compliance-as-a- solution for msps · • comptia channel advisory board –co chair • comptia...
TRANSCRIPT
1855-85-HIPAA
© 2018 Compliancy Group, LLC
Compliance-as-a-
Solution for MSPs
2855-85-HIPAA
© 2018 Compliancy Group, LLC
Clients
Recurring Revenue
Profit
Less work
Who Wants MORE:
3855-85-HIPAA
© 2018 Compliancy Group, LLC
Market presence • SaaS Subscription end user solution• 70,000+ users• 400+ resellers and referral partners• Seal of Compliance & HIPAA Alliance Marketplace
The GuardTM Endorsed by: • 40 + medical associations, SaaS providers, Hosting Services
Security Firms & MSP
Recognized Leader of Compliance & Cyber Security• 2017 ChannelPro Visionary• CRN Emerging technology • CompTIA Channel Advisory Board – Co Chair• CompTIA Business Applications Advisory Council – Chair
Subject Matter Experts• National Publications - Beckets Hospital Review, CHANNELe2e, • Recognized National speaker- CompTIA , Med Pro 360• Software Executive Magazine - editorial Board
We simplify compliance
so you can confidently
focus on your business.
No client has ever Failed
an OCR or CMS audit!
4855-85-HIPAA
© 2018 Compliancy Group, LLC
Concerns
▪Compliance is hard to sell
▪ Increased Liability
▪Domain expertise – what I don’t know?
▪Additional Resources or Staff
5855-85-HIPAA
© 2018 Compliancy Group, LLC
How & Why CaaSFocus and Specialization
Compliance as a Service Solution
▪ Solves your clients problem not the symptoms
▪ Justifies MSP & Security services
▪ Increase your MRR
▪ Increases the value and differentiates your company
HIPAA - It’s the law, get paid for it!!!!
6855-85-HIPAA
© 2018 Compliancy Group, LLC
Why Healthcare?
Health Care & Compliance - fastest growing sectors of the
US economy with the highest vulnerability to cyber risk
▪ 26% of the US Economy▪ 5,000,000 Small and Midsize Business’s
▪ CE & Vendors (BA)▪ 400% Increase in enforcement ▪ 70% + Audit Failure rate▪ Healthcare #1 Vertical For MSPs in 2018
*Datto – 2018 report
*CRN, Gartner, CHANNELe2e
88% Ransomware
7855-85-HIPAA
© 2018 Compliancy Group, LLC
What’s Your Business?
Security
8855-85-HIPAA
© 2018 Compliancy Group, LLC
Security Issues in the Last Year
▪ 76% lost devices, malware, phishing attacks or staff disabling security features
The #1 reason is a mistaken belief
that current security is “good enough.”
- CompTIA’s International Trends in Cybersecurity report
https://www.comptia.org/resources
26% IT staff failure to follow policies and procedures26%
Factors in Security Breaches (Human Error)
9855-85-HIPAA
© 2018 Compliancy Group, LLC
HIPAA Is About “Good Faith Effort”
Link: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
▪ Breaches “Wall of Shame”
▪ 100% of HIPAA Fines levied
• Failure to assess ALL risks
• Lack of Administrative
Policy and procedures
• Failure to have BAA
▪ Average fine $1,500,000
10855-85-HIPAA
© 2018 Compliancy Group, LLC
Physical Audit
Requires safeguards to ensure only those who should have
access to electronic protected health information
(ePHI) will have access.
Security Rule
Administrative/Privacy AuditSecurity/Technical
Audit
Sets standards for when
protected health information
(PHI) may be used and
disclosed.
Privacy Rule
Breach Notification
Business Associate
Omnibus Rule
Meaningful Use/MIPS
Risk Assessment
SRA
11855-85-HIPAA
© 2018 Compliancy Group, LLC
HIPAA Required Risk Assessments Technical = SRA▪ Asset and Device Manual Audit - 164.308 requires an audit in the form of an itemized inventory of devices
that connect to ePHI and how the organization is protecting them.
▪ IT Risk Analysis Questionnaire (Manual Audit) - to synchronize a uniform device installation and device
setup protocol across the entire organization.
Physical▪ Physical Site Manual Audit - 164.308 requires that each physical location where PHI/ePHI is being stored or
worked on must conduct an audit that identifies risks of exposure to that PHI/ePHI
Administrative▪ Security Standards Self-Audit - ensure that it has policies concerning all standards of the HIPAA Security
Rule.
▪ Privacy Standards Self-Audit - 164.502 to ensure that it has policies covering all standards of the HIPAA
Privacy Rule
▪ HITECH Subtitle D Privacy Self-Audit - to assure that the organization has documentation and direction on
their HIPAA Breach Notification Rule protocols.
