Adding HIPAA Capabilities to Your Service Offerings
Connectria
Author
Date
May 22, 2019
You’ve worked extremely hard building your IT business and client base, spreading your reach far and wide. The company has spent countless man hours and untold budget-busting expenses have paved the way for you to offer an array of top-end, professional services that are in high demand.
Now, imagine opening your service offerings to a whole new industry that has, until now, been completely off-limits to you simply due to regulations. What avenues would suddenly be open if you were able to provide your services to the vast array of businesses within the health sector such as healthcare organizations, healthcare software companies, and healthcare service providers?
While adding HIPAA capabilities may have once seemed completely unattainable, keep reading to find out about an affordable solution and what it could mean for your bottom line.
What is HIPAA?
The U.S. Health Insurance Portability and Accountability Act (HIPAA) is a set of security and data privacy provisions designated to safeguard protected health information (PHI). According to the U.S. Dept. of Health & Human Services, HIPAA applies to Covered Entities — i.e. healthcare providers, health plans, and health clearinghouses.
To protect the privacy and security of health information, those that fall within this Covered Entities classification must comply with the Rules’ requirements and provide individuals with certain rights with respect to their protected health information (PHI).
These requirements also extend to any “Business Associates,” such as accountants, fax service providers, IT contractors, cloud storage services, etc., that the Covered Entity utilizes in order to carry out their health care activities and functions. This means that they are required to have a written contract, Business Associate Agreement (BAA), that specifically establishes what services the Business Associate will provide and requires that they comply with the HIPAA requirements. Additionally, those Business Associates are also directly liable for compliance with certain HIPAA provisions.
Once more, the BAA serves to clarify the Business Associate’s permissible disclosures and uses of PHI, based on the services or activities that they are performing and the relationship between the involved parties. Lastly, in the event of an investigation by The Office for Civil Rights (OCR) or a data breach, including any breaches caused by an Associates’ subcontractors, the BAA will dictate how the Business Associate will respond and report.
Becoming HIPAA Compliant
Of course gaining the ability to start doing business with healthcare organizations would mean huge possibilities for your company, but actually becoming HIPAA compliant is no easy undertaking and there aren’t any shortcuts. You’ll have to study the 115 pages of HIPAA (45 CFR Parts 160, 162, and 164) and then apply the rules to your business.
When you consider the severe penalties for a HIPAA violations or breaches of patient privacy and/or protected health information, your study time has likely never held more importance. However, as we’ll discuss in just a moment, whether you need HIPAA compliance for a single client application, your entire IT department, or something in between, there’s a HIPAA managed hosting solution that’s perfect for you, your customers, and thousands of potential new clients.
Should you wish to be HIPAA compliant yourself, there are a few variables that will factor into your cost, including:
- Organization or client base size — more programs, more processes, more computers, and more PHI add up to higher HIPAA cost.
- Your systems — the brand of computers, types of firewalls, the models of your backend servers, etc. can all affect HIPAA compliance cost.
- A dedicated HIPAA workforce — You could easily spend a ton of time and money spinning your wheels trying to close the HIPAA gap without a dedicated HIPAA team.
And then of course, there are the fines, penalties and costs associated with a data breach or not protecting PHI.
The Only Thing That Matters
Right off the bat, we can name over a half a million potential clients that your company is currently missing out on. That’s according to the latest Statista report for the number of active physician specialists in the U.S., i.e. Surgeons, Radiologists, Cardiologists, Psychiatrists, etc. Additionally, according to the American Hospital Association, there are over 6,000 hospitals across the country with over 35 million admissions each year, all requiring HIPAA compliant services.
However, adding HIPAA capabilities to your offerings also opens the door for you to provide services for:
- HMOs
- Company health plans
- Employers that handle PHI when they enroll employees health plans
- Many schools
- Health maintenance companies
- Medical billing services
- Medical transcription services
- Community health management
- Nursing homes
- Pharmacies
- Optometrists
- Patient Management Systems
- Electronic Medical Records (EMR) systems
- Dentists
- Data transmission providers
- Audit/coding review consultants
- Data processing firms
- Medical equipment companies
- Electronic health information exchanges
- Extranets
- Intranets
- Disaster recovery solutions
- eCommerce websites
- Email environments
- Hosted environments for healthcare software providers, such as Software as a Service (SaaS) platforms.
