Before making the leap to offering healthcare IT services, it's important to understand the privacy requirements that come with this growing opportunity. By Elaine Hom
September 07, 2011
With the deadline for meeting Stage 1 meaningful use objectives in the ARRA legislation fast approaching, IT security is top of mind for health providers. “There’s an absolute responsibility in healthcare to protect a patient’s privacy … and we have a tremendous amount of regulation now that requires healthcare organizations to do a better job of protecting data privacy,” says Mac McMillan, CEO of CynergisTek Inc., an IT security consulting firm in Austin, Texas, that specializes in vertical markets such as healthcare. In a conversation with ChannelPro-SMB’s Elaine Hom, McMillan outlines the responsibilities IT pros take on for their healthcare clients.
ChannelPro-SMB: What is it important to understand about healthcare IT security?
McMillan: Some of the most important things are the privacy requirements and [IT pros’] own responsibilities. If they have access to a [health provider’s] systems, they have responsibilities. If they’re hosting servers for them, they have all of the responsibilities any business associate has. If they have access to that info and that data, they’re going to have to have their own HIPAA security policies and procedures, conduct their own risk assessment of their environments, and do all of the things any covered entity has to do to their systems and data.
The rules under the HITECH Act apply to them too. They need to educate their workforce, inspect themselves to HIPAA security and privacy standards, as well as anyone they’ll have going in and working on systems.
ChannelPro-SMB: What advice would you give an IT provider before working with healthcare clients?
McMillan: Sit down and get familiar with HIPAA. Be ready for that and understand what the cost is to your business. If service providers develop this competency and develop services that meet HIPAA security and privacy standards, there’s a real opportunity, especially in the physician’s practice space. It’s a young market and a lot of service providers aren’t focused on that. [But] it’s going to require them to make a certain amount of investment in education and core competencies [for their] staff, to be able to do it properly.
For more information on healthcare IT, check out the following resources: