HIPAA Questions? Call (415) 294-5250


HIPAA is about to become much more strict in phase two and it is proving just how important BAAs are.

If you work within the healthcare field, you already know how important HIPAA can be. It is not just something you must abide by according to law, but it is also something that you should focus on so you can better protect your customers and your business. If you are not already HIPAA compliant or working towards improving your system to become HIPAA compliant, it is time to start developing your plan of action. Not only do businesses in the healthcare industry need to focus on ensuring they are HIPAA compliant, but there are also new changes coming to the enforcement of the rules and regulations as part of phase two.

Business Associate Agreement

An Increase in Audits

HIPAA is currently enforced by the Office for Civil Rights (OCR). It is part of the U.S. Department of Health and Human Services. Their office just recently announced that they will be increasing the number of audits for healthcare providers as part of their Phase 2 program. As part of the audits, they will increase their focus on healthcare organizations and whether or not these organizations are performing the required risk assessments. They will also be checking to see if the organizations have Business Associate Agreements (BAAs) with any third party providers (MSPs). Any outside vendor that is doing work with these healthcare organizations needs to abide by the same rules and regulations as a way to better protect patient information.

How HIPAA Can Impact MSPs

Now, any MSPs will need to assess their business practices in two different ways to ensure they are compliant. they must first consider any HIPAA implications if they are offering cloud services to their healthcare clients. While healthcare organizations are using the cloud, they will likely have many files that contain confidential patient information and it may be used in a number of applications such as through email, file-sharing, voice services, and more. If any information is relevant to HIPAA, it must be secured. That also means that signing a BAA with healthcare clients is extremely important. OCR has already started issuing fines for missing BAAs and risk assessments.

The second way that HIPAA impacts MSPs is through risk assessments. Healthcare businesses must perform thorough risk assessments and they must be able to prove it. Healthcare clients may even turn to their MSPs to help them perform the risk assessments. Healthcare clients should look for MSPs that can provide this as a service as well as provide training and documented plans as part of their HIPAA compliance. Having secure IT applications is imperative.

If you are an MSP and you are looking for a way to stand out among your competitors, then this is a great way to do it. You need t be a trusted advisor and help your clients comply with all of the rules and regulations that come along with HIPAA. You also want to be able to help them protect their patient information. Also consider choosing cloud vendors that can help you achieve this. For more information about how you can do this in {city}, be sure to reach out to {company} by calling {phone} or by emailing them at {email}.