When a new administration comes in, laws start to transform. Bills around healthcare in particular have popped up in Congress and though they’ve struggled to gain traction, there are certainly updates on the horizon. But despite changes to insurance and healthcare laws, one thing will stay the same: the importance of health information security.
As you know, the Health Insurance Portability and Accountability Act, or HIPAA, regulates how healthcare providers (Covered Entities) handle electronic protected health information (ePHI). These laws are designed to create policies that protect the personal information of healthcare patients. While HIPAA reform is possible under the new administration, there are only rumors at this point. Cyberattacks like Wannacry that affected thousands of systems and patient records, made it clear that healthcare systems can be incredibly vulnerable. It’s easy to see why they’re a target when the personal information they possess is highly valuable to criminals. And with increases in cyberattacks, HIPAA laws will likely become more stringent rather than less.
Addressing new laws is much easier if your clients are up to par already. So whether you’re newer to HIPAA or you’re a seasoned HIPAA hero, here’s what you may want to consider as the new administration starts making changes.
Understand the Laws
HIPAA hasn’t changed drastically in the last few years, but that’s no reason to slouch. If you’re new to HIPAA, the U.S. Department of Health & Human Services has a full list of requirements under HIPAA. The laws themselves are a bit of a slog to read through, but a simpler way for an MSP to understand healthcare IT and even add compliance services, is to work with a partner like HIPAA Secure Now. They provide white-labeled resources IT firms can resell to healthcare professionals, and they make it incredibly easy. This lets you offer world-class HIPAA compliance testing, training, and more whether you work with large hospitals or small practices.
Evaluate Your Current Networks
If you’re currently servicing clients with HIPAA requirements, it’s wise to conduct a regular HIPAA audit. Although not every component of HIPAA is your responsibility, technology certainly is. As a refresher, you’ll typically ensure that clients have iron-clad security, rock-solid backups, a full backup and disaster recovery plan, a way to keep records of who accesses what information when, and so on. Take a look at what you already have in place and see if it’s up to snuff. If you need to make changes or upgrades, don’t hesitate to make it happen.
Have Clients Evaluate Policies
Your role involves IT, but your client’s role involves creating and following policies that keep them compliant. Take a moment to ask clients how they feel about their HIPAA-related policies, and be ready to offer help if they need it. All the security in the world won’t matter if their employees aren’t following best practices, so make sure they’re on track.
Keep an Eye on Changes to Laws
As noted, HIPAA hasn’t changed a lot in the last few years, though with a new administration, it’s possible that changes are to come. With cyberattack frequency increasing and large-scale breaches becoming a yearly issue, the way we handle personal information is becoming more important than ever. It’s likely that new laws—whether specific to healthcare or commercial entities in general—will prioritize data security. Keep an eye on the headlines and stay up-to-date on the latest happenings from Congress, and you’ll have time to prepare for the changes if they happen.
Many in the healthcare or IT field see HIPAA compliance as a burden, but the laws actually amount to practical steps every healthcare provider—or even every business—should take to protect the information they have. As cyberattacks become more frequent, it’s practical to regularly audit clients for HIPAA compliance to make sure they meet or exceed the law’s expectations. Data breaches can result in costly fines, and it’s up to you to help your clients prevent them.