12855-85-HIPAA
© 2018 Compliancy Group, LLC
The Seven Fundamental Elements of an
Effective Compliance ProgramCompliance according to HHS:
1. Implementing written policies, procedures and standards of conduct.
2. Designating a compliance officer and compliance committee.
3. Conducting effective training and education.
4. Developing effective lines of communication.
5. Conducting internal monitoring and auditing.
6. Enforcing standards through well-publicized disciplinary guidelines.
7. Responding promptly to detected offenses and undertaking corrective action.
*Source HHS & OIG
13855-85-HIPAA
© 2018 Compliancy Group, LLC
Security ≠ Compliance
▪ Lost Laptop - $2,700,000 • Oregon Health & Science
• SIX risk analysis – failure to have updated policy and procedures
▪ Malware - $150,000• Alaska Nonprofit org – failure to have updated policy and
procedures
▪ Lost Smart Device - $650,000• IT Firm in Philadelphia – Incomplete Risk Assessments, failure to have
policies/procedures
“Covered entities must not only make assessments to safeguard ePHI,
they must act on those assessments as well.“
- OCR Director Jocelyn Samuels
14855-85-HIPAA
© 2018 Compliancy Group, LLC
HIPAA Lite - SecurityHIPAA done right! tm
Secure & Compliant
Audits SRA (Security Risk
Assessment)
$
$
$
$
$
$
SecurityPolicies,
Procedures & Training
Security Remediation
Efforts
AuditsSRA (Security Risk
Assessment),
Administrative,
Privacy
Gap Identification & Remediation
Policies,Procedures& Training
BusinessAssociate
Management
IncidentManagement &
Remediation
Document Version,
Employee Attestation &
Tracking
The GuardTM
15855-85-HIPAA
© 2018 Compliancy Group, LLC
16855-85-HIPAA
© 2018 Compliancy Group, LLC
Compliance as a Solution “Fundamentally Changed My Business”
Paul ReddingCEO
Carlin Bradley, LLCCordova, Tennessee
“We've done network security well for years. The problem with
health care was understanding HIPAA itself. We were concerned
about the potential liability and the sales and operational
challenges--but Compliancy Group helped with all of that.”
“MSPs and MSSPs have a powerful CaaS-based compliance solution
it can be resold as a Compliance-as-a-Solution offering, giving
MSPs the tools to break into health care and make lasting managed
service relationships, year after year.”
▪ 20 new project clients in six months
▪ 60% of those into managed service clients
▪ Full marketing and sales support -All the Tools I needed
▪ Time savings and efficiency
17855-85-HIPAA
© 2018 Compliancy Group, LLC
Compliance As A Solution Case Study
Paul Redding
CEO
Carlin Bradley, LLC
Cordova, Tennessee
Option A. Bundle Flat rate with combo services
• $1,200 – $2,000 per month
Option B. Line Item
• Monthly Service fee for HIPAA Solution
• 3 X markup
• New project work
• $3,000 – $20,000 per engagement
• Managed service MRR
• 25% increase in rate
18855-85-HIPAA
© 2018 Compliancy Group, LLC
Producers Club Testimonial"Compliancy Group gave us the ability to build on our strong vertical specialization in health care, and helped us create a
sales and marketing platform that spoke directly to our prospects' needs. The Guard helps justify our security
services to ultimately realize a higher MRR. We're not amateurs when it comes marketing, which is why we work with Robin Robbins. But clearly, Compliancy Group has
brought a whole new set of tools to the table.
“I highly recommend them to any MSPs interested in the healthcare market. “
Coleman Groves, ISC
19855-85-HIPAA
© 2018 Compliancy Group, LLC
Monitoring and Detection
Encryption
Back up
Secure Communication
• Data Backup & Recovery
• Email/Spam Prevention
• Managed Print
• Security Services• Network Security
• Business Continuity
• CyberSecurity
HIPAA Justifies your Services
20855-85-HIPAA
© 2018 Compliancy Group, LLC
HIPAA Lite - SecurityHIPAA done right! tm
Secure & Compliant
Audits SRA (Security Risk
Assessment)
$
$
$
$
$
$
SecurityPolicies,
Procedures & Training
Security Remediation
Efforts
AuditsSRA (Security Risk
Assessment),
Administrative,
Privacy
Gap Identification & Remediation
Policies,Procedures& Training
BusinessAssociate
Management
IncidentManagement &
Remediation
Document Version,
Employee Attestation &
Tracking
The GuardTM
21855-85-HIPAA
© 2018 Compliancy Group, LLC
FREE Security & Compliance Checklisthttps://compliancy-group.com/simple-hipaa-compliance-checklist/
Questions?
Marc Haskelson
President
855 85 HIPAA (855.854.4722) Ext 507
www.CompliancyGroup.com
#NGC18 @TheChannelCo
Don’t Forget to Rate This Session in the App!
How to Rate Sessions:
1. Tap on Event Agenda icon
2. Tap on the session you want to rate
3. Tap how many stars
4. Write a review (if you want)
5. Submit!