Some of the common drivers why these healthcare organizations choose managed hosting include:
- Lack of internal IT resources, availability, and/or skill sets.
- Capital expenditures related to in-house solutions far outweigh the operating expenses of managed hosting.
- Provides them access to the latest technologies at a fixed and relatively low monthly rate.
Having HIPAA capabilities can present numerous opportunities for you, your team, your organization, and all of your stakeholders.
The Key For Your HIPAA Solution
By partnering with Connectria, opening the door to those vast opportunities has never been easier. In rapid fashion you can provide HIPAA compliant hosting for new or existing customers in the healthcare industry, as well as any company that must comply with the HIPAA / HITECH Act security standards surrounding the storage of PHI.
Connectria’s highly experienced team understands which components are supported in a HIPAA environment, which ones aren’t, and how to provide and/or implement an environment to meet HIPAA standards. In order to assist you and your clients with achieving and maintaining your HIPAA Compliance requirements, Connectria enters into a BAA directly with each of our customers and we provide access to our HIPAA Compliance Team at no additional charge.
Our processes and security controls extend throughout our entire company and to our entire staff. Each and every one of our employees is required to take and pass HIPAA Compliance certification and we undergo an annual HIPAA / HITECH Assessment by a qualified 3rd party assessor to ensure that we continue to meet HIPAA compliance standards.
Connectria provides HIPAA compliant Managed Hosting across a wide range of technologies:
- Citrix
- HP-UX
- Linux/LAMP – Open Source & RedHat
- AWS
- IBM Power Systems – AIX, IBM I, AS/400, DB2, Lotus Notes/Domino, WebSphere
- Microsoft – Azure, Office 365, ASP.NET, Exchange/Outlook, SharePoint, SQL Server, SQL Server Cluster, Windows
- MySQL – Open Source
- Oracle – 10g/11g, RAC, WebLogic
- Sun Solaris
- VMware
With Connectria as your HIPAA capability provider, your customers will be able to proactively prepare for audits with full integration with Tripwire Enterprise which, among other tools, provides first-hand access to compliance monitoring and log center management.
Along with our HIPAA compliance options, we offer an extensive array of managed hosting options, including our own HIPAA compliant clouds, and our staff can assist you in getting a Business Associate Agreement (BAA) signed with Microsoft as well.
How Connectria Supports Your HIPAA Business
Our Master Services Agreement provides specific protections for each of our customers, and we enter into Omnibus Compliant Business Associates Agreements, or Subcontractor Business Associates Agreements, with any HIPAA hosting customer that stores Protected Health Information (PHI) on our systems. We also utilize vulnerability scanning, which allows your customers to scan their network for vulnerabilities at their discretion, and we support customer directed monthly external vulnerability scans for audit purposes which scans for holes in your client’s network firewall(s) which malicious outsiders could exploit to attack their network.
Additionally, upon customer request, each instance of the HIPAA Compliance plan may include up to 5 IP scanning licenses as well as on-demand upgrades. Upon request, we will also perform quarterly vulnerability assessments of all network attached devices in our environment and we highlight any issues and work with you to ensure that your clients close them.
Regardless of the healthcare organization or application that you’re wishing to provide services for, Connectria acts as an extension of your IT department and can provide the HIPAA solution that’s perfect for you and your clients. With Connectria, you can choose dedicated servers or cloud computing solutions that include public, private, and hybrid cloud options and if needed, we’ll customize a solution to suit your requirements. Skip the long line – and painful process – of getting your own HIPAA compliance and instead leverage our HIPAA capabilities, complete with world-class service and support at every step.
If you’re ready to provide your current clients with a whole new line of services and blast open revenue streams you once thought untouchable, contact us today and let us show you how we can help.
Keep Reading
Prepare for the future
Tell us about your current environment and we’ll show you the best path forward.
Fast track your project. Give us a call.