Is Your IT Provider Keeping You Compliant?
by CompuTech City Admin Tuesday, 12 June 2018 CompuTech City Blog
HIPAA compliance is necessary for every doctor’s office and medical practicein the U.S.. Staying compliant requires a depth and breadth of technical expertise that most practices simply can’t afford to staff, so they are left turning to outsourced IT solutions looking for answers. However, many IT providers lack expertise, experience and knowledge of HIPAA’s complex requirements, which can spell disaster for the unsuspecting practice.
If you’re using an IT provider, they should be experts in the nuances of HIPAA and HITECH – otherwise, they’re creating a risk for you and your practice. One that you could end up paying hundeds of thousands of dollars.
For one Florida medical practice, this was almost the case. They thought they were in great shape when they contacted us to conduct the required annual HIPAA risk assessment. Unexpectedly, our risk assessment found several violations for this particular practice:
1. No password policy in place
2. Laptops not encrypted
3. Antivirus software missing on some workstations
4. 20 former employees still had access to the network
5. Lack of firewall equipment
We worked with the client to quickly get them back to a state of compliance, through our managed IT and managed security solutions. engaged with CompuTech City’s Managed IT and Managed Security solutions. We added essential layers of protection, based on our more than 20 years of expernece working with Electronic Health Records (EHR) and Protected Health Information (PHI). We also helped them leverage security solutions that were available through their Microsoft solutions, including CryptoPrevent, an essential tool at preventing ransomware.
For one South Dakota practice with 10 locations and 650 users, deciding to have CompuTech City come in and do their annual HIPAA risk assessments turned out to be a savvy move. Being HIPAA-concious, they’d done their own assessment using the forms available on the Department of Health and Human Services’ website, but it turned out that they had missed several critical issues. During CompuTech City’s thorough evaluation, we found: that their antivirus was turned off on some machines, and they had no password policy, among other potential issues.
SAVE TIME WHEN IT COMES TO HIPAA COMPLIANCE
CompuTech City works exclusively with medical practices to manage their IT, help them ensure compliance with HIPAA and protect their network from a number of threats. With over 20 years serving medical practices throughout the U.S., we understand that one of our most important services is the HIPAA risk assessment. A medically-focused managed IT service provider needs to provide such services as:
1. Software-driven network analysis
2. On-site, step-by-step visit by one of our expert assessors
3. Comprehensive review of policies and practices within the organization
4. A full report of findings that includes priotized, step-by-step recommendations for remediation
Even when your practice knows about HIPAA compliance, violations can still be present.
COMPUTECH CITY – IT SERVICES EXCLUSIVELY FOR MEDICAL PRACTICES
Medical practices who engage with IT providers or hire internal IT staff often learn the hard way that their IT provider either causes or is unaware of glaring gaps in their HIPAA compliance. Either way, it’s a hefty price to pay for something that you thought you were paying to take care of. It’s easy to assume that every IT provider can make you HIPAA compliant – some will even go as far as to say they will – but it’s critical to your practice that you know the difference.
START WITH A HIPAA RISK ASSESSSMENT
You value your patients and take care of their physical well being day in and out. We ensure that your practice gets the saem level of care by helping you stay compliant with the increasingly complex HIPAA.
Your HIPAA compliance starts with a through and accurate risk assessment. Contact us at 407-745-1848 or online to take the first step in protecting your practice from audits.
Check out our social media: