The Health Insurance Portability and Accountability Act or HIPPA for short sets standards for protecting sensitive patient data. In case you are a company that deals with protected health information, you are obligated to make sure your company implements and follows all physical, network and process security measures.
This includes those who provide treatment, payment and operations in healthcare, those who have access to patient information and provide support in treatment, payment or operations, and subcontractors. IT service providers are considered "business associates" to health care clients, which requires them to comply with portions of HIPPA as well.
HIPPA Privacy Rule
deals with personal and medical information of any individual and accessing, saving and sharing of such information. HIPAA Security Rule
defines national security standards more specifically with a goal to protect data that was created, received, maintained or transferred electronically (ePHI or electronic protected health information). This would be the most relevant section of HIPAA for IT service providers.
HIPPA regulations are very much like NIST, but unlike NIST, the violation of HIPAA compliance rules results in penalties, so it is crucial for your company to follow all the regulations and fulfill all requirements.
And just like NIST, HIPAA affects organizations of all sizes, and smaller companies are usually the ones that struggle the most when it comes to grappling with the rules. They need the expertise of an IT service provider to keep their business and patients safe and to keep them compliant. Most small businesses don't have the resources to take care of the compliant cyber security, so although it might not seem that way at first, for your small or medium-sized business managed IT service provider is a necessity.