Total Networks

With the rapid increase of healthcare companies adopting cloud technology to share files and store private data, the need to involve managed service providers (MSPs) to assure full compliance of HIPAA is almost essential. Law firms that work with covered entities are considered business associates of those facilities, and are therefore susceptible to the same HIPAA compliance requirements of their clients.

Whoever is helping said law firm manage their IT infrastructure should be equally as invested in maintaining HIPAA compliance as the law firm, and even the healthcare facility itself. The arms of HIPAA are long and wide reaching.

HIPAA and Business Associates

In 2013, the Health Insurance Portability and Accountability Act (HIPAA) was modified to include “covered entities” (medical providers) as well as “business associates,” which includes law firms and any other managed service providers, such as cloud providers. This change puts a lot of pressure on business associates, as they are liable for any breach of client data. This is why it is important for law firms to work with an IT partner that understands and helps to maintain HIPAA compliance.

How MSPs Should Support HIPAA Compliance

Below, we share five ways that an MSP should be expected to help law firms maintain HIPAA compliance:

1. Enable encryption

Your MSP should ensure all devices—including laptops, tablets, and mobile phones—are encrypted. Encryption is one of the most effective ways to secure data, especially with mobile malware on the rise.

2. Establish a reporting process

A reporting system helps track encryption status and other compliance factors. For example, you should be able to verify when a device was last encrypted so that, in the event it was lost or stolen, you would know whether it would need to be reported as a breach.

3. Secure and audit employee access

Your MSP should regularly audit permissions to confirm who can access sensitive data, both on-site and remotely. Documenting and monitoring access helps detect and prevent unauthorized activity.

4. Establish a password policy

Strong, regularly updated passwords with enforced restrictions are essential. Your MSP should help you create, implement, and maintain a robust password policy.

5. Provide tools and training

From email encryption to secure messaging platforms, your MSP should provide the tools and associated training to ensure secure communication of sensitive information.

The MSP’s Role in Ongoing Compliance

Working side-by-side with your IT partner reduces the risk of HIPAA penalties for both your firm and your healthcare clients. Your MSP should advise you on business and technology decisions that can impact your current compliance status or any potential compliance risk. If your law firm ever experiences a breach, the MSP should provide assistance in responding with a solid and proven methodology. The goal is to prevent any future breaches from occurring.

At Total Networks, we help organizations subject to HIPAA—whether you’re a covered entity, a business associate, or simply handle protected health information—put the right safeguards in place to protect data and reduce compliance risk