In many industries, there are seasonal spikes in business around specific times. For example, CPAs/Accounting firms, though busy all year, generally see a spike in business around the time of tax planning, IRS return filing, etc., the retail industry sees a boom around the Holiday Season, and so on. During such peak times, it is common practice in the industry to employ part-time staff to meet the immediate resource needs. While this works well in terms of costs and for handling additional work/client inflow, this poses a few challenges from the IT perspective. In this blog, we explore those challenges so you know what to watch out for before bringing part-time staff on board.
More and more SMBs are migrating to the cloud and that is not a surprise considering the numerous benefits the cloud can offer them. For a SMB, the cloud is a cost efficient and secure answer to their growing data needs and IT security requirements. The cloud grows with them and lets them scale their business without worrying about a corresponding rise in IT costs. Plus, with the cloud, the important aspects of security and backups are mostly taken care of by the cloud service provider. And then, there’s the convenience of any-time-anywhere data access. With all these benefits that the cloud brings, what’s there to think about before signing up with a cloud service provider? While are a lot of benefits of storing your data on the cloud, but your data is still yours, so there are a few things you need to know and be comfortable with before you jump onto the cloud.
Does HIPAA regulation cover your business? There are two categories of entities who are regulated by HIPAA and are required to be in full compliance.
Covered Entity – This is the main focus of the original law. Covered entities are those who, in their normal activities, create, maintain, directly access and/or transmit PHI and ePHI. Examples of these entities are healthcare providers, clearinghouses, insurance plans, and employers who self-insure. [Note: In general a specific individual is not considered a covered entity. Their employer is the covered entity. Individuals, however, still have a duty to support and ensure compliance and would likely face disciplinary action by their employer for individual behaviors that compromise compliance. Their employer would be the target of OCR fines and penalties.
So you know you are regulated by HIPAA. But in a broad sense, what must your organization do to be in compliance? First and foremost, you need to understand what HIPAA and the HITECH Act are regulating. HIPAA and the HITECH Act are regulating and enforcing the security of an individual patient’s health information. The specific information being regulated is known as Protected Health Information (PHI), also known sometimes as Individually Identifiable Health Information (IIHI), and its subset, electronic Protected Health Information (ePHI). ePHI is simply PHI stored, maintained, etc. in digital form. These are defined as any data that can individually identify a patient. That means anything that can reasonably ID a patient. Examples include SSN, medical ID, age, vmail, URLs, driver’s license number, license plate numbers, photos, names of relatives, identified test results, telephone numbers, email and postal addresses, and medical images. As can be seen, this sweeps a large swath of data under the umbrella of protected information.
8306 Wilshire Blvd., #301
Beverly Hills, CA 90211
P: (310) 853-8006
South Carolina Office
2435 East North St Suite 1108 – 265
Greenville, SC 29615
P: (864) 520-5400