Interviewing IT and Managed Services Providers – The MOST IMPORTANT Question Healthcare Practices Must Ask

Cybersecurity, Dallas, TX

We are just going to jump right in. The single most important question healthcare providers must ask of their current or potential IT/cybersecurity provider is, “ARE YOU VERIFIED HIPPA COMPLIANT?

If the answer is, “No, but….” You need to move on.

If the answer is, “Our security stack is HIPPA compliant.” You need to explore other options because that’s not good enough.

If the answer is anything other than, “Yes, we are HIPPA compliant and verified through a third party and all employees who may come in contact with PHI are fully trained and we can provide you documentation detailing our policies and procedures related to HIPPA;” you should end the meeting and reach out to a different company.

While every business absolutely needs services in place to protect their data (and their client’s personal information), several industries are required by law to have cybersecurity protections in place.

Healthcare providers are required by HIPPA to protect patient data. We are shocked at the number of dental and medical practices currently paying for IT support and cybersecurity from MSPs that are not verified HIPPA compliant!

How do you know an MSP/IT company is HIPPA compliant? The same way you know someone is a marathon runner… they will tell you. You don’t even need to ask!

Maintaining HIPPA compliance verification requires a significant investment of time and money from the IT provider. There is no single certification available (hence using the phrase “verified”) to prove HIPPA compliance so IT providers leverage third parties to audit their physical security, applications, employee trainings, and policies and procedures against stated requirements outlined in HIPPA. Healthcare providers should ask the IT company to provide documentation outlining their specific policies and procedures for handling PHI, including data encryption, access controls, and data disposal practices.

If a company shows up at your office and begins chatting with you and looking around without a BAA, the IT provider is likely NOT compliant (and is putting your practice at risk). Simply being onsite at a medical practice can result in a salesperson or IT technician overhearing a conversation or possibly seeing a patient file that is confidential. A BAA must be in place to protect the medical practice, the IT company, and most importantly, patient’s personal information.

Healthcare practices should also ask the questions highlighted in Part One and Part Two of this series, however, there is no point in wasting your limited time if the IT company does not have documentation supporting their HIPPA compliance.

At this point, you may be asking yourself why a healthcare provider would consider hiring a managed services provider so here are a few reasons why doctors seek out the support of MSPs:

1. Enhanced Security and Compliance

  • Data Security: Medical practices handle sensitive patient data (PHI), which needs to be protected under HIPAA regulations in the U.S. An MSP can ensure that this data is securely stored, accessed, and transmitted, minimizing the risk of breaches.
  • Regulatory Compliance: MSPs stay up-to-date on regulatory standards (like HIPAA, HITECH), ensuring the practice’s IT infrastructure and processes remain compliant, which can help avoid costly penalties.

2. Reliability and Reduced Downtime

  • 24/7 Monitoring: MSPs offer round-the-clock monitoring of networks, devices, and systems. This proactive approach allows them to detect and resolve issues before they cause downtime or impact patient care.
  • Business Continuity: MSPs often include backup and disaster recovery plans, ensuring quick data restoration if an outage or disaster occurs, minimizing disruptions to patient services.

3. Access to Advanced Technology and Expertise

  • Cost-Efficient Expertise: MSPs give access to IT experts without needing an in-house team, helping avoid the costs of hiring and training staff. They also provide strategic guidance on tech upgrades and digital transformations, keeping the practice current with healthcare technologies.
  • Up-to-Date Tools: MSPs often provide and maintain advanced software for electronic health records (EHR), practice management, billing, and telehealth, which can improve patient care and practice efficiency.

4. Predictable IT Costs

  • Fixed Pricing Models: MSPs typically work on subscription or retainer models, helping practices better forecast IT costs. This eliminates the unpredictability of sudden repair or support costs.
  • Scalability: MSPs can easily scale up or down based on the practice’s growth, enabling flexibility as patient loads or service offerings expand.

5. Focus on Patient Care

  • Less IT Burden on Staff: With an MSP handling IT, the practice’s staff can focus on patient care rather than troubleshooting tech issues. This improves patient satisfaction and operational efficiency.
  • Optimized Workflow: MSPs often help optimize workflows, making it easier for medical and administrative staff to access the information they need and reducing delays in patient care.