compliance-as-a- solution for msps · • comptia channel advisory board –co chair • comptia...

1855-85-HIPAA

© 2018 Compliancy Group, LLC

Compliance-as-a-

Solution for MSPs

2855-85-HIPAA


Clients

Recurring Revenue

Profit

Less work

Who Wants MORE:

3855-85-HIPAA


Market presence • SaaS Subscription end user solution• 70,000+ users• 400+ resellers and referral partners• Seal of Compliance & HIPAA Alliance Marketplace

The GuardTM Endorsed by: • 40 + medical associations, SaaS providers, Hosting Services

Security Firms & MSP

Recognized Leader of Compliance & Cyber Security• 2017 ChannelPro Visionary• CRN Emerging technology • CompTIA Channel Advisory Board – Co Chair• CompTIA Business Applications Advisory Council – Chair

Subject Matter Experts• National Publications - Beckets Hospital Review, CHANNELe2e, • Recognized National speaker- CompTIA , Med Pro 360• Software Executive Magazine - editorial Board

We simplify compliance

so you can confidently

focus on your business.

No client has ever Failed

an OCR or CMS audit!

4855-85-HIPAA


Concerns

▪Compliance is hard to sell

▪ Increased Liability

▪Domain expertise – what I don’t know?

▪Additional Resources or Staff

5855-85-HIPAA


How & Why CaaSFocus and Specialization

Compliance as a Service Solution

▪ Solves your clients problem not the symptoms

▪ Justifies MSP & Security services

▪ Increase your MRR

▪ Increases the value and differentiates your company

HIPAA - It’s the law, get paid for it!!!!

6855-85-HIPAA


Why Healthcare?

Health Care & Compliance - fastest growing sectors of the

US economy with the highest vulnerability to cyber risk

▪ 26% of the US Economy▪ 5,000,000 Small and Midsize Business’s

▪ CE & Vendors (BA)▪ 400% Increase in enforcement ▪ 70% + Audit Failure rate▪ Healthcare #1 Vertical For MSPs in 2018

*Datto – 2018 report

*CRN, Gartner, CHANNELe2e

88% Ransomware

7855-85-HIPAA


What’s Your Business?

Security

8855-85-HIPAA


Security Issues in the Last Year

▪ 76% lost devices, malware, phishing attacks or staff disabling security features

The #1 reason is a mistaken belief

that current security is “good enough.”

- CompTIA’s International Trends in Cybersecurity report

https://www.comptia.org/resources

26% IT staff failure to follow policies and procedures26%

Factors in Security Breaches (Human Error)

9855-85-HIPAA


HIPAA Is About “Good Faith Effort”

Link: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

▪ Breaches “Wall of Shame”

▪ 100% of HIPAA Fines levied

• Failure to assess ALL risks

• Lack of Administrative

Policy and procedures

• Failure to have BAA

▪ Average fine $1,500,000

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

10855-85-HIPAA


Physical Audit

Requires safeguards to ensure only those who should have

access to electronic protected health information

(ePHI) will have access.

Security Rule

Administrative/Privacy AuditSecurity/Technical

Audit

Sets standards for when

protected health information

(PHI) may be used and

disclosed.

Privacy Rule

Breach Notification

Business Associate

Omnibus Rule

Meaningful Use/MIPS

Risk Assessment

SRA

11855-85-HIPAA


HIPAA Required Risk Assessments Technical = SRA▪ Asset and Device Manual Audit - 164.308 requires an audit in the form of an itemized inventory of devices

that connect to ePHI and how the organization is protecting them.

▪ IT Risk Analysis Questionnaire (Manual Audit) - to synchronize a uniform device installation and device

setup protocol across the entire organization.

Physical▪ Physical Site Manual Audit - 164.308 requires that each physical location where PHI/ePHI is being stored or

worked on must conduct an audit that identifies risks of exposure to that PHI/ePHI

Administrative▪ Security Standards Self-Audit - ensure that it has policies concerning all standards of the HIPAA Security

Rule.

▪ Privacy Standards Self-Audit - 164.502 to ensure that it has policies covering all standards of the HIPAA

Privacy Rule

▪ HITECH Subtitle D Privacy Self-Audit - to assure that the organization has documentation and direction on

their HIPAA Breach Notification Rule protocols.

