If you believe your practice is HIPAA compliant because you use cloud based EMR/EHR, think again. Your cloud vendor does not relieve you of your compliance obligations. Read the fine print. Your software subscription probably says something to the effect “it’s compliant as long as you use it in a compliant manner”.

I am sure its true that you purchased a binder of process and procedures from your EMR vendor which indeed address some components of HIPAA compliance. While those binders likely sit on a shelf with a layer of dust from when Mount Etna erupted, they do play a role. However, when a compliance audit hits your inbox, you face the burden of proving that you did what is stated in those binders (this is where we can help you). You have the burden to prove you have done everything you state in those binders.

It’s unlikely any EMR cloud vendor can relieve you of these HIPAA requirements:

  1. Provide an annual Risk Analysis of your office where PHI resides
  2. Configure and maintain network security. Reviewing the firewall logs and documenting efforts.
  3. Manage your computer system for security updates and actively manage virus/malware scans
  4. Perform the compliance work and document those efforts so you can provide an audit trail.
  5. Review your text messaging and email protocols, ensuring encrypted texting and email is used to avoid a PHI breach.
  6. Prepare a business Disaster Recovery Plan that works for your practice, designed with a recovery timeframe that meets your needs.
  7. Provide training for new staff members and ongoing training for existing staff.


I could have listed 27 more reasons, but I’ll digress. It’s in your best interest to partner with an IT Services company that understands HIPAA and does the HIPAA heavy work for you.

Let’s face it: as a provider, you’re lucky to complete your own HIPAA training needs. As a practice manager, your busy running the practice and do not have the time or resources to become a HIPAA guru. Your IT guy most likely sticks to IT and shuns any compliance responsibility to the practice manager. There within lies the HIPAA compliance breakdown.

Let me be clear – there is NO separation between IT support and HIPAA compliance. They are tightly intertwined. Who is responsible for what? Let iMedia Technology be your guide. With our specialization in HIPAA compliant it services, you can relax knowing it is all taken care of.

Visit www.imediatech.com or call us today to schedule a free cyber security assessment at 508-790- 4171.