MPS Community Meeting
CompTIA has a policy of strict compliance with federal and state antitrust laws. The antitrust laws prohibit competitors from engaging in actions that could result in an unreasonable restraint of trade. Consequently, you agree to avoid discussing certain topics in participating at any CompTIA events or activities, including, without limitation, any discussions relating to prices, fees, rates, profit margins, or other terms or conditions of sale (including allowances, credit terms, and warranties); allocation of markets or customers or division of territories; or refusals to deal with or boycotts of suppliers, customers or other third parties, or topics that may lead participants not to deal with a particular supplier, customer or third party.
www.comptia.org/antitrust
CompTIA’s Antitrust Statement
Strut Your Stuff
Panel Discussion
The CompTIA MSP Partners TrustmarkTM qualifies and differentiates those Solution Providers that offer on-premise IT services via a managed services business model.
Learn more at:www.comptia.org/trustmarks
$100 discount at ChannelCon
Community Leadership Chair – Barney Kister
− Senior Vice President of MPS Sales at Supplies Network
Vice Chair – Ian Berger− Outside Business Development
at Parts Now!
Staff Leader – Lisa Person− Director of Member Communities at
CompTIA
MPS Executive CouncilName Company
Bud Karakey BEI Services Frank Avsenik Compugen Gordon Snider PrintFleet Gus Yusem Xerox Jeff Bendix Bendix Imaging Jon Hafey Toshiba America Sam Moore Lexmark Steve Lu Synnex Tawnya Stone GreatAmerica West McDonald FocusMPS
Join us for the Community & Councils Reception & 60 Second Challenge…
• What:– Networking over drinks– Fun & Quick Updates
• When: 5-6 PM Today• Where: Peabody Grand U
Agenda 2:30 – 2:50 Opening 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network and West McDonald, Owner, FocusMPS
3:30 – 3:45 Break
3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not Say." - Managed Print Services End Game - Fewer Clients, Less Money.o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
4:25 – 4:40 New HIPAA changes and how they affect your MPS businesso Presented by: Mike Semel, President, Mike Semel Consulting
4:40 – 5:00 Closing
CompTIA Public AdvocacyWashington, DC
CompTIA Public Advocacy Team• Liz Hyman, Vice President • Lamar Whitman, Director (Tech Entrepreneurs)• David Valdez, Sr. Director (IT Security)• Randi Parker, Director (IT Workforce)• Matthew L. Evans, Manager (Grassroots Advocacy
and PAC)
Important Issues 2013• Cybersecurity & Data Breach• Startup Act 3.0 & Startup Innovation Credit Act• Immigration Reform• Patent Reform
Public Advocacy2014 CompTIA TechVoice D.C. Fly-In
The CompTIA TechVoice D.C. Fly-In will take place February 11-12, 2014. The Liaison Hotel, in walking distance to the U.S. Capitol, will be the venue. New this year, we will be co-locating Colloquium with the Fly-In so that the training and education community can interact with policy makers. We will provide updates on these events as they become available.
See print out on the table for complete advocacy details. – If you would like the document emailed to you, please put a star next to
your name on the sign in sheet.
TechVoice & Social Mediawww.techvoice.org
Your Source For Grassroots Innovation and Technology
Follow Us: @Tech_Voice on TwitterFacebook and Linkedin
Public Advocacy2014 CompTIA TechVoice D.C. Fly-In
The CompTIA TechVoice D.C. Fly-In will take place February 11-12, 2014. The Liaison Hotel, in walking distance to the U.S. Capitol, will be the venue. New this year, we will be co-locating Colloquium with the Fly-In so that the training and education community can interact with policy makers. We will provide updates on these events as they become available.
See print out on the table for complete advocacy details. – If you would like the document emailed to you, please put a star next to
your name on the sign in sheet.
Agenda 2:30 – 2:50 Opening 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network and West McDonald, Owner, FocusMPS
3:30 – 3:45 Break
3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not Say." - Managed Print Services End Game - Fewer Clients, Less Money.o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
4:25 – 4:40 New HIPAA changes and how they affect your MPS businesso Presented by: Mike Semel, President, Mike Semel Consulting
4:40 – 5:00 Closing
Agenda 2:30 – 2:50 Opening 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network and West McDonald, Owner, FocusMPS
3:30 – 3:45 Break
3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not Say." - Managed Print Services End Game - Fewer Clients, Less Money.o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
4:25 – 4:40 New HIPAA changes and how they affect your MPS businesso Presented by: Mike Semel, President, Mike Semel Consulting
4:40 – 5:00 Closing
Agenda 2:30 – 2:50 Opening 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network and West McDonald, Owner, FocusMPS
3:30 – 3:45 Break
3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not Say." - Managed Print Services End Game - Fewer Clients, Less Money.o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
4:25 – 4:40 New HIPAA changes and how they affect your MPS businesso Presented by: Mike Semel, President, Mike Semel Consulting
4:40 – 5:00 Closing
18
Connect the D ts to MPS HIPAA Compliance
&Make More
Money
1919
Mike Semel
Mike SemelPresident
Chief Compliance OfficerSEMEL Consulting
30+ year VAR/MSP & CompTIA member Former VentureTech, Varnex, HTG member Hands That Give architect/advisor Certified Business Continuity Professional Certified HIPAA Administrator Certified HIPAA Professional Certified Security Compliance Specialist Certified Health IT Consultant Hospital CIO (2004 – 2006) Chair, CompTIA Security Community (retired) ASCII Resident Expert CompTIA Security Trustmark (holder, development team,
author- quick reference guide, coach)
20
Health Insurance Portability & Accountability Act (1996)
Privacy Rule (2003) Covers all Protected Health Information (PHI) Verbal, Written, Electronic
Security Rule (2005) Covers Electronic Protected Health Information (ePHI)
HITECH Act (2009)
Provided $$ for Electronic Medical Records implementation Updated breach notification requirements Exempted encrypted data from breach reporting
HIPAA Overview
21
PHI & ePHI
• Protected Health Information– Identifiable– Plus treatment and/or diagnostic information
• Electronic Protected Health Information– PHI in electronic form– Words, images, voice files– On any media
22
Most healthcare providers & payers have to comply with the HIPAA Security Rule, implemented in 2005 and updated by the HITECH Act of 2009.
