Who Can You Trust With Healthcare IT Service & Support?
Many healthcare IT service providers brag that they can manage the technology for your healthcare organization. But in reality, they may not. For example, do they know what your business associates must do when it comes to HIPAA? Do they even know what a covered entity (CE) is and what Meaningful Use is? You may be surprised when you start to question them.
We’ve provided some questions below that you should ask any IT provider in South Carolina or North Carolina that you’re considering for your Health IT Service & Support.
Before we begin, do you know what reliable and secure healthcare technology involves?
These are some basics you and your employees should understand:
- Your data, electronic medical records (EMRs), electronic health records (EHRs), and protected health information (PHI) must be stored in a secure, cloud-based storage solution so your data is easy to recover after a manmade or natural disaster.
- You must meet HIPAA/HITECH requirements and pass a HIPAA IT audit. (Your IT Provider should be able to verify this.)
- Your technology must be remotely monitored 24/7 for malware, viruses, data breaches, and cybercrime.
- Your IT system must also be remotely monitored 24/7 for irregularities or issues, so it always runs at peak performance.
Okay … now you’re ready to conduct your Health IT Interview.
IT security is vital. Without it, your patients’ confidential information is at risk. If you experience a serious data breach, the federal government will make your life miserable, and your organization will be listed on the HHS “Wall of Shame.”
This is why you need to take this interview seriously.
What Initial Questions Should You Ask An IT Provider Who Wants Your Business?
- Are they HIPAA Compliant?
- Do they know that an EMR is used for diagnosis and treatment?
- Do they know that EHRs are used to share a patient’s information with authorized providers and staff?
- How often will they perform HIPAA Risk Analyses to confirm all requirements are exceeded?*
- Will they remotely monitor your data security and IT system 24/7?
- How will they ensure your EMRs, EHRs, and PHI are secure and protected, and available whenever you need them?
- Do they provide Backup and Disaster Recovery Services using HIPAA-Compliant Solutions?
- Will they manage relationships with your business associates, EMR/EHR supplier, and other tech vendors that supply services to your healthcare business?
*HHS/OCR requires you to conduct a HIPAA Risk Analysis. If you receive EHR incentive payments and you don’t perform these risk assessments, you’ll be held liable and must forfeit your payments. Overseeing this is a top priority for the OIG (Office of Inspector General).
Next – Does The IT Company Understand What “Meaningful Use” Is?
The Medicare and Medicaid EHR Incentive Programs provide financial incentives for the Meaningful Use of EHR technology to improve patient care.
If the IT company doesn’t know about these requirements, they can’t help you meet them. If this happens, you’ll pay the consequences. You may lose your incentive payments.
Based on the questions and answers so far, are you feeling confident about this IT company?
What About a Business Associate Agreement (BAA)? – Do They Know What This Is? Will They Sign One?
If not, you may be violating HIPAA regulations.
A BAA defines levels of performance to be delivered by your IT company, as well as your rights as their client. Covered entities (you) must ensure that they have a current HIPAA BAA in place with each of their partners to maintain PHI security and overall HIPAA compliance.
Here are more questions you should ask:
- Can they provide their track record when it comes to delivering IT service to other healthcare organizations?
- Will they guarantee (in writing) that all software, hardware, or services provided comply with federal and state regulations and HIPAA?
- How will they detect data breaches and how soon will you be notified if one occurs?
- Do they document all of their services, processes, and procedures?
- What’s their BDR Plan? Do they perform Vulnerability Assessments and Penetration Testing?
- Will they train your employees on Security Awareness?
- Will they give you a report defining the security measures for supporting connectivity to the Internet and the technology solutions they’ll use for this?
- How will they align their services and solutions with your operations and the processes you employ?
- Will they provide a Service Level Agreement?
- Do the solutions they use guarantee uptime?
- How quickly will they respond to IT emergencies?
Many Healthcare IT support providers boast that they can manage the technology for your healthcare organization. But Cyber Solutions can do it. Plus, we can also answer all these questions and more. Just ask us.
In the meantime, because you rely so much on your technology, it’s essential that you stay up-to-date with what’s going on. You can do this by visiting our Our Blog from time to time. We’ll post the technology info you should know about. The following are a few examples:
Finding The Right Managed Services Provider (Questions/Answers?)
Common Security Threats and How Microsoft Security Helps Mitigate Them