![Page 1: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/1.jpg)
10 HIPAA FAQs from MSPs and VARs
Carlo TapiaMarketing Coordinator, eFolder678-888-0700 [email protected]
Mike SemelPresident, Chief Compliance Officer,Semel Consulting888-997-3635 x 101
![Page 2: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/2.jpg)
© 2014 eFolder, Inc. All Right Reserved.2
Agenda
• Introductions
• What is HIPAA?
• What must MSPs and VARs do to comply?
• When was the HIPAA deadline?
• What is the cost of HIPAA?
• 10 HIPAA FAQs from MSPs and VARs
![Page 3: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/3.jpg)
© 2014 eFolder, Inc. All Right Reserved.3
eFolder Expert: Mike Semel
![Page 4: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/4.jpg)
4
Semel Consulting
© 2014 eFolder, Inc. All Rights Reserved.
• Founded in September, 2012
• 30-year VAR/MSP
• 10 years’ experience with HIPAA, conducting assessments and remediation
• Former Hospital CIO
• Specialization in health care, financial, and education verticals
![Page 5: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/5.jpg)
5
What is HIPAA?
• Health Insurance Portability and Accountability Act (1996)
• Reduces health care fraud and abuse
• Mandates industry-wide standards for health care information
• Requires the protection and confidential handling of protected health information
© 2014 eFolder, Inc. All Right Reserved.
![Page 6: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/6.jpg)
6
The Cost of HIPAA
Massachusetts provider settles HIPAA case - lost laptop
© 2014 eFolder, Inc. All Right Reserved.
$1.5MAlaska DHSS settles HIPAA security case - lost hard drive $1.7M
$150KResolution Agreement with Adult & Pediatric Dermatology, P.C. of Massachusetts - lost flash drive
HHS.gov/ocr/privacy/hipaa/enforcement/examples/index.html
![Page 7: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/7.jpg)
7
When was the HIPAA Deadline?
© 2014 eFolder, Inc. All Rights Reserved.
![Page 8: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/8.jpg)
8
What must MSPs and VARs do to comply?
Comply with HIPAA’s Administrative, Technical, and Physical Safeguards
© 2014 eFolder, Inc. All Right Reserved.
![Page 9: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/9.jpg)
9
Question 1
What information is protected by HIPAA?
• Any combination of a patient’s name (or other identifier) with information about their medical diagnoses or treatment
• Can be written, verbal or electronic
• On any device or in the Cloud
© 2014 eFolder, Inc. All Right Reserved.
![Page 10: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/10.jpg)
10
Why do we have to comply with HIPAA as aBusiness Associate?
• Your health care clients and business that support health care clients give you access to electronic Protected Health Information (ePHI), or the systems that store it
© 2014 eFolder, Inc. All Right Reserved.
Question 2
![Page 11: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/11.jpg)
11
If a client refuses to sign a Business Associate Agreement with us can we still do business with them?
• Yes; you do not have a risk if your client refuses to comply with HIPAA
• You have to comply with HIPAA with or without asigned contract
© 2014 eFolder, Inc. All Right Reserved.
Question 3
![Page 12: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/12.jpg)
12
Do we have a responsibility to report if our client is doing something intentionally or deliberately out of compliance?
• No; HIPAA does not require you to report your client for non-compliance
• HIPAA does require your client to ensure that you are compliant, is supposed to give you a chance to remediate compliance issues, and cancel their contract and report you if you don’t comply
© 2014 eFolder, Inc. All Right Reserved.
Question 4
![Page 13: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/13.jpg)
13
Do we have to sign Business Associate Agreements with our vendors?
• Any vendor that stores ePHI is a Business Associate and must comply with HIPAA
• Cloud services, online backup providers, and data centers must sign Business Associate (BA) Agreements
• You or your vendor may originate the contract
© 2014 eFolder, Inc. All Right Reserved.
