Magazine Article | November 13, 2013

What MSPs Need To Know About The Latest HIPAA Rules

Source: Continuum

By Nick Bruno, Chief Information Security Officer, Continuum Managed Services

The revised set of security and privacy requirements set out by the Department of Health and Human Services (HSS) in January came as a surprise to many, particularly the final omnibus rule that impacts not just healthcare organizations but also a number of their contractors. With that recent issuance, followed by the even more recent (and now passed) deadline for achieving HIPAA compliance, what does your enterprise need to know about the latest HIPAA rules?

Does HIPAA Apply to You?

So many managed services providers (MSPs), resellers, and cloud service vendors are scrambling to figure out whether or not they fall under the now-broad scope of HIPAA compliance. Luckily, the answer to this question isn’t complicated:

  • Any contractor or vendor (even third party) that handles patient data on the behalf of a healthcare organization needs to be compliant.

The HIPAA regulations call this segment “business associates,” and it’s better to err on the side of generous when deciding if you are considered one. Companies that were not required to become HIPAA compliant previous to this year may now be considered business associates, and have to ramp up their compliance standards.

Sign in to read more.