The Affordable Care Act and the push for electronic health records are fueling demand for healthcare information technology staffing firms. However, risk exposure is also high as healthcare providers must comply with federal HIPAA guidelines for data storage and management, according to TechInsurance, an online insurance agent for small IT companies.
HIPAA — the Health Insurance Portability and accountability Act of 1996 — is the only law that outlines data security standards at the federal level, according Ted Devine, CEO of TechInsurance. “And it puts the onus of compliance on the healthcare companies it regulates,” Devine said in a press release. “That means healthcare firms can be held liable for HIPAA violations made by any of their associates, including IT contractors they hired to build a website or update their network.”
If an employee of an IT staffing firm at a client site allows or fails to prevent exposure of sensitive patient information, healthcare staffing buyer may face federal fines along with state penalties and remediation costs such as notifying customers, according to TechInsurance. And those healthcare staffing buyers may sue the contract worker and the staffing firm.
To minimize exposure to HIPAA violation-related lawsuits, TechInsurance recommends IT staffing firms:
- “Verify HIPAA compliance. To be HIPAA compliant, IT professionals must maintain specific physical and technical safeguards, including facility control, encrypted passwords, redundant backup and network security standards. IT staffing firms placing professionals with healthcare clients should verify that those professionals rigorously maintain the security standards demanded by HIPAA.”
- “Review client contractual requirements. In addition to requiring HIPAA compliance, healthcare clients may require IT contractors to maintain their own liability insurance policies, which ensures that they can collect reimbursement if and when a contractor’s work causes a data breach.”
- “Update Errors and Omissions policies. In addition to pursuing legal action against individual contractors responsible for data breaches, healthcare clients may seek damages from the IT staffing firm that placed the professional, depending on individual circumstances.”
- “Recommend insurance for contractors. Even when healthcare clients do not explicitly require contractor insurance in their contracts, IT staffing firms can recommend this coverage as a way of helping them proactively manage risks and minimize the liability burdens for the firm.”