Updated: Mar 17, 2022
In the past several weeks Technology Source providers have attained improved Health Insurance Portability and Accountability Act (HIPAA) attestations and compliance maturity for Desktop-as-a-Service (DaaS,) and Cybersecurity-as-a-Service (SECaaS), such as managed SD-WAN and firewall solutions.
Vendors are often identified as First Tier, Downstream, and Related (FDR) Entities by the Center for Medicare Medicaid Services (CMS) because of their access to Protected Health Information (PHI). This makes it important that they take security and privacy very seriously, especially since they are supporting a covered entities’ (CE) data. This also makes vendor selection for CE’s very important.
Additionally, HIPAA clearly mandates that any organization that handles electronic protected health information (ePHI,) such as contractors and infrastructure services providers, are considered and must be treated as a special type of relationship they call a business associate. Most companies’ HR departments also fall into this category because they handle ePHI of their employees. Additional examples include data processing firms and data transmission providers. This class also includes companies that store or shred documents. Medical equipment companies, transcription services, accountants, and auditors must also comply.
If an entity fits one of these descriptions, then they must take steps to comply with HIPAA rules, period. There is no forgiveness just because an organization didn’t know they were responsible for compliance with HIPAA.
Understanding these crucial roles that business associates play, another trusted vendor at Technology Source adds their name to the list of providers who have achieved enhancements to their compliance. “Paying attention to these types of attestations, the willingness to sign BAAs, and most importantly, the dedication to compliance, demonstrates commitment to delivering reliable and secure services for our healthcare customers." said Sonya Z. Meline, Vice President of Technology Source. Meline is a CHC Certified compliance officer by the Healthcare Compliance Association, HCCA.
Healthcare continues to suffer from cyberattacks, with electronic health records being a profitable target for hackers. Recent research from McAfee showed that there was a 630% increase in the number of external cloud attacks between January and April 2020, with healthcare the second most targeted sector behind financial services.
With the rapid expansion of telehealth due to COVID-19, the need for data security has never been greater. Healthcare organizations increasingly turn to vendors to improve their cybersecurity and compliance maturity, but right now they are having to do so with an unprecedented decrease to their operating costs.
All the while, organizations such as the US Office for Civil Rights (OCR) continue to crack down on healthcare providers who are deficient in providing health information to patients. Thus, a hacking incident where patient files are compromised due to viruses such as ransomware, is devastating. With the huge fees implicated from data breaches, not to mention the prolonged negative media exposure that results, it is critical to comply with HIPAA, DOJ, OIG, Federal and State compliance for healthcare organizations of all types.
4. Other Providers such as MSOs and IPAs
5. Claims Processing Vendors
6. Patient Management Vendors
7. Credentialing Companies
8. Field Marketing Organizations
9. Medical Device Manufacturers
10. Medical Research Facilities
11. And more!
Technology Source is offering confidential healthcare compliance assessments starting at just $1,499 to help organizations identify risks well in advance and build a roadmap for staying ahead of the regulators.