IT Support Help Desk (602) 412-5000 | Sales (602) 412-5025

With the rapid increase of healthcare companies adopting cloud technology to share files and store private data, the need to involve managed service providers (MSPs) to assure full compliance of HIPAA is almost essential. Law firms that work with covered entities are considered business associates of those facilities, and are therefore susceptible to the same HIPAA compliance requirements of their clients.

Whoever is helping said law firm manage their IT infrastructure should be equally as invested in maintaining HIPAA compliance as the law firm, and even the healthcare facility itself. The arms of HIPAA are long and wide reaching.

In 2013 the Health Insurance Portability and Accountability Act (HIPPA) was modified to include the “covered entities” (medical providers) as well as “business associates” which included law firms and any other managed service providers such as cloud providers. This change puts a lot of pressure on business associates, as they are liable for any data breach of their clients. This is why it is important for law firms to work with an IT partner that understands and helps to maintain your HIPAA compliance.

Below, we share 5 ways that an MSP should be expected to help law firms maintain HIPAA compliance:

  1. Encryption – An MSP should make sure that all your devices – including laptops, iPads, and mobile devices – are encrypted. This is the best way to secure your data. And, given that mobile malware is on the rise, you will want to make it a top 2016 priority.
  2. Set up a reporting process – A reporting process will allow you to better manage encryption. You should be able to log in and see when the last time a mobile device was encrypted so that, in the event it were stolen, you would know whether or not it would need to be reported as a breach.
  3. Secure and audit employee’s access – Conducting permissions’ audits of who is accessing data and what type of data your employees should have access to when away from the office will enable you to document, report, and stop any suspicious activity.
  4. Establish a password policy – An MSP should help you create strong passwords, change them regularly, and make sure password restrictions and protocols are enforced.
  5. Train and provide the correct tools – Providing tools for email encryption and secured messages will protect content between the sender and receiver from unauthorized disclosure. They are many software and web-based services for securing messages. Choose what is best for you. Your IT provider can help with this.

Working side by side with your IT partner will reduce potential HIPAA fines and penalties for both you and your healthcare facility client. They should advise you on business and technology decisions that can impact your current compliance status or any potential compliance risk. If your law firm is ever faced with a breach, an MSP should provide assistance in rectifying that breach with a solid and proven methodology. The goal is to prevent any future breaches from occurring. Managed Service Providers, like Total Networks, should take an active role in defending both you and your clients from emerging threats, and act as your partner in protecting patient information.