HIPAA Covered Entities
23
Companies that support Covered Entities and come in contact with Protected Health Information are Business Associates and must now comply with HIPAA. HIPAA Omnibus Final
Rule (2013)
HIPAA Business Associates
24
Business Associates• NOT Covered Entities but do come in contact with PHI
and ePHI – ALSO REQUIRE HIPAA COMPLIANT SERVICES– Shredding Companies, Paper Records Storage– IT companies, EHR vendors, copier vendors– Lawyers, accountants, collections agencies, etc.– & all subcontractors
• NEW – data centers, online backup companies, Cloud vendors– If they ‘maintain’ data– Even if they don’t look at it– Even if it is encrypted, in locked cabinets, sealed boxes
25
HIPAA Omnibus Final Rule
• Business Associates must – Sign Business Associate Agreements
• New ones now• Replacements by September 22, 2014
– Implement full compliance programs– Train workforce– Perform and document HIPAA-compliant tasks– Manage all subcontractors (OEM’s, service providers)
• Compliance by ACT, not contrACT
26
Business Associate Agreements
• Between Covered Entity & Service Provider• Contract between 2 organizations• Must include specific language• May include other requirements (read carefully!)• New guidance published Jan. 25, 2013• May be provided by either party• New agreements must include new language• Existing agreements must be replaced by
September 22, 2014
27
Sub-BA Agreements
• Between Business Associates and their subcontractors, like OEMs & Service Providers
• Recommendations– Include all required language– Add language to include right to audit, demand
proof of compliance, report breaches in enough time to meet federal and state guidelines
– IF NO, you have no choice but to replace vendor– Any data stored or shared would be a data breach
for which you are responsible
28
2012 - 2013 Penalties
• $ 100,000 – 5-doctor practice in Phoenix for sending patient data by unsecure e-mails
• $ 1.7 million – Alaska state health dept. lost backup drive• $ 1.5 million – Massachusetts hospital stolen laptop• $ 50,000– small hospice stolen laptop• $ 400,000 – university clinic failed firewall• Plus costs to notify patients & remediate problems• Publication on the HIPAA ‘Wall of Shame’
29
Why are VARs, MSP’s, copier manufacturers, & copier service companies HIPAA Business Associates ?
30
Old vs. New
Paper in Paper Out
HARD DRIVES STORE AN IMAGE OF EVERY DOCUMENT COPIED,
PRINTED, SCANNED, OR EMAILED BY THE
DEVICE
31
Sell Secure MFP’s to regulated clients
• Image Overwrite – “electronic shredding” of images• Data Encryption (at rest & in transit)• Access Security (users sign in)• Track User Activity• Separation of fax line from network connection• Secure Print (no prints sitting in copier)• Hard drive security cabinets (drive cannot be
removed)• Network Security Source: Xerox
32
HIPAA-compliant servicesExample: Hard Drive Replacement
1. Remove Old Drive2. Dispose old drive or return to
mfg for core credit or warranty
Standard Service
Compliance Service1. Follow compliance checklist2. Erase old drive at client site3. Save erasure report to
ticket4. Remove old drive & track
transport5. Destroy old drive6. Send photo of damaged
drive to ticket7. Dispose old drive – do not
ship back8. Send report to client’s
compliance officer
33
Where printer techs touch ePHI…charge for compliance services
Cradle to Grave• Installation – linking MFP to
network, testing scanning to EHR system or network folder, faxing, e-mail
• Support – Assisting users with problems
• Repairs – handling hard drives• Equipment return (from lease)• Equipment disposal
34
Who needs to understand HIPAA?
• Management– Sales opportunities, service risks/opportunities, compliance
policies, procedures, workforce training, documentation, security incident/data breach management, Internal Auditing
• Sales– Know rules, penalties, Meaningful Use payments, how HIPAA
relates to Managed Print Services• Service Coordinator
– recognize compliance service requests, schedule enough time• Techs/Engineers
– Follow compliance service checklists– Detailed Documentation
35
Contact InfoMike [email protected] x 101
www.semelconsulting.com
GIVE ME YOUR CARD & I WILL SEND YOU MORE INFO AND A COMPLIANCE CHECKLIST
Agenda 2:30 – 2:50 Opening 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network and West McDonald, Owner, FocusMPS
3:30 – 3:45 Break
3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not Say." - Managed Print Services End Game - Fewer Clients, Less Money.o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
4:25 – 4:40 New HIPAA changes and how they affect your MPS businesso Presented by: Mike Semel, President, Mike Semel Consulting
4:40 – 5:00 Closing
Thank you!
For more information visit www.comptia.org/channelcon