Misconceptions about HIPAA and Managed Services

Misconceptions about HIPAA and Managed Services

May 5

This article also appears on MSP Mentor.

“HIPAA is too much work,” they say. “I don’t want to deal with clients with compliance needs,” they say. “It’s just not worth it,” they say. Well, “they” say a lot of things, but “they” may not know the real story. We, on the other hand, did some research.

The health insurance portability and accountability act, or HIPAA, regulates how healthcare providers (Covered Entities) handle electronic protected health information (ePHI). Any regulation can seem scary because they involve a lot of unknowns. What am I, as a service provider, responsible for? What would my liabilities be if I were to provide services to healthcare practices? If there’s an audit, who’s the one paying these fines?

We review a lot of this information in our latest ebook “MSPs and Healthcare: How to Be a HIPAA Compliance Hero,” but we thought we’d try to dispel a few of the misconceptions MSPs have about HIPAA.

The requirements are too difficult to understand

The requirements are actually very straightforward and are available to anybody on the site. Learning about HIPAA on your own has the advantage of being free, but there’s plenty of information to wade through, but you can make the process easier by working with a third party that specializes in HIPAA. Essentially, they help you through the various aspects of HIPAA so it’s easy for your business to become compliant (as a Business Associate to a Covered Entity, you must also be HIPAA compliant), and so you can help clients become compliant. They’ll often give you a web portal with useful checklists and other tools, and also provide an online repository for business associates agreements and other relevant documents. Some third parties even let you resell some of their services as your own, which can mean increased profit for you.

Healthcare needs are too advanced for my business

In many ways, healthcare practices have needs like any other business. Really, healthcare only differs in two major ways. One is their lack of tolerance for any kind of downtime (downtime can mean lost lives) and two is their need for advanced information security (remember, they deal with very sensitive patient information). Aside from that, they’re really just like other businesses. Their needs aren’t that far out of the ordinary, as long as you understand what HIPAA mandates.

The work I’d put in wouldn’t pay off

There are actually a lot of benefits to working with healthcare. For one thing, there’s profit potential. In fact, in our recent survey, 91 percent of respondents agreed that there are monetary benefits for IT providers capable of handling HIPAA compliance.

Not only that, but the closer you can get to the technology needs of your clients, the more trust you’ll build with them. Since a huge portion of HIPAA is technology, and since healthcare practices and other Covered Entities don’t want to worry about whether or not their tech works (not to mention the fact that a lot of doctors don’t want to deal with HIPAA at all), your service is incredibly useful. This creates a situation where a client’s trust in you can grow, which may provide you with the opportunity to provide even more services.

Lastly, have you thought about the competitive advantage you’ll have over other providers in your area? How many of your competitors can say they’re HIPAA experts? If you can handle HIPAA, you’ll have a definite leg up.


There are plenty of misconceptions about HIPAA that we don’t have space for here, but it can ultimately be a path to more profit, more trusting clients, references, and plenty more.

If you’d like to gain a deeper understanding of managed services and HIPAA, read our ebook “MSPs and Healthcare: How to Be a HIPAA Compliance Hero.”

Photo credit: epSos .de via Flickr