Being HIPAA Compliant is a constant effort of staying up to date with regulations and thinking outside the box of what could happen in the most extreme cases, the majority of providers do not have time for that and shouldn't they should be focused on their clients.
The majority of small business providers get left to fend for themselves either because other MSPs will not work with them because their too small, because the price tag is too large, or they do a disservice to them by not helping with HIPAA Compliance.
So that leave 83% of business owners to do their own IT. You might be wondering so? What's the big deal?
Because there is such a large amount of owners that do their own IT that means that IT usually falls to the back of their mind meaning that software doesn't get updated, hardware doesn't get updated, and antivirus definitions never get updated.
The data shows that 35% of businesses have never updated their security stack, So it results in 1in 5 small businesses get hacked and of those 60% go out of business in 6 months. The data also showed that recovery costs after being hit start at $9000.
The problem is since small business owners are not cyber security certified they don’t have a contingency plan for dealing with security threats, and when even small attacks happen, they can be incredibly costly and time consuming. Providers then have to maintain HIPAA compliancy and if they get hacked then they wade into the waters wondering if they were really HIPAA Compliant.
The majority of providers do not know the whole scope of what it means to be HIPAA compliant from a technical standpoint, and the majority of providers do not know what the full extent of the fines are.
If the providers office is unaware of the violation then research shows that Non-Compliance is a civil offense that carries a penalty that ranges from $100 to $50,000 per violation with $10,000 per violation on average. If the providers office is aware of the non-compliance HIPAA can construe this as Misuse of PHI and is a criminal offense and is up to loss of license to practice, $250,000 in fines, and up to 10 years in prison.
You might be saying ya but all my stuff is in the cloud and that's great, but if you can't get to the cloud that is then a problem. Data showed that most small businesses that did not have a plan with a company were down for 2.5 days. If you have to stay HIPAA compliant and your systems go down then you are no longer HIPAA compliant.
60% of businesses say that having trained IT that is internal or external IT has prevented them from getting attacked.
We at Solutions Tek want to see all Providers succeed safely, securely, compliantly, and we have plans that will fit right into your business and your finances.
Get in touch with us to schedule a phone consultation and a HIPAA Assessment at no cost to you!