IT Staffing Firms: Manage HIPAA Compliance to Minimize Liability Exposure

TechInsurance issues risk management guidelines for IT staffing firms who place technology professionals with firms in the healthcare sector.

CHICAGO——Since 2003, the healthcare industry has enjoyed a growth rate 10 times greater than that of the rest of the U.S. economy, and as provisions of the Affordable Care Act take effect in the coming months, that growth is expected to continue. As healthcare providers make changes to comply with HITECH and provide more online healthcare services, their demand for IT professionals will also grow.

While this means growth opportunities for IT staffing firms, TechInsurance, the nation's leading online insurance agent for small IT companies, warns that it also means a new level of risk exposure.

IT staffing firms can be held liable for errors made by the people they place, if those errors result from inadequate experience or training for a job. Because healthcare firms must comply with federal HIPAA guidelines for all data storage and management, the stakes for errors are higher in healthcare than in other industries.

Ted Devine, CEO of TechInsurance, points out that HIPAA is the only law on the books at the federal level that outlines data security standards. "And it puts the onus of compliance on the healthcare companies it regulates," he said. "That means healthcare firms can be held liable for HIPAA violations made by any of their associates, including IT contractors they hired to build a website or update their network."

If an employee placed by an IT staffing firm allows or fails to prevent exposure of sensitive patient information, the costs could be tremendous: the healthcare firm will face federal fines in addition to state penalties and remediation costs such as notifying customers of the breach. To recuperate their losses, many healthcare providers turn to the courts, potentially suing their business associates, including contract workers and staffing firms who placed those workers.

To minimize exposure to HIPAA violation-related lawsuits, IT staffing firms can take the following precautions:

  1. Verify HIPAA compliance. To be HIPAA compliant, IT professionals must maintain specific physical and technical safeguards, including facility control, encrypted passwords, redundant backup, and network security standards. IT staffing firms placing professionals with healthcare clients should verify that those professionals rigorously maintain the security standards demanded by HIPAA.
  2. Review client contractual requirements. In addition to requiring HIPAA compliance, healthcare clients may require IT contractors to maintain their own liability insurance policies, which ensures that they can collect reimbursement if and when a contractor's work causes a data breach.
  3. Update Errors and Omissions policies. In addition to pursuing legal action against individual contractors responsible for data breaches, healthcare clients may seek damages from the IT staffing firm that placed the professional, depending on individual circumstances. With E&O Insurance, IT staffing firms don't have to worry about a single allegation costing them tens of thousands of dollars.
  4. Recommend insurance for contractors. Even when healthcare clients do not explicitly require contractor insurance in their contracts, IT staffing firms can recommend this coverage as a way of helping them proactively manage risks and minimize the liability burdens for the firm.

About TechInsurance, an insureon Company
TechInsurance is the nation's leading online insurance agent for small and micro businesses (those with 10 or fewer employees). Since its launch in 1997, TechInsurance has provided a convenient online destination where IT and technology consultants, contractors, and business owners can find essential liability insurance coverage from top-rated providers by completing an application process that takes only a matter of minutes. In addition to offering third-party Cyber Liability Insurance policies, TechInsurance offers General Liability, Property, and Workers' Compensation Insurance. For more details about TechInsurance, visit the company's website at

# # #

Media Contact:
Mark Meadows, Propllr LLC
302-353-8258, [email protected]

70% of businesses raise prices or cut hiring when sued