HIPPA Compliance for MSPs: Careful of the Pretenders

Riddle me this: What does the second P stand for in HIPPA? Hmmm… The answer is “Pretender” because there is no second P in HIPAA. And that’s precisely my concern about the HIPAA compliance market — especially as it relates to MSPs.

On the one hand, medical offices and healthcare companies need help as they seek to comply with HIPAA (Health Insurance Portability and Accountability Act). But on the other hand, I sense that there are “pretenders” in the market — some software companies, consulting firms and “in a box” experts who promise to transform MSPs into HIPAA profit centers (practically overnight).

But let’s face it: HIPAA isn’t easy. It includes rules for privacy, security, enforcement and plenty more. The risks for companies that manage healthcare records — and the MSPs that support them — are growing. This could be a record year for HIPAA enforcement actions and fines, especially since the Office for Civil Rights is stepping up audits and more.

The HIPAA Compliance Gold Rush

Amid those industry fears, a flood of “new” and “innovative” HIPAA compliance products “designed specifically for MSPs” are now reaching the market. Dozens of offerings for businesses and service providers emerged at HIMSS 16 — a massive healthcare IT conference this week in Las Vegas.

Some of the products are likely great. Many businesses are reputable. Yes, many MSPs are making money in the healthcare market. (We’ll reveal some of the leaders when we unveil our Top Vertical Market MSPs report in June.)

But do your homework. Much like the California Gold Rush, just about everyone wants to sell you a magic tool that will let you discover HIPAA-related revenues in an instant.

Do you homework. Ask for customer references. Check track records. And ask this simple question: What does the second P in HIPPA stand for? You’d be amazed by some of the answers I’ve heard from experts who were actually pretenders.

Return Home



    Rick Boyles:

    There is no second P.

      Joe Panettieri:

      Hey Rick: Thanks for your note but take a closer look at the article. That’s precisely the point.


    Joe, this is a meaningless content-free click-bait article.

      Joe Panettieri:

      Hi Anon,

      There’s no reason to sometimes post with your name, and sometimes post anonymously. I can handle the criticism. A little background: Last week I received more than 30 “news” announcements about HIPAA-compliant products from the HIMSS conference. Several announcements mentioned HIPPA (not HIPAA). Others mentioned HIMMS (not HIMSS). Consider my blog above an open letter to the industry. They need to get the 101 basics correct before claiming market expertise.

      Still, I understand your feedback and will keep it in mind.

      Dustin Bolander:

      Maybe a little bit but he still makes a damn good point. We’re steering clear of the medical market because of HIPAA pretenders. We can go in and offer to do it right, but the other 2 bids the client gets will be cutting corners left and right to come in at half the cost. Hopefully in a few years audits, breaches, etc. will have convinced clients to do things right and eliminated the pretenders.

        Joe Panettieri:

        Dustin: You’re right. Time has a habit of weeding the pretenders out of a market. Anybody else remember GloStream making lots of EMR (Electronic Medical Record) noise at IT Nation in 2010, only to disappear from the MSP market within a year or so?

Leave a Reply

Your email address will not be published.