Growing from residential to medical-based businesses... concerns

A

Applebutter

New Member
Reaction score
0
Hello everybody. I've been doing break/fix pc repair for residential clients for two years now as a side-business with a passion to grow over the years to make it my primary work. I am in need of some helpful guidance from this community. I am very slowly moving into doing work for businesses. However, some of the businesses more frequently asking about my work are in the medical & dental field due to them knowing me in my primary field of work (not tech related). I have a few questions for this forum and hope you all can provide some help my transition to working for business clients bound by HIPAA.

What do you do/what are your procedures as a technician: When working with a client that is bound by HIPAA compliance? Do you have a business associate agreement that you use with each of these clients? Are there other compliance issues other than HIPAA that is important to know and apply to your business practice? I do not want to jump blindly into this area of work without being fully prepared and this forum is the first place I wanted to go as I have been following this website for about four years now. In regards to insurance by the way, I have that question as well. I am stuck between the fact that I feel I am too small to afford the premiums but do not want to catch myself being a small business with a huge HIPAA problem or make a mistake at a business and not have errors and omissions insurance, finding myself being knocked on my rear.

Thank you all.
 
Another issue to consider is the damage one might do to the business being served, as well as their clients. What we do has repercussions and we need to be mindful of that. Personally, I don't think I would tackle clients with HIPAA requirements until I had sufficient business client experience. Insurance is only part of the equation. It helps protect you should you be sued. However, whatever money a business subject to HIPAA may get is of little consolation if their reputation (and perhaps their entire business) is destroyed by a mistake we make. Just an encouragement to be cautious.

One of the first things you should consider is purchasing the Computer Business Kit v3. Great tools and information to help you get started.

Spend time here on the forums. Ask questions about how other businesses approach things. There's a great wealth of help and information available here. People are very willing to help. Just ask. Don't be afraid to be wrong...here. Don't be wrong at a clients. You said that you've been fixing computers for two years as a side business. Great! However, don't get ahead of yourself. There's a ton of stuff to know before one is really ready to take on clients who are subject to such requirements. How much networking have you done? Spend much time with servers? Are you comfortable rebuilding a network should it go down? I'm only asking because with only two years doing break/fix, and apparently little if any time with servers and networks, you could find yourself in real trouble quickly.
 
Applebutter said:
What do you do/what are your procedures as a technician: When working with a client that is bound by HIPAA compliance? Do you have a business associate agreement that you use with each of these clients? Are there other compliance issues other than HIPAA that is important to know and apply to your business practice?
Click to expand...

There is way too much to this answer to get into but there are a LOT that has to be done with regard to your own HIPAA compliance before you can properly and legally tackle HIPAA clients.

You can have your own BAA or you can sign your client's BAA. Regardless of who pulls out the BAA, it is a legal requirement to have one. The website of HHS has a sample and guidelines for drafting your own if you need that. Keep in mind too that some state laws have laws around privacy, security or breach notification that may be more strict than HIPAA. If you are in one of those states then you most use the more strict state law where it applies. Not only will you need to understand the federal laws but also your own state laws or the state(s) you're doing business in.

There are lots of compliance laws floating around in many different businesses. It is always best to ask clients if there are any compliance regulations that affect them, never assume. Sometimes, they may have to deal with more than one. HIPAA, PCI, FINRA, FISMA, SOX, GLBA... there a lots that you can run into.

Hope that helps. As @Mike McCall suggests... take it slow. Be purposeful, deliberate and do it right. There are plenty of average IT companies around. Strive to be great!
 
Thank god my wife is HIPAA certified, she does all her offices training and such. She is definitely going to be a "staff" member when I strike it on my own.
 
No apology necessary. I knew what you meant. There are many who will disregard you in this niche if you say certain things. That just happens to be one.

Your wife will be a huge asset for you. Maybe you can offer your clients training that she can do. That would be really good.

Keep us posted.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
It finally happened to me.
2
Replies
29
Views
2K
callthatgirl
callthatgirl
thecomputerguy
$300k wired and lost.
Replies
5
Views
412
Sky-Knight
Sky-Knight
thecomputerguy
Adding EDR to my stack and how to sell it.
Replies
6
Views
620
Sky-Knight
Sky-Knight
Fred Claus
Removing Google My business reviews
Replies
12
Views
956
NviGate Systems
NviGate Systems
RCD_Technology_Solutions
Thinking of closing retail store, stick with businesses.
Replies
9
Views
954
callthatgirl
callthatgirl
Back
Top