HIPAA Compliance Services Are a ‘Path to New Recurring Revenue’

There’s no abatement when it comes to privacy and security regulations in the health care industry. In fact, industry experts see a number of HIPAA-related trends in 2020: cybersecurity, cloud, the growing pressure for increased and easier access to medical records by patients, states stepping up privacy and security regulations, as well as the use of apps and health data devices. And that’s only a handful of the trends likely to impact existing regulations. The changing compliance and security HIPAA (Health Insurance Portability and Accountability Act) landscape points to a strong compliance practice opportunity for channel partners. 

Without even looking ahead at trends that will reshape the HIPAA landscape, health care providers today struggle with compliance. One look at the most recent HIPAA news press releases on HHS.gov, reveals a long list of regulatory infringements. 

During a recent RapidFire Tools webinar for MSPs on selling and delivering HIPAA compliance services, Mike Semel, president of Semel Consulting, shared some figures on Federal HIPAA enforcement penalties: 2014-2015, $14 million; 2016-2017, $42 million; and 2018-2019, $41 million. 

“We expect HIPAA penalties to increase even more,” he said.  

Why? According to Semel, a 35-year IT industry veteran, IT solution provider business owner, and compliance and HIPAA certified professional, in 2020 expect to see the government make up budget cuts with increased enforcement. That’s going beyond the increase in enforcement that occurred in 2019 that focused more on business associates, and rule changes that penalize organizations who do not self-report breaches. 

Business associates are one of two groups – covered entities and business associates — both of whom the government says must comply with HIPAA. There are between 2 and 3 million business associates who work with the covered entities (about 700,000 and include health care providers and health plans). 

“For every covered entity, they work with vendors, some of them work with hundreds of vendors. These are companies like yours, like mine that support covered entities and we may come in contact with either protected health information (PHI) or the systems that process and store it,” he said. “You don’t have to have access to the records themselves to comply with HIPAA as a business associate.” 

RapidFire’s Mark Winter

Mark Winter, vice president sales at RapidFire Tools, a Kaseya company, noted that the next generation of MSPs will offer managed compliance services such as: HIPAA, GDPR and other privacy standard compliance; cyber liability insurance policy compliance, NIST Cybersecurity Framework compliance, and PCI compliance, among others. 

“This is important because every business is regulated by at least one data breach law and many are regulated by other laws and rules,” said Winter. But, that’s not all. Penalties can be assessed for a single incident and can flow down to MSPs, in many cases. “So, compliance is becoming more important for us…

Comments are closed.