How far do you go with Hipaa compliance?

Pants said:
I'd like to add that I don't have a large network setup. I work out of my home with 1 Internet connection, and a few computers with NO employees, but these computers are not setup to share data with each other for any office tasks. My Internet connection is via wi-fi to my router which protected by a pretty long wpa2 key.
Click to expand...

Perfect! The best thing about this setup is that its super easy to manage and protect. Getting your HIPAA compliance off the ground will be much easier for you than... say... a business with a few techs, a server and several workstations. The more you have... the more you have to manage and protect... the more points of failure there are. Keeping it simple has its advantages for sure.

I see "solo-preneurs", all the time, with the mindset that being a one man show, working from a home office is a negative. That's absolutely incorrect. There are several advantages to this and is even a positive when working with business clients. I think I'll write a blog post about this in the next few days.

@Pants... Not that you asked but I'd recommend following through with what you've been working so hard on over the past 2 years and stay focused on that for now. If you're really interested in getting into the healthcare niche then start following it and just become familiar with what is going on but don't turn your focus away from what you're doing in the present. Then when you feel the time is right, start moving toward this niche. Doing it this way will ensure you are much more informed and prepared when you decide to take the next step.
 
Tech in SC said:
@Pants... Not that you asked but I'd recommend following through with what you've been working so hard on over the past 2 years and stay focused on that for now. If you're really interested in getting into the healthcare niche then start following it and just become familiar with what is going on but don't turn your focus away from what you're doing in the present. Then when you feel the time is right, start moving toward this niche. Doing it this way will ensure you are much more informed and prepared when you decide to take the next step.
Click to expand...

Well, yah, I also don't think I'm ready for Health Care IT. I think that kind of thing should be reserved for techs who are already comfortable working in commercial environments. You might get a HIT certification, but in my opinion, the cert alone doesn't justify jumping into HIT. For one, it's not just another environment, people's health and lives are at stake...2. It would be easy to ruin your reputation for technical proficiency and professionalism, going after something like this so soon. After a few years of non-HIT I think I'll give it go...In the mean time I'll work on getting myself hipaa compliant (probably before the year is over) so when I dive into HIT I'll have hipaa procedure already in place...ie "eat the elephant one bite at a time"


Also, I'm having a hard time wrapping my brain around FINRA. Does FINRA.org post a checklist of technical measures to be implemented when dealing with FINRA-protected data? I'm not sure where to begin on this one.
 
I don't focus on FINRA so there's my disclaimer...
It's also outside of the topic of this thread so I don't want to change gears too much here.

FINRA covered businesses have two primary IT focal points:
1. Data protection
2. Business Continuity

Obviously these 2 go hand in hand. Some overview of things FINRA businesses have to deal with are:
- Encryption: From full drive to email, data must be protected. They have to document this protection as well as be subject to audits. The difference with FINRA and HIPAA for you is that you are liable (any more than normal) AND you don't have to do your own compliance and documentation. You just do the work and get paid... or as I like to do... get paid then do the work.

- Network Security: Your normal stuff here... AV... Firewall... etc. You can get complex or not, depending on the client's environment, budget, etc. The main thing is to protect the network and systems inside.

- Business Continuity: The client has to have a full Business Continuity Plan to include how their data is backed up, restored, protected, etc. Basically, they have to be able to recover from any reasonable threat (human, environmental, technical). This means they usually need more than your typical file level cloud backup service.

You could specialize in FINRA and perform a full business technology audit, sell and manage encryption, sell and manage AV, sell and manage backups... you get the point.

Its not that you're doing anything different than the next IT guy can maybe do. The difference is you know the regulation, you know the lingo and you specialize in it. The perceived expertise (or actual hopefully) will give you a clear advantage and get you the client even if you're a higher price. Honestly, you want to be a higher price.

Hope that helps... but again... I'm not super versed in FINRA, but its not near as complex as HIPAA. You may have to dig but the answers are all at www.finra.org.

