The primary concern of healthcare professionals is patient care. To focus on what you do best, let IT professionals handle the complex and sensitive tasks of patient data protection, management, and retrieval. To make sure the IT professional you select meets the same exacting standards as you do, ask these questions before you sign over the responsibility of managing patient records.

  1. Are they HIPAA certified, knowledgeable and experienced in HIPAA Security and Privacy Rule implementation?
    Most IT technicians know basic IT, which simply means they know how to keep your computers, printers, internet access, back-up, software, and network up and running. One level higher are the IT techs that know basic IT but also specialize in healthcare software such as Electronic Medical Records (EMR), Electronic Health Records (HER), Practice Management, digital x-ray, MRI, CT Scans, etc. And it stops there! In the majority of cases the IT company do not take the time and resources to learn HIPAA and all of its complexity. There are only a handful of IT companies that are truly HIPAA compliant.

So, the question you must ask is: Are your IT service provider and their techs HIPAA certified, which means; did they each complete an accredited certification course in HIPAA regulations, including Security Rule, Privacy Rule, Technical safeguards, Administrative Safeguards, Physical Safeguards, The Omnibus Rule, Managing Business Associates, Policies and Procedures, Disaster Recovery and Business Continuity and so much more? This type of certification usually costs over $4,000 and it takes a minimum of 2 weeks to complete.

  1. Is the data secure?
    Security begins when patient data is collected and is an absolute must for as long as that information is stored by your organization. Does the IT service provider you are considering hiring provide strict access protocols to prevent and/or detect security breaches? Are redundant routers in place? What threat management provisions does the service have in place to protect patient records?
  2. What kind of training do employees receive?
    Are employees of the IT firm provided with regular training to stay current with the most recent changes to regulations? Health Insurance Portability and Accountability Act (HIPAA) laws are complex (if you have some time, you can read a summary here on the U.S Department of Health and Human Services website). When selecting an IT professional, choose one with a proven track record and thorough understanding of the regulations. The best IT firms for healthcare organizations also work with their clients to provide on-site compliance training for staff, as well.
  3. Do they provide independent audit services ?
    Regardless of how professional and compliant the IT service you hire may be, it will mean nothing unless your own internal processes ensure patient records are secure. Whether in-house or fully outsourced, all server updates, hosting infrastructure, network management and security processes should be regularly monitored, tested, and kept up-to-date by a team of experts.
  4. Is patient data available when needed?
    Does the professional provide a high availability (HA) hosting structure? Collecting and storing data is certainly important, but the right IT provider will also make it easy to access the data you need when you need it. (After all, if your tech isn’t actually helping you be more efficient and provide better care to your patients, then why are you using it at all?)
  5. What happens if disaster strikes?

How long will it take to regain access to patient records? What kind of disaster recovery strategy is in place in case of a system failure? Though a good professional IT solution minimizes data loss, corruption, or security breaches, ask to see a copy of the company’s breach insurance policy — and never work with an organization that doesn’t have a strong backup system in place.

Working with a trusted IT professional like Enviromerica can help you focus on what you do best while protecting sensitive patient records and ensuring compliance with HIPAA laws. Contact us today for more information on how we can help your practice!

(650) 655-2045

175 N. Redwood Drive, Suite 150, San Rafael, CA 94903


CALL (650) 655-2045 Skip to content