Is your IT service provider HIPAA compliant? — What’s at Risk?

The average cost of a data breach is $2.4 million; 94% of organizations have had some type of data breach over the past two years. About 44% of businesses believe they are HIPPA compliant, while 28% aren’t sure of the requirements themselves, let alone whether their own organization is capable of meeting them.

HIPAA is a complex, intimidating issue for many businesses…but it doesn’t have to be.

At Fusion we understand the healthcare industry and the vital importance of protecting Patient Health Information (PHI), complying with HIPAA, and meeting meaningful use requirements. In addition, we understand that your Electronic Medical Records (EMR) software is a key component in your business. As a result, we invest time in learning your specific EMR and ensuring your IT environment is fully integrated, secure and compliant. We focus on the technology so that you can get back to focusing on your job.

Virtually every business that falls under the category of health care—from private practice therapists to small doctors’ offices to health insurance companies—has to comply with HIPAA. Although many of these organizations think primarily about their in-office software and hardware, the truth is that HIPAA extends beyond those boundaries. For example, if a doctor has access to corporate information or even electronic medical record systems on his or her cell phone, then that device needs to be compliant as well.

Although the first pass point in HIPAA regulations dates back to 1996, it’s clear that there’s been a real push toward compliance more recently. One of the reasons for this is the new set of requirements that now must be met under the HITECH Act as of September 2013. Among other things, the HITECH Act requires that even vendors and subcontractors who come into contact with healthcare data, such as managed IT services providers must be HIPAA complaint.

Do you have a signed HIPAA Business Associate agreement with them? If not, then chances are they are not compliant. HIPAA compliant IT providers, among many other things, are required to sign a Business Associate agreement with any healthcare client. This is an agreement that you need to prove that the IT provider you have selected is fully informed about HIPAA guidelines and is equipped to serve your business accordingly.

More than 700,000 hospitals, doctors, offices, dentists, nursing homes, pharmacies, and other medical practices are required by law to perform an IT Risk Assessment in order to satisfy HIPAA requirements. In fact, every Business Associate such as attorneys, accountants and IT providers must have proof of conducting an IT Risk Assessment as well.

Fusion’s IT Risk Assessments analyze your business network, security, and business processes to uncover any weaknesses and vulnerabilities in your environment that need to be addressed.


Click here to learn more about Fusion’s Standard, Advanced or Fusion Pro IT Assessment.