For MSPs, grasping HIPAA compliance isn’t just a good idea; it’s a necessity. Neglecting it can lead to legal issues and lost opportunities in the healthcare IT sector. Picture unintentionally mishandling patient data and facing legal consequences – that’s a risk you can’t ignore. A solid understanding of HIPAA can boost your reputation and credibility within the healthcare industry. To acquire this essential knowledge, consider enrolling in the Certified in HIPAA for MSP (CHMSP) course offered by HIPAA for MSPs. It’s a valuable resource that equips MSPs with the expertise needed to excel in this specialized field.
In this episode:
What is a CHMSP? – Ep 427
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
Thanks to our donors.
HIPAA Briefs
[03:29] Is it important that my BAs really understand HIPAA?Yes. It is very important that any business associate actually understands HIPAA because you’re passing on your reputation and your patient data and anything else that you are collecting that you are allowing them to access, which makes them a BA, to them to manage. The patient knows they gave you, the covered entity, their PHI, so ultimately they are expecting you to protect it, regardless of who you might otherwise entrust with it.
What is a CHMSP?
[07:02] We have talked about having managed service providers (MSP) or, as some say, IT support companies that understand how to actually do HIPAA for themselves and for their clients. How does one know that any company has that knowledge and can navigate the requirements with you? Until now you just had to keep asking others until you felt you could trust them. Mostly because all kinds of IT folks will tell you how they worked at a hospital or with a big healthcare vendor which means they understand everything. WRONG! Unless you have done a deep dive into what is required you have no idea just how much there is that you and your IT provider should be working together to address.That drove us a bit nuts so we decided to work with a third party to build a certification program that could help you know who knows what. The American Institute of Healthcare Compliance (AIHC) manages credentials for several other healthcare specific competencies and now they also offer the CHMSP or Certified in HIPAA for MSP. They don’t know that business, but they do know HIPAA requirements so we worked together. We developed the course and are managing the access to it and they developed the tests and manage the certification requirements and CEUs tracking.
So all we need to do is get a CHMSP and we don’t have to worry about HIPAA anymore?
Does this provide any guarantees about your compliance program? No, but it does give you some assurance that someone in that organization has the proper understanding. Just make sure you ask who is the person that has the certification so you know you are working with them and they are doing the work based on that knowledge.
What is in the course?
[15:44] We wanted to make sure that anyone who had these credentials had been taught to understand not just the basic concepts, but what is actually expected of any CE or BA which included their clients and themselves. We discuss the importance of handling all aspects of HIPAA in their organization as well as truly understand what their clients must do.The full course has 13 sessions with multiple modules covered in each session. This is no simple 30 minute course with a cute little quiz to get your “certification”. We get down in the details to make sure students are exposed to the requirements for responding to a cyber attack investigation by OCR. We also point out you need these things when vetting your vendors and building the MSP services you offer under HIPAA.
Can I say that we are HIPAA certified or HIPAA compliant with these certifications?
No. There is no such thing as a HIPAA certification. Don’t fall into that trap. The certification is meant for IT professionals to truly understand HIPAA and their responsibilities as they work with clients in the healthcare industry, but they also must do the work or the certification means nothing. Privacy, security and compliance are not a one and done project, it’s a continuous ongoing process.
The CHMSP certification doesn’t provide any kind of guarantee that your IT or MSP team knows what they’re doing and that they are properly following HIPAA. It does give you some assurance that somebody in that organization has a proper understanding of HIPAA and what creating and maintaining a proper program involves. You still have to do some due diligence, but the CHMSP certification is a big step in the due diligence process.
What is the test like?
[20:53] The CHMSP certification test is proctored, but it’s done online. David and I wrote a course consisting of 13 sessions with multiple modules in each session. The entire course is just under 17 hours of comprehensive training. The course covers pretty much everything we teach in our Boot Camps, including:- HIPAA Basics
- Defining the Privacy, Security and Breach Rules
- A review of an actual OCR data request
- Policy and procedure development
- Business associate management
- Developing and managing a training program
- Cooperation needed between IT and the organization
- Risk analysis and risk management
- Recognized Security Practices, HITECH Amendment PL-116321
- Response and Recovery Planning
- Responsibilities of a Business Associate under HIPAA
- and much more….
How can I get certified?
[43:30] HIPAA for MSPs has partnered with Kardon and their Kardon Club membership in offering the CHMSP course and exam. Go to HIPAA for MSPs to sign up. You can take the course David and I created for this certification and then take the exam from AIHC. You’ll have 90 days to take the exam once you’ve finished the course. There are mock exams available that you can take as many times as you want before taking the actual certification exam. The exam is proctored and is timed. It is an online exam and if you don’t pass the first time, you are able to retake the exam once more.Also, consider becoming a member of HIPAA for MSPs or the Kardon Club depending on whether you are an MSP or not. Memberships in either will give you that constant training and communication about all things privacy and security and compliance.
Compliance managers and IT or MSP providers should have more training on privacy, security and compliance than the average workforce member. HIPAA for MSPs is an amazing resource available to MSPs for helping them properly understand and implement HIPAA, learning how it applies to them and how they can help their clients improve their own HIPAA program.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
