MSP, Vertical markets

HIPPA Compliance for MSPs: Careful of the Pretenders

Riddle me this: What does the second P stand for in HIPPA? Hmmm... The answer is "Pretender" because there is no second P in HIPAA. And that's precisely my concern about the HIPAA compliance market -- especially as it relates to MSPs.

On the one hand, medical offices and healthcare companies need help as they seek to comply with HIPAA (Health Insurance Portability and Accountability Act). But on the other hand, I sense that there are "pretenders" in the market -- some software companies, consulting firms and "in a box" experts who promise to transform MSPs into HIPAA profit centers (practically overnight).

But let's face it: HIPAA isn't easy. It includes rules for privacy, security, enforcement and plenty more. The risks for companies that manage healthcare records -- and the MSPs that support them -- are growing. This could be a record year for HIPAA enforcement actions and fines, especially since the Office for Civil Rights is stepping up audits and more.

The HIPAA Compliance Gold Rush

Amid those industry fears, a flood of "new" and "innovative" HIPAA compliance products "designed specifically for MSPs" are now reaching the market. Dozens of offerings for businesses and service providers emerged at HIMSS 16 -- a massive healthcare IT conference this week in Las Vegas.

Some of the products are likely great. Many businesses are reputable. Yes, many MSPs are making money in the healthcare market. (We'll reveal some of the leaders when we unveil our Top Vertical Market MSPs report in June.)

But do your homework. Much like the California Gold Rush, just about everyone wants to sell you a magic tool that will let you discover HIPAA-related revenues in an instant.

Do you homework. Ask for customer references. Check track records. And ask this simple question: What does the second P in HIPPA stand for? You'd be amazed by some of the answers I've heard from experts who were actually pretenders.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.