One way for managed service providers (MSPs) to grow their businesses is through specialization; for those wanting to focus on healthcare, here are some core guidelines.
Healthcare IT has unique challenges that require the skills to be able to provide timely, accurate, and confidential information used for making decisions to meet patients’ needs. The foremost of these challenges are related to the HIPAA Privacy Act of 1996.
HIPAA is an abbreviation for Health Insurance Portability and Accountability Act and is US legislation that aims to ensure the confidentiality, integrity, and availability of PHI (protected health information). The Privacy Rule, Security Rule, Breach Notification Rule, and Enforcement Rule are all imposed under HIPAA.
I know this can sound intimidating if you’re an MSP looking to specialize in this area, but although it’s a challenge, it’s one that has a well-established method for address. As an MSP looking to do work for a Covered Entity, you will be required to sign a Business Associate Agreement (BAA) along with the Service Level Agreement (SLA) you are accustomed to signing.
HIPAA requires that Covered Entities have these contracts prepared whenever they need the services of a third party. The good news is that the BAA preparation is the responsibility of the Covered Entity and will clearly lay out your obligations in complying with HIPAA regulations.
Your part, of course, is to carefully read and comply with the BAA provided by the Covered Entity you’re working for. Here are a few examples of requirements regarding PHI you can expect to see in this agreement:
The second challenge for an MSP looking to specialize in this area is familiarity with the ideas and terminology associated with EHR (Electronic Health Record) software systems. The HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 promoted the meaningful use of health IT and e-PHI to replace paper forms and charts. Because of the incentives provided by HITECH to both vendors and consumers, certified EHR software systems have become ever-present in large hospitals and small medical offices alike. A complete EHR system will have six components for patient registration, scheduling, admitted patient data, order entry, billing, and the master patient index.
Some additional points to get you started in this area are:
If you’re really serious about working in the healthcare sector, it would be worth your while to get some hands-on experience with the sort of software you’ll be working with. Here is a blog post from Cathy Reisenwitz that lists some EHR software packages that can be downloaded and tested for free.
Dan Toth is an information systems specialist with a proven background in the development and management of systems, projects, and personnel. Dan’s particular areas of strength include Network Management, Healthcare-Related Computer Systems, Technical Training, and Information and Physical Security.
For more blogs on how SolarWinds MSP products can help you with managing HIPAA compliance, click here
© 2017 SolarWinds MSP UK Ltd. All rights reserved.