Guest Blog by Mike Semel, Semel Consulting<\/p>\n\n\n\n
There has been a lot of talk about regulating MSPs or having the IT industry self-regulate like the credit card companies did with PCI. Many MSPs are talking about Louisiana\u2019s requirement for MSPs to be certified to work with the state as the beginning of regulations and see this as the first step towards MSP licensing.<\/p>\n\n\n\n
News Flash – MSPs are already regulated with some compliance requirements being self-managed or even self-inflicted, in addition to what flows down from clients.<\/p>\n\n\n\n
If you understand your requirements they aren\u2019t difficult to manage. But if you don\u2019t know them, you can get in trouble and risk your client relationships.<\/p>\n\n\n\n
STATE DATA BREACH LAWS<\/strong><\/p>\n\n\n\n All U.S. states and Canada have data breach laws. These laws protect Personally Identifiable Information (PII) including Social Security Numbers, Drivers\u2019 License Numbers, and banking information. Many states protect medical information no matter who has it, unlike HIPAA that only applies to healthcare providers, health plans, and the businesses that support them. FEDERAL LAWS<\/strong><\/p>\n\n\n\n If you have even one healthcare client or business that must comply with HIPAA, you must, too.<\/p>\n\n\n\n The new CMMC 2.0 reguations specifically reference Managed Service Providers and the tools they use as part of the scope of their defense contractor clients\u2019 Level 2 assessments. FTC RULES<\/strong><\/p>\n\n\n\n The Federal Trade Commission (FTC) regulates all U.S. businesses against unfair and deceptive trade practices. False advertising, like using a HIPAA Seal of Compliance and then failing to comply, resulted in a consumer fraud finding and a 20-year monitored compliance program.<\/p>\n\n\n\n SELF-INFLICTED REQUIREMENTS<\/strong><\/p>\n\n\n\n Self-inflicted compliance requirements come when you sign a contract with a client that has special requirements to get their business.<\/p>\n\n\n\n You agree to the terms of your Errors and Omissions insurance and your cyber liability insurance when you apply for the policies. The answers on your applications become compliance requirements that you must consistently adhere to or you risk having a claim denied.<\/p>\n\n\n\n Mike Semel<\/strong>
You need to secure and encrypt everything on your network to protect your workforce (and yourself!) and also ensure your client-facing cloud and backup platforms are secure and encrypted.<\/p>\n\n\n\n
If you can meet the CMMC requirements, HIPAA is easy.<\/p>\n\n\n\n
President Semel Consulting LLC
semelconsulting.com<\/a><\/p>\n\n\n\n