Does Your Business Need to Be HIPAA-Compliant?

Updated on January 24, 2020

The Short Answer

HIPAA, or the Health Insurance Portability and Accountability Act, is a regulation designed to protect the information of individuals who have their information stored in databases of healthcare institutions. If you have a business that deals in PI, or Personal Information, and is involved with healthcare, you have got to be HIPAA compliant.

If you are not HIPAA compliant, you could be subject to hundreds of thousands of dollars in fines. Here’s the kicker: if you’ve got an MSP (Managed Service Provider) helping you keep your IT systems properly operating, they’ll be fined as well. This is something called shared liability. Essentially, this means that if you mess up, they get backhanded as well.


Accordingly, an MSP dealing with a business that must necessarily respect HIPAA compliance has an added incentive to ensure you’re keeping “your little ducks in a row”, as the saying goes. If you mess up, they get impacted as well.

IT Is Fundamental To Cutting-Edge Medicine

If you’re running an internal technology management protocol, you’re putting yourself in danger as a healthcare institution. For one thing, technology is married to medicine. Well, perhaps it’s not married to medicine, but the two have a very integrated relationship. Technological breakthroughs lead to medical breakthroughs all the time.

You’re going to need some level of IT on-site, you can’t just ignore it. IT can help your healthcare institution ensure all patients are as safe as they can possibly be. Imagine if all your nurses and medical staff can be contacted and tracked using a WiFi-enabled IoT array. The Internet of Things is everywhere, and makes patient monitoring easier.

Additionally, technology today clears up the need for massive file cabinets, allowing you to keep information on varying patients without needing massive amounts of space. There is now more room for those who need to stay overnight at your healthcare institution, there’s more room for medical equipment, storage, or what-have-you.

A Pragmatic Reality

Something else to consider is that if you’ve got internal tech people running your systems, they’re not going to be double-fined by HIPAA should your institution make a mistake. Also, they’ll be limited in what they can do internally by your healthcare institution’s budget. There’s only so much they can do to maintain and update systems from internal resources.

LEOsZn4M v2JztwcCJTFVAmUS9SPZuhlVtpXgaFd4ZaXaYhQYkii1puqrTnnuKZbu DJLdLBXJlIJ6akKYFDpm8Z9wre66AScTL6Hcaq0H9LZvUHBgepNFtnhLJTXSVgauXwn41Z

An outsourced solution provides services at a subscription fee, and they are obligated to provide the best security for data, or face the consequences HIPAA imposes. In the end, you’ll pay less for their services, and get more technological capability as a result. Certainly this depends, and will differ per institution; but in a general sense, this is the case.

When To Respect HIPAA, When To Watch For Other Regulations

Unless your medical institution can afford to develop and manage its own internal IT department to such a level you yourself could start providing tech services, which is highly unlikely, you’re probably going to do better with an outsourced solution. You won’t be held accountable by HIPAA, and you will have the latest tech solutions.

All that being said, if you’re not a healthcare institution dealing in PI, then you don’t have to worry about HIPAA. However, there are PI laws in place pertaining to data breaches. These are called “data breach notification” laws, and here’s a handy list of them by state to help give you an idea what you’ve got to think about.

You can be found out of compliance, and you can be fined even if you’re not a healthcare institution; you just won’t be fined by HIPAA. However, this will depend on whether you’re dealing in PI or not, and what state you’re in. For more information on what HIPAA compliance is, DNSstuff explains things in detail.

The bottom line is, if you’re involved in a healthcare business, it’s paramount that you have some level of HIPAA compliance. If you’re not, you don’t have to worry about HIPAA, but there are still considerable compliance issues which cannot be ignored. 

The Editorial Team at Healthcare Business Today is made up of skilled healthcare writers and experts, led by our managing editor, Daniel Casciato, who has over 25 years of experience in healthcare writing. Since 1998, we have produced compelling and informative content for numerous publications, establishing ourselves as a trusted resource for health and wellness information. We offer readers access to fresh health, medicine, science, and technology developments and the latest in patient news, emphasizing how these developments affect our lives.