The Peer-to-Peer blog is a forum for Channel Partners readers with the goal of stimulating discussion among partners about important issues impacting their business. The opinions expressed here are those of the authors and not necessarily those of Channel Partners editors or publishers. If you are interested in submitting a blog, please contact Managing Editor Buffy Naylor, firstname.lastname@example.org.
Unraveling the Complexities of Compliance, Part I
By Sean McCaffery
HITECH. What does that mean to you? It could mean millions of dollars against your bottom line. In 2009, the HITECH Act (Health Information Technology for Economic and Clinical Health) was passed. This law expanded the scope of the previous Health Insurance Portability and Accountability Act (HIPAA) first enacted to protect the privacy of health information. HITECH put some “teeth" into HIPPA by enforcing the rules and invoking fines for non-compliance. To avoid unnecessary complications and high fines, service providers and VARs that work with health care organizations need to make sure they have all the facts before designing IT solutions.
U.S. health organizations are experiencing more investigations and fines than ever before, with the dollar value of fines increasing tremendously. According to a 2013 report from ID Experts, there have been tiered increases in penalties for violations of these rules, with potential fines ranging from $25,000 to as much as $1.5 million. As illustrated by this report, fines easily exceed a million dollars or more, and associated class action suits are asking for sums in the billions. According to the U.S. Department of Health & Human Services website, examples of recent settlements include the WellPoint managed care company settling a HIPAA security case for $1.7 million, the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates settling a HIPAA case for $1.5 million and the Alaska Department of Health and Human Services settling a HIPAA security case for $1.7 million.
No doubt that the world of health care has become very complex. A channel provider incorporating infrastructure solutions into their offerings are best served to work with data center providers that have in-house compliance experts or specific departments dedicated to understanding the complexities of healthcare regulation. This will go a long way in providing value to clients and offering protection against penalties. Service providers and VARS, in order to help their end-user clients meet requirements, have to understand the many aspects, rules and regulations.
Recently the landscape changed even more with an “Omnibus Rule" that passed in early 2013 and became enforceable in September 2013. Now the channel partner community can be held accountable if one of their end-user customers places data on the servers that is subject to health care guidelines. Previously, the partner wasn’t fined if they didn’t know about the data. Not so anymore. It is now a true risk for VARs and very essential that solutions are designed from the onset with compliance in mind.
What can the channel community do?
- Ensure the infrastructure service within your solution adheres to current guidelines
- Ensure that roles and responsibilities are clearly defined with end-user clients so risk can be divided and met overall
- Understand what type of data the client has and will store
- Understand if any compliance regulations apply
- Work with a data center provider that has expertise in the compliance arena
Health care budgets for compliance are doubling and tripling these days, but what we are not seeing is IT budgets doubling. IT departments are dealing with the same or shrinking budgets. So, with a larger component of IT budgets consumed by compliance, CIOs and CTOs are getting pressure from a resource standpoint but less budget to deal with it. Failing on compliance can bring stiffer punishments and fines, so, more and more companies are looking at outsourcing so that they can share the burden and ensure they aren’t missing important components.
In the next blog entry, we will delve into key answers to uncover before designing IT solutions. Protecting your company as well as your end-users is more important than ever. The compliance landscape is complex but with the right data center partner, you can build solutions that meet regulations, avoid unnecessary fines and stay ahead of the changing landscape while providing value added solutions for your customers.
Sean McCaffery is vice president of channel sales at ViaWest . He is responsible for driving and delivering sales and strategy for the channel partner program. His responsibilities also include driving programmatic and process change in support of indirect sales models, building and implementing integrated sales and marketing strategies, sales forecasting, setting quota’s, partner compensation, change management and supports implementation of all company channel initiatives. Prior to ViaWest, McCaffery was responsible for channel sales and operations at Rackspace Hosting and before that was responsible for Western Europe channel sales at Avaya Ltd.