Managed IT service providers in Las Vegas and across the country are considered HIPAA business associates if they handle electronic protected health information (ePHI) on behalf of their clients in the healthcare industry. The US Department of Health and Human Services (HHR) holds these service providers to the same security, privacy and breach notification rules as their clients1. That could lead to hefty fines if the service provider causes any HIPAA violations.
The stakes for protecting electronic personal health information are soaring. In 2015, settlement fines for noncompliance with the Health Insurance Portability and Accountability Act (HIPAA) totaled $6.1 million. The following year, that amount ballooned to $23.5 million, a 385% increase. Why such a profound surge in penalties?
More Compliance Penalties for HIPAA Business Associates
The wave of crackdowns on HIPAA violations may have its origins in a 2016 report from the U.S. Government Accountability Office (GAO) that criticized the existing enforcement of HIPAA compliance.
This put pressure on the U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) to improve oversight, and likely led to an upswell in enforcement.
Managed IT Service Providers Face HIPAA Scrutiny
Every year, there are about 1,800 large HIPAA breaches and tens of thousands of complaints, according to TechTarget, a technology website. Most cases are resolved informally, without any fines or penalties, through voluntary compliance actions.
But with the increased enforcement of financial penalties for noncompliance, the stakes are increasing. This is especially true for managed service providers, who are subject to the same levels of scrutiny as their clients.
Because they are subject to penalties for ePHI violations, managed IT services must be diligent in their compliance efforts. This is especially true in light of the escalating threats posed by hackers and ransomware.
Is your Las Vegas IT Services Provider HIPAA-Compliant?
Any contractor or vendor to a HIPAA-covered entity is considered a HIPAA business associate if they maintain, create, or transmit protected health information. Cloud services and data centers are also considered business associates and are therefore required to meet the same HIPAA compliance standards.
Keeping your entire network complaint is increasingly difficult. But with settlement fines soaring every year, no organization can afford to make a misstep with ePHI.
Make sure your network is 100% HIPAA-compliant before you face an audit. For compliant managed IT Services in Las Vegas, contact ITS today.
Intelligent Technical Solutions is a Managed IT Services Company here in Las Vegas. We set up, maintain and secure the technology of small and mid-size businesses across the metro area.
Our mission is to help businesses thrive by managing their technology.
Contact us to get a 2 Hour FREE Network Assessment.
Get a FREE Network Assessment
Restrictions and limitations: FREE Network Assessment for businesses with 9+ users/workstations. One assessment per business. New accounts only.