By Dan Gospe
More and more, IT providers are becoming educated and compliant with HIPAA in order to properly serve medical and dental practices across the US.
Data security compliance is a large beast to tackle, and as such, many HIPAA complaint IT companies deploy a singular best-practice approach to ensure the stability and security of your network. However, in the case of a small dental practice, going full-speed-ahead on security solutions can break the bank, and be overkill for what is actually needed for compliance. Unfortunately, scare-tactics are often deployed by these companies in order to sell premium services – services which many times address security issues which have more than one solution.
One Size does Not Fit All for HIPAA Compliant IT
Your Server
If your dental practice only has a handful of employees, then deploying a state-of-the-art Domain Server in order to lock down every access point might be an expensive exercise in overkill. Don’t get me wrong – it is true that completely securing your data is your ultimate goal, but a small team of employees can more easily provide the labor to self-manage their password compliance, security access levels, software patching, and other functions that a full domain server would more easily fulfill in a larger practice. This one simple adjustment to a full managed service contract can result in thousands of dollars of labor to set up, and hundreds of dollars in recurring monthly fees to manage. However, it is important to keep in mind that there will be internal labor generated in documenting the management of these HIPAA requirements.
Encryption
Encryption is one of those services which can be solved in a variety of ways. HIPAA requires that data be encrypted while in transit – this means during email and backup. Most HIPAA compliant IT companies will bundle these services into a server maintenance package. These services generally are not designed to be profitable by themselves with a managed service provider, and because of their inexpensive nature, they are easily bundled with support packages. For example, if you have self-encrypting hard drives, then you can use the built-in Windows Server Backup to create compliant local backups instead of considering a third party solution such as Acronis – and doing it this way doesn’t require an additional BAA from a backup company.
Monitoring
In the HIPAA compliant IT industry, I have come across line-items in quotes that mention “backup monitoring”. This sometimes appears as a cost on some quotes from IT companies – literally, however, backup monitoring consists of opening your email inbox or viewing your dashboard and looking for alerts. It certainly is not something that should be charged for on its own line item (aside from the actual space usage of the backup; again, which is usually bundled with a server maintenance package).
Know What your are Paying For
When you are about to begin working with a dental IT company, request a demo of all of their services. They can show you “their view” of your network, and exactly how problems integrate with their support. If your IT company is not transparent enough to show you a demo, then they might be overcharging for simple tasks. As with every business decision, make sure you know what you are signing on for. Compare quotes with other companies, and if possible, find testimonials of other dentists using the IT company you are currently looking at.
If you have any quotes that you are currently reviewing, or would like a demo of how managed services can work for your dental office, feel free to contact us at dmi Networking today.