Question 5
![Page 14: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/14.jpg)
14
How can we verify our my backup and cloud vendors are really HIPAA compliant?
• Any data you send to a non-compliant vendor is a HIPAA data breach
• Some vendors think that signing BA Agreements is enough
• Validate that the vendor is complying beyond signing agreements
• If you aren’t convinced of your vendors’ level of compliance, switch vendors!
© 2014 eFolder, Inc. All Right Reserved.
Question 6
![Page 15: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/15.jpg)
15
Do our clients really need Domain networks instead of Workgroup networks?
• Yes; HIPAA requires Individual User Identification, Audit Logs, and Information System Activity Review, all of which require a Domain instead of a Workgroup
• Audit Logs must be retained for 6 years
© 2014 eFolder, Inc. All Right Reserved.
Question 7
![Page 16: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/16.jpg)
16
If a laptop computer is encrypted and then lost, is it reportable?
• No; encrypting any device provides a ‘Safe Harbor’ and the loss is not reportable
© 2014 eFolder, Inc. All Right Reserved.
Question 8
![Page 17: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/17.jpg)
© 2012 eFolder, Inc. All Right Reserved.17
Are cloud vendors and backup providers exempt from HIPAA because the data is encrypted and they don’t have encryption keys?
• No; while encryption provides ‘Safe Harbor’ in case of a data breach, it is not an exemption for an organization that maintains encrypted data
Question 9
![Page 18: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/18.jpg)
18
What do we have to do to become HIPAA-compliant?
• Learn HIPAA!
• Implement HIPAA-specific policies and procedures
• Do a HIPAA Risk Analysis
• Train your workforce
• Perform and document ongoing HIPAA-compliant services
• Select HIPAA-compliant partners, like eFolder
© 2014 eFolder, Inc. All Right Reserved.
Question 10
![Page 19: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/19.jpg)
19
eFolder and HIPAA
© 2014 eFolder, Inc. All Rights Reserved.
• eFolder will sign Business Associate Agreements
• eFolder has completed a proper HIPAA Risk Analysis conducted by experienced professionals
• eFolder has written HIPAA-specific policies and procedures
• eFolder has trained its workforce to comply with HIPAA
• eFolder has retained HIPAA professionals to maintain compliance over time
• eFolder will provide you with a letter attesting to our HIPAA compliance to take to your clients
![Page 20: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/20.jpg)
20
• eFolder Partners, contact your account manager for Business Associate Agreement (BAA)
• All registrants will receive a HIPAA Compliance Playbook– Video training course to educate partners– Microsoft PowerPoint to train employees– Example HIPAA compliance checklist– Example Business Associate Agreement (BAA)– More!
eFolder and HIPAA
© 2014 eFolder, Inc. All Right Reserved.
![Page 21: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/21.jpg)
21
HIPAA Rapid Compliance VARs/MSPsVirtual Workshop
• 6-hours of webinar training
• Customized policies and checklists & a lot more
• 1-on-1 consulting
• No travel costs, lost workdays, lawyer lectures
• Webinars will be recorded for review or sharing with other employees
HIPAA Compliance Workshop
© 2014 eFolder, Inc. All Right Reserved.
![Page 22: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/22.jpg)
22
HIPAA Compliance Workshop
Registration• http://bit.ly/NCRTrC• Workshop limited to 35 participants
Cost• $1,299• $999 for eFolder partners
Dates• Monday, March 10, 8 a.m.- 10 a.m. PT• Thursday, March 13 8 a.m. - 10 a.m. PT• Monday, March 17 8 a.m. - 10 a.m. PT
© 2014 eFolder, Inc. All Right Reserved.
![Page 23: eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs](https://reader035.vdocuments.us/reader035/viewer/2022070313/554b4427b4c905b5378b4e61/html5/thumbnails/23.jpg)
Q&A
www.efolder.net
+1 800-352-0248
HIPAA Compliance Workshop
http://bit.ly/NCRTrC