Maintaining an IT business always requires sales work. That's why you should be open-minded about new markets and learning how to customize IT for different industries. One difficult but potentially rewarding industry to work with is healthcare.
Small healthcare practices have a tremendous need for data security. And, as you would expect, there's a lot of money to make in the healthcare industry. Healthcare clients are steady customers that always need upgrades and security audits.
Before you jump headlong into health IT, there are a few things you should know about this industry and its data security requirements:
- Health IT is governed by two data security laws – HITECH and HIPAA – which require stricter data security controls (the two laws are interconnected and people often use the names HIPAA and HITECH interchangeably).
- HITECH and HIPAA regulations fine healthcare companies for data security breaches (read, "$1.2 Million HITECH Fine Highlights Risks for IT Contractors," for an example).
- In order to be HIPAA compliant, businesses need to have security measures in place to prevent data theft and physical theft of mobile devices, laptops, and other devices.
- Because HIPAA and HITECH require robust encryption, only certain email providers and cloud storage providers qualify.
- There are resources, such as HealthIT.gov, designed to help IT contractors make sense of HIPAA standards.
It should be noted that, while it is strict, HIPAA is only the minimal recommendations for healthcare IT. Network admins and IT consultants should always take it upon themselves to take extra steps to secure a small healthcare practice's data.
What You Need to Know to Be a HIPAA Compliant IT Consultant
HIPAA and HITECH have strict data security requirements for protected health information (PHI). What's PHI? This includes nearly any and all patient information, including identifying data, health records, and payment information.
The law requires that small healthcare providers and IT consultants…
- Secure electronic PHI, adopting best practices and encryption.
- Allow patients to access their data when they need it.
- Document how and when patient data is shared.
- Inform patients when there is a security breach.
- Establish employee training and IT protocol to reinforce HIPAA / HITECH requirements.
- Secure laptops, mobile devices, and other computers from physical theft.
- Institute procedures to back up files, minimize errors in data entry (double-checks, double-keying, etc.), and prevent data loss.
- Perform periodic security audits.
This is only a brief overview of HIPAA requirements, but these should give you a basic idea of what you'll need to do.
Let's say you've been hired by a client to install HIPAA-compliant IT at their medical office. How do you make sure you're following HIPAA and HITECH guidelines? A great place to start is HealthIT.gov's Risk Assessment Tool – a web app that analyzes your client's data security risks and identifies the areas they need to improve. Use this and other online tools to figure out what IT needs to be upgraded or replaced.
Professional Liability for IT Consultants Working in Healthcare
As we mentioned above, HIPAA violations can lead to significant fines – sometimes even multi-million dollar penalties. If a client's data security systems aren't HIPAA-compliant and they have to pay a colossal fine to the Department of Health and Human Services, there's a good chance the client will sue the IT consultant who installed the non-compliant technology.
How do IT consultants protect their business from a HIPAA violation lawsuit? You need to make sure you're taking all reasonable measures to protect your clients' data. In addition, you can invest in Errors and Omissions Insurance (also called Professional Liability Insurance).
Information technology insurance pays for lawsuits, court expenses, and damages you may owe clients when you're sued over data breaches, HIPAA violations, or faulty IT. While you can install the best security software, no IT contractor is without risk. Even the best IT can be hacked or exposed because of a user error.
Fortunately, your business can get financial security through E&O Insurance. Even as you grow your business and offer services to new industries, you can adapt your coverage to make sure your business is protected.