ON THE HORIZON
HIPAA
COMPLIANCE
THE DOCTOR ’ S Rx FOR EVERY MSP
RANYA HABASH , MD
Think HIPAA doesn ’ t apply to you ? Think again .
More than 50 % of MSPs do business with a health care organization , and more than 87 % do business with a vendor who does business with a health care organization . That ’ s almost all of you ! According to the HIPAA Omnibus Rule , any organization handling health information or acting as a vendor with access to patient information must comply with HIPAA , even if they don ’ t specifically provide health care services . This includes you . As an MSP doing business with any of these entities , you ’ re also responsible for complying with HIPAA .
Therefore , understanding HIPAA isn ’ t just important ; it ’ s an absolute requirement for MSPs . Luckily , this presents a massive opportunity for you to become a trusted advisor to your clients with HIPAA requirements while also increasing your profitability and growing your customer base .
We ’ re all in this together . As a physician , HIPAA helps me protect my patients , my practice , my reputation , and my wallet . For MSPs , it ' s an opportunity to safeguard your customers , your business , and your reputation and to increase your revenue .
HERE ARE THE FACTS :
A HIPAA Business Associate Agreement ( BAA ) is required for any business associate to ensure adherence to HIPAA guidelines . This means every accounting firm , insurance company , data transmission provider , data storage company , billing and transcription service , etc . That ’ s in addition to any lab , pharmacy , dental practice , medical practice , physical therapy facility , and home health or nursing home facility . And as an MSP doing business with any of these entities , the same compliance guidelines apply to you .
You may be wondering how a busy surgeon such as myself knows so much about compliance . Well , I got in trouble for being noncompliant . I was in my office seeing patients one day when the ER doctor needed me for a trauma patient . The patient was scared and in pain . The ER doctor had a crowded ER , and I had 20 patients in my waiting room . There was no way I could leave , so I had the ER doctor text me an image of the patient ’ s CT scan , and we did a FaceTime exam ( on our phones ). We had a plan in 30 seconds , and everyone was happy . Two days later , the hospital ’ s compliance officer called to ask what I thought I was doing . She said I ’ d exposed everyone to a huge HIPAA violation and a $ 1.5 million fine . That ’ s when my compliance education really began because getting in trouble compelled me to create HIPAAChat , a software application for doctors to communicate in a quick , easy way , just as we do with friends and family , but in a compliant manner . My company was later acquired by a global critical communications company called Everbridge , and I was hired as their chief medical officer . Besides being a full-time practicing physician , I also help implement Everbridge ’ s critical communications software in over 1,000 hospitals and health