Throughout 2014 as I spoke with many MSPs regarding HIPAA compliance and services around compliance, I often used the phrase “The next big thing”. I am not one to make predictions, however; it seemed to be very obvious to those of us paying attention that demand for HIPAA compliance-as-a-service was only going to grow more rapidly over the next couple of years. In a recent webinar I stated that I believed 2015-2017 would be the biggest opportunities to get in on the ground floor of this “next big thing”.

HIPAA is certainly not new and the opportunities for compliance services have been around awhile. So what has changed and why does it matter to you?


What’s Changed?

In 2013, HIPAA regulations took on a bit of an overhaul called the Omnibus Rule. These changes to HIPAA indeed changed the way it looked and it also changed the way it acted. Like an old horror movie we saw HIPAA start to grow longer arms, fangs and even tentacles (sounds like Slender-man).

For MSPs and IT professionals the biggest changes came in the form of liability. Until the Omnibus Rule, MSPs weren’t really on the hook for anything related to HIPAA. MSPs did not have to sign any particular agreements around HIPAA, did not have to know about HIPAA and weren’t even responsible if things went wrong or weren’t compliant. All of the compliance responsibilities and liabilities fell on the client.

Now, that’s no longer the case. The Omnibus Rule put the liability on “Business Associates” if they were directly or indirectly part of something going south. In addition, the regulations required that any business deemed to be a “Business Associate” (which 99.9% of the time includes IT/MSPs) must also meet compliance requirements of their own. This was a huge game changer. No more could IT/MSPs brush off HIPAA, it was (and is) now a requirement under the law.


Why Does It Matter To You?

Most of us are looking for that next big thing that will allow us to grow faster or increase revenue. In Real Estate the three most important factors are location, location, location. In business, the three most important factors are differentiate, differentiate, differentiate. One question you should always ask yourself about your business is, “What makes me different than my competitors?”.

If you are looking for a sure-fire way to differentiate your business in today’s often overcrowded market, this could be what you’ve been searching for. It is certainly worth taking a much closer look. Dive in and see if it is an opportunity you can capitalize on.


Why Is The Opportunity Now?

Timing is everything. You could say that the perfect storm of opportunity is already brewing for this service. There are a few reasons why the opportunity is now so lets look at them.

Supply & Demand

With the advent of more and more fines and bad publicity coming from hacks and breaches, HIPAA Covered Entities and Business Associates are now starting to take HIPAA much more seriously than years past. The downside is that the market in some areas are in almost panic mode trying to find HIPAA compliant IT providers… there are just not many around. The upside to that problem is that there aren’t near as many HIPAA compliant IT providers to even remotely cover the demand. The demand will continue to grow for the next few years as even more businesses find out what they’re requirements are.

MSPs Are A Great Fit

MSPs and IT providers are the perfect fit for this compliance-as-a-service approach to HIPAA. MSPs are already setup for many other as-a-service offerings and they know how to manage it. The HIPAA Security Rule is divided into three parts, one of which is Technical Safeguards. These Technical Safeguards are exactly what us IT guys (and gals) are use to dealing with daily. As IT people we tend to understand and work with rules and guidelines of how things work. This makes the leap into compliance-as-a-service a logical next step. As with anything else you offer as a service, it is also very prudent to have the backing of another company or other experts, HIPAA is no different. This is another area where can partner up with you to help you take your business to the next level by offering products and services that you weren’t able to offer before.

HIPAA Reach Has No End In Sight

When the Omnibus Rule came about the changes were felt quickly by many and not at all by many more. What I mean by that is that there are still more businesses that either aren’t HIPAA compliant or do not know they need to be HIPAA compliant than ever before. Now that Business Associates have to address HIPAA, that drastically increases HIPAA’s tentacles. The experts have said that there are so many more Business Associates that are now bound by HIPAA that they really don’t even know just how many businesses that is… the number is astronomical.


How Do I Get Started?

Let me address this question in two parts, since there’s a high likelihood there will be two distinct sets of people reading this.

First, if you’re already a Professional member of then you have started in the right place. Regardless of how you decide to travel down this road, we will help you get to the destination. For some, learning slowly works best. For others, they want it as fast as they can get it. We can accommodate both types with precise, relevant content or in depth certified training courses.

If you’re not a member of, I highly recommend you take a closer look. No, not just getting on our mailing list. Actually get a Professional membership… just for one month to see if its right for you and your business. If it isn’t or if you find that taking on the challenges and rewards of this journey are not right for you, then it will be the fastest and least expensive way to figure that out.

Want to catch the coming waves of opportunity?

Want to differentiate your business in your local market?

Want to find more ways to create new revenue streams?

If you answered yes to any of those questions then get your membership started and stick with it. HIPAA compliance is a continual process and if you’re serious about making it part of your business offering by selling Compliance-As-A-Service then you need to be part of a resource that will ensure your success. Just like working out or losing weight, you will see the benefits and the results only by committing to it and keep doing it… don’t quit.