Healthcare organizations are a favorite target of malware attacks and data breaches. In 2018, Verizon reported that healthcare organizations account for 24% of all data breaches. The HHS collected over $28 million in financial penalties in 2018. Thus, no matter whether you’re a seasoned in-house IT tech working at a healthcare provider, or an MSP looking to explore this large and potentially lucrative vertical, HIPAA compliance is a must-have. Let us examine some key aspects of HIPAA to understand best how to comply with it.
#1 You Are a Covered Entity
Have no illusions, if you work the healthcare vertical, you are a covered entity, and therefore are responsible for protecting any data that you manage for your clients. But you also need to work with your clients to ensure that their data is protected, and sometimes that means protected from themselves. No matter how secure your 3rd party tool or healthcare management solution is, they cannot protect you from human error on your side, malicious insiders, sync errors or hacking. Damage caused by breaches are significant, and we’re not talking about the HIPAA fine, but rather the high cost of business downtime, damage to reputation and loss of valuable customer data.
#2 Proof of Process Matters
HIPAA guidelines are often just that – guidelines, and they can be interpreted any number of different ways. However, in the event of a breach, HIPAA and other data protection laws always give good marks for trying. Performing due diligence in the form of accurate, up-to-date and end-to-end documentation can go a long way in having a fine reduced or waived. Ensure that all of your processes for securing personal health information are documented. For an internal IT team, make sure that these processes don’t just cover your team, but anybody who might have access to protected information. An internal team can set up a few IT Glue Lite accounts in order to share process documentation with non-tech users. An MSP may get more value setting up a MyGlue instance for each healthcare client, and sharing process documents that way.
#3 Defend Against the Weakest Link – People
It is often said that people are the weakest security link. In the healthcare industry, 56% of the security breaches are due to internal reasons. Both IT Glue and MyGlue also double up as powerful password management applications. With MyGlue, your clients can use strong passwords exclusively, you can control who has access, and they’ll be able to use the passwords without ever seeing them. If the alternative is sending them over email or passing sticky notes to one another, that’s a HIPAA violation, so MyGlue is going to reduce risk substantially.
#4 Have a Safety Net
HIPAA’s Security Rule mandates that backups should be frequent, encrypted, tested and stored offsite and covered entities must be able to fully “restore any loss of data.” As Matt McDermott, Principal Technical Marketing Engineer at Spanning explains, “HIPAA puts the backup and restore accountability squarely on covered entities. Spanning Backup provides automated, daily backups of your application data, and the ability to restore any lost or deleted data back into your environment from any point in time. A number of our healthcare clients have reduced the stress of data loss and damage due to HIPAA non-compliance with Spanning Backup.”
The biggest pieces to solving the compliance puzzle are having the right processes in place, and using the right tools for the job. A violation, should it occur, is treated with less severity when you can demonstrate proof of process, and you’re using the right tools.
To learn more about how IT Glue and MyGlue can help secure passwords as part of HIPAA compliance, sign up for a demo of our platform.
IT Glue is an award-winning documentation platform that allows for efficient storage and retrieval of all the documentation you need to help your MSP run better. By integrating PSA and RMM data, we can help increase your efficiency, and reduce onboarding times by even more. By eliminating wasted time from your business, IT Glue gives you more time to focus on what matters – growing your business.