IT Service Providers: How to Profit from HIPAA
In my experience, smart IT service providers generally follow a pattern when it comes to the recent changes to the Health Insurance Portability and Accountability Act (HIPAA). HIPAA now requires any “business associates” (including MSPs and IT service providers) of ANY businesses or organizations dealing with patient medical or health information (aka protected health information, or ePHI) to be 100 percent HIPAA compliant.
Phase 1: Denial
“There’s no way I’m dealing with HIPAA! I just won’t! I won’t work with any healthcare clients! Simple as that!”
During this initial phase, IT service providers cling to the hope that they will never have to learn about HIPAA rules and regulations. They consider avoiding all healthcare-related companies, only to realize that this could severely limit their business and even their existing client base. Companies bound to HIPAA rules not only include healthcare providers and plans, but also anyone with access to ePHI, like some law and financial firms, for example.
Phase 2: Acceptance
“You want to me to learn about HIPAA compliance? Fine!”
In this next stage, MSPs and IT service providers accept the fact that in order to succeed in today’s market, they need to learn about HIPAA rules and regulations, and how to help their clients become fully compliant.
Phase 3: Discovery
“Wow, didn’t take much to get up to speed on HIPAA rules. Plus, password management systems and multi-factor authentication make compliance pretty easy!”
Phase 3 is a turning point. Here’s where IT service providers see that tools like password management software and multi-factor authentication offer a win-win solution for them and their clients. With password management software, security-related tasks like password creation and expiration can be easily automated and all user permissions can be edited and audited from a centralized control panel. And multi-factor authentication (MFA) requires users to present two security “factors” before being granted access to systems—for example, a password and a one-time access code from a secure app on the user’s phone. MFA makes a systems virtually impenetrable from an external attack.
Phase 4: Opportunity
“Now that I understand HIPAA regulations and how to make IT security compliant, I’m a real resource for my clients. This differentiates me from my competitors—plus I can even resell them the password management software system I use. Cha-ching!”
Being able to advertise your services as HIPAA-compliant gives you a serious competitive edge over other IT service providers. And as an expert in your password management and authentication software, you can even resell these systems to clients and other companies.
HIPAA-regulated businesses have a problem; they need for their IT security to be compliant, but they don’t want to spend a fortune on high-tech equipment, or for their day-to-day operations to get bogged down with complicated login procedures. You have the solution: user-friendly security systems that automate password security and add a strong layer of network protection.