Choosing a hosting provider can be a daunting process, especially when you have protected health information at stake. To help with finding a provider that will be a true business partner and not merely a vendor, we put together a few points to consider in the selection process.
What is your current list of HIPAA Certifications?
One certification reinforces the idea that the partner is simply trying to provide the minimum requirements needed and may not be truly investing in this model for their business. Look for companies with multiple certifications across a varied amount of technology. It shows that they are invested in the technology that their employees are supporting.
How long have you been providing HIPAA compliant services?
HIPAA and PHI are very trendy topics in the technology industry and managed service providers can be quick to jump on the bandwagon. You want a provider who understands the history of HIPAA & PHI and also has a vision & plan for how compliance is evolving.
Can you tell me the difference between your standard managed services and your HIPAA compliant services? How do you address the components needed for Omnibus Compliance?
This will give you an idea of the customization and thought process that your provider went through to develop this offering. There is a minimum standard that is needed for HIPAA compliance. Did your provider simply do the minimum to provide this offering? If so, it may be time to switch to a new one.
What list of components is included in your pricing plan?
Be wary of potential partners offering too-good-to-be-true pricing compared with more established and reputable providers. There may be more than a few costly feature additions required to achieve the level of compliance you require that won’t be included in that initial price.
Will you sign a BAA? Do you allow for any customization of your BAA?
Is your potential provider’s BAA simply a piece of paper or is it truly something that the company understands and will stand behind?
What assistance will you be able to provide during our annual Audit?
Is your vendor going to leave you high and dry when it comes to your annual audit or are they going to act like a partner with a dedicated security staff who will meet face to face with your auditor? Is their security staff CISSP certified?
Have you ever been involved in a data breach, and how did you support your customer through that situation?
This answer may reveal everything you need to know.
Whether you’re in the market for a new partner or just uncertain about the comprehensiveness of your current compliance plan, we’d love to hear from you. View our HIPAA Compliant Hosting Solutions, including HIPAA on AWS, and feel free to contact us any time.