By Ali Khan, CHP, CSCS, CHPSE
Today one of our sales team members called to talk about a sales pitch strategy and results. It was a simple everyday conversation. But before I go into the details of the conversation here is a little background on our sales pitch strategy:
Step one: Find a market of small to mid sized (1 – 8 physicians) clinics and distribute brochures.
Step two: Identify the non-compliant offices.
Step three: Meet with the HIPAA Compliance officer
Step four: COMPLIANCE!
Not having a HIPAA Compliance officer designated to your office is the first red flag! Not because my sales team does not have someone to pitch to (well that too) but the real problem is its required by law.
Going back to my sales team member’s call, our team member said “I am not sure what to do? We need a new strategy! The moment I walked in [this] office I could see a list of violations. Even the receptionist didn’t know who (or what) HIPAA was and the compliance officer did not exist unless everybody got scared and the administrator stepped forward mistakenly thinking they were getting audited.”
“That was a fairly simple sale wasn’t it?” I asked, “no the reply was we don’t need any HIPAA help we are compliant” she said.
In the HIPAA world their are more mesmerizing and mind boggling moments. Here I am sharing an event reported today on reddit by a Tech Support!
“So this client is one we acquired when he bought out one of our other clients. He owns a dentist/oral surgery practice, older gentleman, probably 65 or so, looking at him you wouldn’t think he’d do the things he did.
He informed us a few months back he wouldn’t be needing our services any longer… He requested we come remove the computer equipment as he no longer needed it, a fairly new Dell server and a number of decent work stations.
My boss called him to arrange the visit, and he replies that we need not make the trip. Turns out he tossed the equipment in a public dumpster behind the building. No drive wipes or anything, all his customer data was there for the taking.
[IF] This is the type of person in control of your PII, be afraid, be very afraid.”
P.S. The title of the article is dedicated to the tech support on reddit and therefore copied from there. You can read the comment and posts here: http://tinyurl.com/zexsmmd
Ali Khan is Chief Executive Officer of Khan & Marshall. Khan & Marshall has over 10 years of Healthcare IT industry experience. A Certified HIPAA Professional, Certified Security and Compliance Specialist and Certified HIPAA Privacy and Security Expert, Ali has extensive experience in mobile health (mhealth) compliance, developing compliant healthcare IT infrastructure including cloud-based and fluid scale systems, and network design and administration.