The Health Insurance Portability and Accountability Act, or HIPAA, is one of the most common healthcare technology concerns due to the strict and far-reaching nature of these regulations.
In fact, in 2016, the top five most costly HIPAA settlement fines reached into the millions, ranging from $2.14 million to $5.55 million. Those dollar figures say nothing of other related problems, such as lost business due to a perceived breach of trust. The number of healthcare data breaches constituting a HIPAA violation has increased consistently since record-keeping started in 2009. This makes HIPAA a very real healthcare technology concern; one that has impacted IT staffing in some significant ways by transforming the approach to mobile apps, software development, IT and data management (amongst many other areas.)
Balancing HIPAA Compliance and Technology
HIPAA adds complexity to any tech project that involves medical records, personal data or other protected healthcare information (PHI). Rapid technological advances are challenging IT professionals and developers to maintain compliance with HIPAA regulations. The impact on the hiring process and your project as a whole can be significant since you’ll need to comply with a wide range of regulations that, if violated, will lead to a major fine. This is true whether you’re revamping IT infrastructure or developing enterprise software for a healthcare client. To appreciate the impact on your staffing efforts fully, it’s vital that you have a good understanding of precisely how HIPAA violations occur.
Many are shocked by the number of fairly commonplace issues that can result in a HIPAA violation, such as unauthorized access/disclosure, theft, loss, improper data disposal, hacking or an IT incident. Some of the most common scenarios include:
- Altered network settings that result in accidental online availability of private data;
- Lost or stolen tablets, laptops and smartphones with access to PHI;
- Unauthorized server access, resulting in a data breach;
- Improper or insufficient control over permissions, resulting in unauthorized access;
- A poorly-developed BYOD policy, resulting in violation of HIPAA regulations;
- Hacker- or malware-related breaches; and
- Sensitive data that accidentally remains unencrypted.
There have even been cases where companies may be forced to hire a forensic tech team in an attempt to determine if a breach occurred and it’s not always possible to make a definitive determination.
HIPAA and Hiring Strategies
To avoid HIPAA violations, many company leaders and hiring managers seek out developers and IT staff with prior experience in healthcare technology. But finding an individual with this very specific type of experience can be a tremendous challenge one that routinely leads to project delays.
“HIPAA compliance is a necessary evil; one that must be addressed during the staffing process,” explained iTech CEO Kishore Khandavalli. He added, “Many hiring managers go astray by looking for a tech expert who has done it before; someone with lots of HIPAA compliance experience. But with this approach, they’re looking for a needle in a haystack. They’re searching for someone who is local and available to work. That same person also needs HIPAA experience, the right tech skills and they must represent a good cultural fit. That’s a needle!”
The end result is a lengthy, time-consuming search that often proves fruitless. It’s not uncommon for the project to be delayed while the company’s hiring managers and staffing recruiters search for the right talent; talent who can ensure that software or tech systems are HIPAA-compliant. And hiring managers may face additional obstacles if they’re seeking temporary software developers, as some staff favor long-term opportunities.
Instead, the team at iTech – a firm specializing in IT staffing solutions – takes a different approach when seeking talent for healthcare clients, where HIPAA compliance is critical.
“We’ll seek out a person who has all of the necessary skills, but perhaps they lack a bit of the functional knowledge surrounding HIPAA. That’s where you bring in a HIPAA consultant to fill in those gaps. This ‘divide and conquer’ approach can be extremely effective. You can then avoid a scenario where you need to delay and derail the entire project because you lack the right staff,” Khandavalli explained, adding that this strategy is typically preferable over the alternative: hiring the most qualified local talent, who may be a poor overall fit for your company. Pairing a developer with a subject matter expert can ensure you have the right people, with the right experience, working to get the job done. And location matters naught since iTech specializes in finding temporary talent who will work onsite at your company’s offices.
A similar approach can also be used when finding developers and IT staff for other industries that are subject to stringent guidelines; namely, the financial sector. There is a fair amount of overlap in the special accommodations required for HIPAA compliance and compliance with financial industry regulations. This is good news for hiring managers, who can choose from a broader range of candidates. Many companies who do business in the EU are also seeing an increased need for GDPR-savvy tech staff, so that’s yet another area where this strategy may be prudent.
At iTech, we specialize in helping you overcome this and other talent acquisition challenges. We’ll help you seek out the right temporary onsite staff to help you achieve your goals and objectives. Temporary staff allow you to meet your deadlines in a cost-effective manner, while also leveraging your in-house resources.
If you’re interested in learning more about iTech’s IT staffing services, you’re invited to contact us to learn more.