I have other suggestions if you want to go this route but again... trying to keep the thread on track.
 
Tech in SC said:
I don't focus on FINRA so there's my disclaimer...
It's also outside of the topic of this thread so I don't want to change gears too much here.

FINRA covered businesses have two primary IT focal points:
1. Data protection
2. Business Continuity

Obviously these 2 go hand in hand. Some overview of things FINRA businesses have to deal with are:
- Encryption: From full drive to email, data must be protected. They have to document this protection as well as be subject to audits. The difference with FINRA and HIPAA for you is that you are liable (any more than normal) AND you don't have to do your own compliance and documentation. You just do the work and get paid... or as I like to do... get paid then do the work.

- Network Security: Your normal stuff here... AV... Firewall... etc. You can get complex or not, depending on the client's environment, budget, etc. The main thing is to protect the network and systems inside.

- Business Continuity: The client has to have a full Business Continuity Plan to include how their data is backed up, restored, protected, etc. Basically, they have to be able to recover from any reasonable threat (human, environmental, technical). This means they usually need more than your typical file level cloud backup service.

You could specialize in FINRA and perform a full business technology audit, sell and manage encryption, sell and manage AV, sell and manage backups... you get the point.

Its not that you're doing anything different than the next IT guy can maybe do. The difference is you know the regulation, you know the lingo and you specialize in it. The perceived expertise (or actual hopefully) will give you a clear advantage and get you the client even if you're a higher price. Honestly, you want to be a higher price.

Hope that helps... but again... I'm not super versed in FINRA, but its not near as complex as HIPAA. You may have to dig but the answers are all at www.finra.org.

I have other suggestions if you want to go this route but again... trying to keep the thread on track.
Click to expand...

That helps. It WAS intended to be a thread hi-jacking...btw.. didn't you see the bandana over my face when I rode up on my horse with my revolver? :rolleyes:

thx!
 
I did notice the bandana... but I would've taken you more seriously if you wouldn't have been on a broom-handled horse with rolls of caps for your gun slid down on your pinky finger.
 
Tech in SC said:
If you want to differentiate yourself from your competition then look for a niche and dive into what their specific needs are. You could specialize in accountants, service industries (like HVAC, plumbers, electricians) or just churches.
Click to expand...

If I did target specific types of businesses, like you said, could I get sued for discrimination? Let's say I only do HVAC, plumbers, and electricians, and a local farmer's office called and asked for support. Could I legally say, "No, I only do hvac, plumbers, and electricians"?

I'm not saying I would not do business with a farmer, if I had the technical ability to support whatever he had in this office, just being hypothetical.
 
Last edited:
Discrimination prohibited by law covers:

Age
Disability
Equal Pay
Genetic Information
Harassment
National Origin
Pregnancy
Race/Color
Religion
Retaliation
Sex
Sexual Harassment

So long as you didn't tell the farmer that you only service black, christian, non-pregnant, non-disabled, american females from 20-25 years of age. LOL

Don't get caught up in "What ifs"... just always be ethical, above reproach and just do the right thing. You will be fine I'm sure.

In these United States of The Offended, you're sure to piss someone off sooner or later. As long as you're doing the right thing, it won't matter in the end. This is especially true if you're dealing with residential/general public customers.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Oprah says, "and you get a violation, and YOU get a violation, and YoU get a ViOlation!"
Replies
11
Views
1K
DRPCNZ
DRPCNZ
Velvis
Windows Security asking for PIN to sign into AOL Mail
Replies
5
Views
249
britechguy
britechguy
D
How are you folks handling Scam Popups
Replies
10
Views
1K
Markverhyden
Markverhyden
lan101
Youtube TV Google account management change payment information
Replies
17
Views
461
lan101
lan101
thecomputerguy
Adding EDR to my stack and how to sell it.
Replies
6
Views
956
Sky-Knight
Sky-Knight
Back
Top