Managed service providers that serve small health-care practices will now have a cloud-based tool to help them avoid federal audits under the Health Insurance Portability and Accountability Act -- more commonly known by its acronym, HIPAA.
The tool, HIPAA Help Center, was unveiled Monday by Dallas-based Ingenium Professional Services. The CEO of an MSP based in Missouri that served as a beta tester praised its functionality, saying the HIPAA Help Center will save his company time and money, while sparing his customers the headaches and potential lost revenue that can come with a federal audit.
"We’ve asked for this stuff for a long time,” said John Motazedi, CEO of SNCSquared, an MSP based in Joplin. The tool is a help to small health-care practices that don't have the time, patience or knowledge to know all they need to know about HIPAA, Motazedi added. "That becomes the real key."
"HIPAA compliance is not optional, and make no mistake … audits are coming," Jim Bibles, chief compliance officer of HIPAA Help Center, said in a statement. "At the same time, maintaining the levels of security mandated by the federal government is becoming more and more difficult."
"I've never met a surgeon, a general practitioner, a chiropractor or an ophthalmologist who enjoyed dealing with HIPAA regs," Bibles said. "But compliance does not need to be daunting, and it doesn't need to take your focus away from your patients. It's a cost of doing business in today's interconnected world. Our focus is to make it painless, cost-effective and worry-free."
HIPAA, passed by Congress and signed into law by President Clinton in 1996, mandates the protection and confidential handling of protected health information, and established industrywide standards for health-care information on electronic billing and other processes.
The HIPAA Help Center is a custom-built tool that enables practices to become HIPAA-compliant quickly and easily. In an interview with CRN, Bibles said it's very common for small medical offices to face audits and not be ready for them.
In the first half of 2015 alone, more than 93 million health-care records were breached, according to the statement from Ingenium. The U.S. Office of Civil Rights (OCR) -- which treats HIPAA complaints as civil-rights violations -- has responded with a dramatic increase in audits, and issued punitive fines even to smaller practices that have typically avoided OCR's attention. One practice with just 13 physicians was fined $750,000 for not having key policies in place, according to Ingenium.
"In the world of audit, if you don't write it down and you can't show evidence, you didn't do it," Bibles added.
The help center includes real-time, task-based risk assessment; audit-ready reporting; up-to-date HIPAA policies and procedures; incident response management; easy-to-follow training; asset inventory administration; and a $100,000 insurance policy to protect the business.
Bibles said the help center will help MSPs that are not experts on HIPAA but are performing risk assessments on behalf of their clients.
Motazedi, who said 80 percent to 90 percent of his company's clients are in the health-care vertical, supported that claim, noting that the help center had stuff that his company was missing. He said the tool automatically notifies the user of any updates in HIPAA regulations and electronically flags potential areas of noncompliance.