Reason 1: It’s the LAW! –
“Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.” – source https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html
Bottom Line: If your business associate has or can interact with ePHI information through the course of work THEY need to be HIPAA Compliant Verified. There is no way an Outsourced I.T. vendor can avoid possibly running into ePHI when they have to work on your computer. As a result, they need to be HIPAA certified themselves.
You have to do your Due Diligence. If they just simply say they are HIPAA compliant isn’t enough. Audits are on the rise and there are serious fines for not being compliant! Don’t take the chance. You need to have a signed BAA with them and do your very best to be sure they are.
Reason 2: HIPAA Compliant I.T. Companies take a different approach not only when working with healthcare clients but also benefits non-healthcare clients.
We go through a very similar process you the covered entity is going through. Just as you must make sure your vendors are HIPAA compliant and covered by a BAA. We too must make sure our vendors are HIPAA compliant and secured by a BAA. Doing so we are making sure all the products and solutions we are providing are safe, secure and HIPAA compliant.
Bottom Line: While I fully believe that most I.T. companies that are around these days do their best to do things with their client’s best interest in mind. Many also understand the security landscape of today’s world. But a HIPAA compliant I.T. company such as Underdog Computer and Network Support LLC. takes security a bit more seriously. We have documented and verified procedures in place. Our Staff is fully trained on how to handle ePHI and how to prevent breaches. And what to do in the event of a breach. Finally, the equipment and the solutions we use is secure and properly vetted. We even use the same technology we sell to you!
Reason 3: HIPAA Compliant I.T. Companies can help you become and stay compliant.
HIPAA Compliance isn’t a necessarily difficult thing to do. But it can’t be a daunting and lengthy task. Bogging down even the best practice managers in all the minutia. We not only can audit you on the I.T. side of your business we can help you on the administrative side. Check out our Compliance as a Service for more information