headache: BDR Compliance -
It has been over a year since the last wave of regulations on data confidentiality mandated by the Act the Health Insurance Portability and accountability (HIPAA) entered into force. Are most pros channel up to speed on them?
"Not even close," says Raj Goel, president and co-founder of Brainlink International Inc. A managed services provider based in Long Island City, NY, Brainlink also provides HIPAA compliance advice to other MSPs. Goel believes it has received more applications for aid over the last 12 months than in the last 10 years combined.
No wonder. Previously, HIPAA put only "covered entities "such as medical practices, clinics and hospitals on the hook to keep the data secure patient. the HIPAA omnibus rule which came into force in September 2013, however, this responsibility extends to" business partners "and MSP -Including backup recovery suppliers and disaster whose services they use.
"you have to make sure the guys are actually HIPAA as well," said Kevin Edwards, director of health care services flexible business Systems, a small company's technology provider based in Hauppauge, NY
do not take their word for it either, Goel advises. "Every dealer I saw now boasts HIPAA compliance," he said, and they are all ready to sign the associated business agreements, contracts prescribed by law that formally commit them to safeguard the protected information. More often, however, they are unwittingly in violation of key requirements, Goel says.
This means that every pro channel that saves data for health care clients must end, hard look at their favorite BDR policies and supplier of security measures, paying attention especially careful questions like these:
encryption: Make sure that the seller encrypts data both "at rest" in its data centers and "in transit" in the Internet, said John Durant, director of channel sales at BDR provider based in Boston Carbonite Inc. "you want to make sure that the data is transferred appropriately," he said.
controls of access: you also want to make sure your provider BDR takes strong measures to keep unauthorized viewers on its databases and data centers
Log-in followed :. entities HIPAA requires covered to take action if the pirates are trying to sneak into systems containing health information, so be sure your provider BDR connection attempts tracks, provides audit logs on request and blocks users who use passwords repeatedly incorrect
physical location .: Ask your provider where data BDR your client will reside. "He must remain in the continental United States," notes Rob Rae, Vice President of Business Development at BDR Norwalk Connecticut-based provider, Datto Inc., and your supplier should provide certification that it will.
data recovery and destruction: Can your customers get their data back if they cancel their account What if the BDR provider goes out of business East? -what the seller shred old storage systems after upgrades of hardware or list on eBay? Check their SLA to know, Goel advises, and do not hesitate to follow if you have a question about something. "good salespeople will tell you the truth, or at least put you in touch with someone who can answer," he said.
Choosing the right partner is just the beginning, however, Rae note. Choose good customers is equally important covered entities are required by law to retain health care data not only safe but available even after natural disasters. working with health care clients who refuse to invest in backup technology state-of-the-art could expose you to high fines. "Ultimately, an MSP should probably walk away from this business as opposed to getting involved in it and potentially open to risk," said Rae.
Indeed, walking away from the health quite possibly be a wise decision for many pros channel. Goel studied HIPAA since 1997, but it refuses to provide managed services to health care providers and advises most MSPs do the same. There are simply too many ways to break the law, he observes, and avoid all costs too much time and money.
"This is not a business for the underfunded or weakhearted, "said Goel.
0 comments:
Post a Comment