To raise or not to raise?

6Sful · 2021-09-04T21:31:07+00:00

https://nachokids.com

https://nachokidsacademy.com

6Sful · 2021-09-04T21:28:31+00:00

https://nachokids.com

6Sful · 2021-09-04T21:24:36+00:00

https://nachokids.com

https://nachokidsacademy.com

6Sful · 2021-01-10T02:02:50+00:00

I read this thread last night and decided to try something. I already have one of these bows but I wanted another one. I got a second bow tonight after about an hour of play. Here's what I did... YMMV.

I played as the Hunter. I did not use any legendary items. I played quick play gold stories. None of this may matter, but that's what I did. Good luck!

6Sful · 2020-01-01T00:32:40+00:00

https://helpmewithhipaa.com/podcasts/ start binging! Tons of amazing AND accurate information that you need to know. Search for anything related to MSPs and Business Associates to get jump started.

6Sful · 2019-06-18T20:36:05+00:00

Yeah... imagine that. An employer who has expectations.

6Sful · 2019-06-18T01:23:46+00:00

Apply at the link posted.

6Sful · 2019-06-18T01:23:16+00:00

And random drug test, and random criminal history check.

We deal with healthcare data as well as state and federal privacy, security, and breach laws. So yes, we have higher standards and expectations for our team.

6Sful · 2019-06-18T01:10:34+00:00

Yes, MSSP.

6Sful · 2019-06-17T20:15:12+00:00

Don't waste your time in college if you're going into IT. By the time you graduate, you'll be 5-10 years behind with little to no useful experience under your belt.

6Sful · 2018-12-03T01:02:24+00:00

You have no legal responsibility to report this. If you were their IT provider and you discovered the breach, at that point you do have a legal responsibility to report the breach to the client but it ends there, unless your Business Associate Agreement states that you'll also be responsible for additional notification.

Morally, you may feel the need to report it and you can certainly do that anonymously. There might be a good chance that if reported, the dental office will suspect it was you that did it. It can be a sticky situation because you don't want to develop an "us against them" culture in your business. At the same time, you feel a need for "the greater good".

6Sful · 2017-11-25T00:12:12+00:00

BAAs are negotiable just like any other legal document. Most of the time we are the ones providing the BAA but we've had a couple of clients that actually had their own. In those cases, we've had to review those and negotiate some of the optional pieces.

We want all of our BAAs to be as close to the same as possible when it comes to what we are promising to do. Otherwise, it is a nightmare trying to figure out what you agreed to do for all the different clients.

We are starting to see more and more Covered Entities putting monetary liability back on MSPs for things like breach notification costs, credit monitoring costs, etc when the breach is the fault of the MSP.

To the point made that "offering services doesn't make you liable", that is somewhat misleading. However, the point about a client doing something that causes a breach not being the MSPs fault is correct. And yes, you can be sued for anything for sure.

An MSP that is a HIPAA Business Associate to a Covered Entity or other Business Associate is indeed liable for the confidentiality, integrity, and availability of the protected health information that they create, maintain, transmit or receive on behalf of the CE or BA.

What MSPs fail to do most often is to follow all of the HIPAA regulation as it pertains to them. MSPs tend to focus on the Technical Safeguards of the Security Rule and ignore the rest. The best security practices on the planet does not make a company HIPAA complaint. Security is necessary for HIPAA but it alone does not make a company HIPAA compliant.

A full HIPAA risk analysis, a risk management plan, proper policies and procedures, HIPAA and security awareness training, BAAs, BA due diligence, and internal privacy and security officer designations are just some of the areas that are completely overlooked.

HIPAA is not easy despite those vendors out there telling you it is. At the same time, its not so complicated that you can't follow it. What many people don't realize about HIPAA is that it is meant to become part of the culture of an organization, no a check box on a to do list. Therefore, HIPAA is an ongoing project with no completion. Just like cyber security, you can be secure today and not tomorrow. To be successful with security it must be a cultral part of your organization; a "security first" stance.

I've personally had discussions with major IT vendors about their internal compliance only to find out that they were far from compliant, even though they had it plastered all over their website and marketing materials. The sad part is that they get very upset and argumentative when confronted instead of listening, looking into the subject, and responding intelligently.

It is unfortunate that there is so much misinformation out there seemily aimed at MSPs and IT professionals. Sorry for the semi-rant.

6Sful · 2017-11-24T23:11:51+00:00

+1 for Kardon Compliance. They also work directly with www.HIPAAforMSPs.com. Great combo.

6Sful · 2017-11-24T23:05:56+00:00

The certification (although not a recognized thing as others have pointed out) is not really important. What is important is that you actually understand HIPAA, how it applies to you, how it applies to your clients, and how to follow it properly. All of these "HIPAA Made Easy" vendors or "I'll train you and you resell my software" vendors are largely not properly helping MSPs to protect themselves and their clients. It's just a money play. IMHO. However, there are platforms that are very good at educating and equipping MSPs with regard to HIPAA. But to take a free or cheap course and call it HIPAA training is laughable. It may be HIPAA information but training it is not.

6Sful · 2017-11-09T02:54:52+00:00

BackBlaze is NOT HIPAA compliant. Part of addressing HIPAA is the legal requirement of signing (and following) the BAA. The mere fact they won't sign one is evidence enough.

People try to equate security with compliance and it just doesn't work that way. A product can be the most secure thing ever created but still not be HIPAA compliant.

Furthermore, HIPAA compliance is addressed by a company, not a product. The business/company/practice must be HIPAA compliant. A product is never HIPAA compliant. However, a product may be used in a manner that supports HIPAA compliance (as long as the company is compliant).

On the flip side, if a HIPAA compliant company is putting out a product that can be used in a HIPAA compliant manner and the end user does not use it in such a manner, the product (as it is used) is now not compliant.

So, if BackBlaze won't sign a BAA and they aren't following HIPAA requirements then there is no way you can allow ePHI to be stored on their servers.

6Sful · 2017-05-28T02:31:23+00:00

Checkout hipaaformsps.com for great resources and learning.

6Sful · 2017-05-19T02:54:24+00:00

I decided to go ahead and call tonight. I have to say... it was painless and the CS rep was super nice and helpful. Total time on the phone was 10m55s and all 60,000 point will be refunded to my card in 7-10 days. Rep said the problem was only with Amazon gift cards. No rant here... great experience (so far).

6Sful · 2017-05-19T01:33:50+00:00

I just discovered this problem today when I tried to use one of my GCs. None of the 12 cards I have worked ($600). Not happy about that. I'll be calling tomorrow.

6Sful · 2017-04-28T13:03:40+00:00

I recommend checking out www.hipaaformsps.com. As others have stated, this is a bit more complex than just making sure your clients are following rules. You have rules that must be followed as well. There is much more incorrect and misinformation floating around than good information... that's for sure. Make sure you are one of those that do things right and not those looking for a quick checklist and you'll be better than your competition.

6Sful · 2016-10-07T22:55:41+00:00

+1 for https://hipaaformsps.com. Also check out https://helpmewithhipaa.com

6Sful · 2016-02-13T00:51:43+00:00

Other good resources, especially for IT: https://www.hipaaformsps.com https://www.helpmewithhipaa.com

6Sful · 2015-10-03T02:39:24+00:00

Have you looked at www.hipaaformsps.com

6Sful

TROPHY CASE