12855-85-HIPAA


The Seven Fundamental Elements of an

Effective Compliance ProgramCompliance according to HHS:

1. Implementing written policies, procedures and standards of conduct.

2. Designating a compliance officer and compliance committee.

3. Conducting effective training and education.

4. Developing effective lines of communication.

5. Conducting internal monitoring and auditing.

6. Enforcing standards through well-publicized disciplinary guidelines.

7. Responding promptly to detected offenses and undertaking corrective action.

*Source HHS & OIG

13855-85-HIPAA


Security ≠ Compliance

▪ Lost Laptop - $2,700,000 • Oregon Health & Science

• SIX risk analysis – failure to have updated policy and procedures

▪ Malware - $150,000• Alaska Nonprofit org – failure to have updated policy and

procedures

▪ Lost Smart Device - $650,000• IT Firm in Philadelphia – Incomplete Risk Assessments, failure to have

policies/procedures

“Covered entities must not only make assessments to safeguard ePHI,

they must act on those assessments as well.“

- OCR Director Jocelyn Samuels

14855-85-HIPAA


HIPAA Lite - SecurityHIPAA done right! tm

Secure & Compliant

Audits SRA (Security Risk

Assessment)

$

$

$

$

$

$

SecurityPolicies,

Procedures & Training

Security Remediation

Efforts

AuditsSRA (Security Risk

Assessment),

Administrative,

Privacy

Gap Identification & Remediation

Policies,Procedures& Training

BusinessAssociate

Management

IncidentManagement &

Remediation

Document Version,

Employee Attestation &

Tracking

The GuardTM

15855-85-HIPAA


16855-85-HIPAA


Compliance as a Solution “Fundamentally Changed My Business”

Paul ReddingCEO

Carlin Bradley, LLCCordova, Tennessee

“We've done network security well for years. The problem with

health care was understanding HIPAA itself. We were concerned

about the potential liability and the sales and operational

challenges--but Compliancy Group helped with all of that.”

“MSPs and MSSPs have a powerful CaaS-based compliance solution

it can be resold as a Compliance-as-a-Solution offering, giving

MSPs the tools to break into health care and make lasting managed

service relationships, year after year.”

▪ 20 new project clients in six months

▪ 60% of those into managed service clients

▪ Full marketing and sales support -All the Tools I needed

▪ Time savings and efficiency

17855-85-HIPAA


Compliance As A Solution Case Study

Paul Redding

CEO

Carlin Bradley, LLC

Cordova, Tennessee

Option A. Bundle Flat rate with combo services

• $1,200 – $2,000 per month

Option B. Line Item

• Monthly Service fee for HIPAA Solution

• 3 X markup

• New project work

• $3,000 – $20,000 per engagement

• Managed service MRR

• 25% increase in rate

18855-85-HIPAA


Producers Club Testimonial"Compliancy Group gave us the ability to build on our strong vertical specialization in health care, and helped us create a

sales and marketing platform that spoke directly to our prospects' needs. The Guard helps justify our security

services to ultimately realize a higher MRR. We're not amateurs when it comes marketing, which is why we work with Robin Robbins. But clearly, Compliancy Group has

brought a whole new set of tools to the table.

“I highly recommend them to any MSPs interested in the healthcare market. “

Coleman Groves, ISC

19855-85-HIPAA


Monitoring and Detection

Encryption

Back up

Secure Communication

• Data Backup & Recovery

• Email/Spam Prevention

• Managed Print

• Security Services• Network Security

• Business Continuity

• CyberSecurity

HIPAA Justifies your Services

20855-85-HIPAA


HIPAA Lite - SecurityHIPAA done right! tm

Secure & Compliant

Audits SRA (Security Risk

Assessment)

$

$

$

$

$

$

SecurityPolicies,

Procedures & Training

Security Remediation

Efforts

AuditsSRA (Security Risk

Assessment),

Administrative,

Privacy

Gap Identification & Remediation

Policies,Procedures& Training

BusinessAssociate

Management

IncidentManagement &

Remediation

Document Version,

Employee Attestation &

Tracking

The GuardTM

21855-85-HIPAA


FREE Security & Compliance Checklisthttps://compliancy-group.com/simple-hipaa-compliance-checklist/

Questions?

Marc Haskelson

President

855 85 HIPAA (855.854.4722) Ext 507

[email protected]

www.CompliancyGroup.com

https://compliancy-group.com/simple-hipaa-compliance-checklist/

https://compliancy-group.com/simple-hipaa-compliance-checklist/

mailto:[email protected]

http://www.compliancygroup.com

#NGC18 @TheChannelCo

Don’t Forget to Rate This Session in the App!

How to Rate Sessions:

1. Tap on Event Agenda icon

2. Tap on the session you want to rate

3. Tap how many stars

4. Write a review (if you want)

5. Submit!

compliance-as-a- solution for msps · • comptia channel advisory board –co chair • comptia...

Documents