By Neal Bradbury, Senior Director of Channel Development, Intronis MSP Solutions by Barracuda
With data breaches on the rise in the U.S., the security of personal data is becoming a growing concern for both consumers and businesses, and rightly so. The major cyberattack experienced earlier this year by Anthem exposed the sensitive healthcare information of 80 million Americans — nearly a quarter of the U.S. population. And that’s just one example.
So what do you need to know and do to help properly protect and store your customers’ data? Here is some practical advice for managed services providers (MSPs) and VARs servicing the IT needs of the healthcare industry.
- Know And Understand The Law. As a business associate (BA) of a healthcare provider, channel partners must first be HIPAA compliant themselves. As such, it is important that MSPs and VARs have the same administrative, physical, and technical safeguards in place to protect any and all information that they have access to, including information stored in datacenters and by cloud-based backup and data protection providers.
- Stay Informed. HIPAA regulations continue to evolve, making it critical for channel partners to stay informed about changes in the way the law regulates IT security for healthcare providers. One example of this is the HIPAA Omnibus Rule of 2013, which expanded the definition of BAs to include administrators, attorneys, consultants, and IT service providers working for healthcare providers. The U.S. Department of Health and Human Services website is a great resources for updates on HIPAA and health information privacy. For more information, visit http://www.hhs.gov/ocr/privacy/.
- Educate Customers. The best way to prevent cyberattacks is to educate the healthcare provider’s users on their network and show them how to recognize an attack by reading the warning signs. Channel partners should also be diligent in helping their healthcare customers select and deploy technology solutions that comply with HIPAA regulations. They can also add value by working with their customers to train staff members on proper procedures and protocols for safeguarding patient records and sensitive personal data.
And, when it comes to selecting the right technology solutions, here are a few other suggestions that our partners have for healthcare organizations:
- Use A Reputable BDR Vendor. One technology that plays a critical role in HIPAA compliance, and one that also affords channel partners tremendous opportunity to grow their businesses, is backup and disaster recovery (BDR). While there are a number of different options — from the popular “freemium” services to business-grade data protection — channel partners must do their due diligence to verify that the level of security complies with HIPAA regulations and that data will also be protected while it is in transit between the customer and the data center.
- Don’t Settle For Yesterday’s Encryption Service. For many years, the best way to secure data has been through encryption. But not just any encryption will suffice, and this is especially true in regulated industries such as healthcare. To achieve HIPAA compliance, channel partners must deliver military-grade 256-bit AES encryption and provide assurances that only the customer can access the source data. Furthermore, strong SSL encryption protocols must cover customer data while it is being transmitted to the data center.
The Healthcare IT market is anything but business as usual. It is a lucrative field that channel partners must know how to navigate with precision and accountability. Partner with the right vendors. Assume nothing. Listen, learn, and teach your customers. This is one market where channel partners can never know enough.
Neal Bradbury is VP of Channel Development and a co-founder at cloud-based backup and disaster recovery provider Intronis. Working closely with the company’s MSP partner community and alliance partners, he is responsible for generating greater business value for the company’s MSP partner community and alliance partners.