What is HIPAA?

Passed in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was created with the intention of providing data privacy and security provisions for safeguarding medical information. While it’s split into five titles, Title II relates to the electronic transfer of health information for providers, health plans, and employers. It also addresses the security and privacy of health data. If your company has access to any medical information and falls into what HIPAA considers covered entities and business associates, then you are required by law to adhere to HIPAA standards within two years of their adoption.

A violation of HIPAA guidelines can be very costly to businesses. Punishments range from very hefty fines to significant jail time. Clearly, HIPAA requires immediate attention from your business, so take the time to ensure that your business is compliant.

Avoiding a penalty is not the only reason your business should comply with HIPAA guidelines. Following them also promotes trust to customers and sends them the message that you truly care about their privacy. Privacy is becoming more and more difficult to achieve, so being a business prioritizing privacy gives you a competitive advantage.

What is CaaS?

Compliance as a Service (CaaS) is a packaged service that sets you on the path towards full HIPAA compliance and helps you achieve that goal. It is not a magic bullet, and you will have to do a lot of work along the way. But it is the easiest and fastest way to achieve HIPAA compliance and, once you have completed the initial steps, includes financial assistance for breach management in case something fails. If you already have a HIPAA officer and have passed an audit, you may not need CaaS. If you have not yet been audited, we can reduce your HIPAA officer’s workload and help you pass your audit smoothly. If you don’t have a HIPAA officer, you definitely need us. Without a dedicated HIPAA resource, you will fail audits, your risk of breaches and fines will go up, and you may lose your Medicare Meaningful Use incentives.

How is it different from the normal Swift Systems MSP offering?

Our CaaS package includes everything in our normal MSP offering. It also includes HIPAA policy templates, training tools, risk assessment tools, compliance assistance, breach management coverage, and optional pre-audit services.

Swift Systems requires medical customers to use our CaaS offering. Our standard MSP packages ensure that customers are secure and protected, but they do not produce the documentation or non-IT policies that are required for HIPAA compliance.

Onboarding requires more work for new clients who need CaaS. We allocate 90 days for onboarding new clients, to make sure their needs are met and we are working together smoothly. Non-medical clients are usually stable and happy within 45 days. For medical clients, onboarding may require the full 90 days to make sure that the HIPAA compliance process is kicked off properly.

What is included in the Compliance as a Service plan?

We have partnered with SecurityMetrics, a leading provider of HIPAA and PCI compliance services. Our MSP contracts include standard HIPAA policy and procedure templates, HIPAA training, and risk analysis. They also include all the engineering time needed to help you complete your HIPAA risk assessment and create a risk management plan. In addition, they provide the engineering time needed to resolve most IT-related HIPAA risks, although some larger risks may require separate projects to resolve.

Universal Features:

  • Breach Protection Checklist
  • $100,000 HIPAA Breach Protection (after attesting to Breach Protection Checklist)
  • Online Portal Access (Real-time HIPAA guidance, logging, storage, documentation, and training)
  • PHI Map and Vulnerability Identification
  • Risk Analysis (RA)
  • Prioritized Risk Management Plan (RMP)
  • Guided Implementation of Risk Management Plan
  • Monthly HIPAA Update Newsletter
  • Certificates of HIPAA Completion (RA and RMP)
  • Certificate of HIPAA Compliance (upon full implementation of RMP)
  • Assigned and Dedicated HIPAA Support Advisor
  • Unlimited 24×7 Live HIPAA Technical Support
  • Customizable HIPAA Policy Templates (including a Breach Notification Policy)
  • Business Associate Agreement Template

What does it cost?

All medical MSP proposals include CaaS as a built-in component. This causes our services to be more expensive than most of our competitors because others generally don’t offer HIPAA compliance services.