Patrolling the Channel

Apr 30 2010   7:00PM GMT

Solution providers under the HIPAA microscope

WHurley Billy Hurley Profile: WHurley

Kevin McDonald is executive vice president and director of compliance practices at Alvaka Networks, an Irvine, Calif.-based network, security and managed services consulting firm that is both a solution provider and a “business associate” according to HIPAA regulations.

In this edition of “Patrolling the Channel,” see why the designation of “business associate” has given McDonald additional compliance challenges. The executive VP talks about the technical and non-technical controls being implemented for HIPAA’s sake. He also shares why he thinks solution providers may be behind the curve when it comes to compliance with the healthcare regulation.

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • JohnMAndre
    Becoming HIPAA-compliant is not difficult nor does it need to be expensive. There are even free solutions out there. My doctor uses TrulyMail ( both because it is encrypted but even more because it is very easy (and free) for his patients to use. Small private clinics do not need to spend thousands or even hundreds of dollars to be legal, they just need to know their options.
    45 pointsBadges:
    "Becoming HIPAA-compliant is not difficult nor does it need to be expensive. There are even free solutions out there." First off, there is no single solution that can be purchased to make someone compliant. Your statement is absolutely untrue and if you really believe that, you are one of the people I was speaking of in the interview. It seems clear that your statement is more like an ad for the/your mail service you are pitching here. HIPAA compliance requires that standards be met on physical, technical and administrative standards that touch EVERY aspect of a business, the covered entities and their business associates. HIPAA Privacy and Security Rules combined require the implementation of “processes and procedures” (not simple email solutions) that deal with the security, integrity and availability of PHI. While it is true that smaller firms have a much easier time, because their practices are less complex, your misleading them into believing that some out-of-the-box solution somehow deals with all of the standards is blatantly irresponsible. Yes, secure email is one requirement, but I think you should just buy ad space instead of spouting off about a subject that you don’t understand in forums like this.
    35 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: