I worked as a vCIO for an established MSP in my area. I had the traditional vCIO responsibilities: onboarding new clients, detailing service plans, generating proposals, planning meetings, discussing budgets, consulting, and so on. It was about 6 months into the role when I shifted exclusively to a Health Care vCIO and relied on HIPAA as my compliance backbone.
To solidify my position as the Health Care vCIO, I attended a training course and became certified by a third party in Sterling, VA. I worked with medical practices, dentists, and businesses that managed clinical trials for patients. Having dealt with an array of companies in the industry, becoming familiar with HIPAA compliance was a no-brainer. In fact, even as a novice in the field, I still understood more than the businesses that required compliance. Even better: most of them did not know they needed to be compliant. Interesting, right?
Clients I managed were in the medical industry for years, had many locations, and annual revenues in the millions of dollars. But the sad part is their compliance was lacking. It was lacking to a point where the business owners had no concern. This was a level of willful neglect I had never seen as a vCIO. Why would they not be familiar with Federal regulation requirements?
As Anakin Skywalker said, “This is where the fun begins.”
Regulatory, statutory, and contractual cybersecurity requirements bring vCIO to a whole new level. The benefits of compliance add value to the process and can tip the scales in the vCIO’s favor. A recommendation to upgrade an aging server may get tossed aside, but replacing it to follow Federal law? That can move up the priority a few notches.
A majority of customers needed persistent convincing to spend money on valuable upgrades. Most did not see the value in the MSP besides the unlimited support. There was no incentive to spend money on projects when the Support Desk could patch problems and keep the business running. Our equivalent of a Design Desk and I would spend extra time researching, adding as much relevant information in the proposal as possible; we figured it would create more leverage to justify the expenditure. Sometimes that alone was enough. Other times it would not make the highest revenue customers budge.
When I began to work HIPAA into the mix, there were some noticeable changes in the attitudes of these clients.
The clients with the strongest relationship gave me more attention and opened their availability to meet more often. They started asking questions related to proposed projects or how to increase security by reducing their risks.
Clients with an average relationship sat up in their chairs and began to give their undivided attention. Recommendations still required a push, but their tone often changed when HIPAA was in the mix.
Customers with little to no relationship never truly changed. For the most part, they wanted to hear what I had to say about recommendations and regulations. Some were even interested in moving towards better compliance. But when a proposal had a price tag, they usually put it on the back burner.
A dedicated Health Care vCIO helped during the sales process as well. I had the opportunity to introduce myself before a sale was complete, solidifying my dedication to the industry with new clients from the start. Onboarding new customers was easier when compliance is on the table. Some were already working towards reducing risk and being compliant; they only needed a nudge in the right direction. Others lacking the personnel or knowledge of HIPAA compliance were a bit easier to guide in the long run. As I always say, “We provide the canvas, you provide the paint.”
At the end of the day, we need to remind customers that recommendations are not only about the sale. For a Technology Success Provider and their clients to succeed, everyone needs to be on board with the process. Recommendations benefit both parties when failure to comply is looming over them. This is especially true with HIPAA where a Covered Entity (customer) and their Business Associates (TSP) are liable during a data breach.
Health care is only an example of compliance. Specific industries have their own compliance standards, but in general, businesses must follow some form of regulatory, statutory, or contractual compliance from a Federal, state, or private entity. Compliance help will guide customers towards Technology Success.