MPS Community Meeting

CompTIA has a policy of strict compliance with federal and state antitrust laws. The antitrust laws prohibit competitors from engaging in actions that could result in an unreasonable restraint of trade. Consequently, you agree to avoid discussing certain topics in participating at any CompTIA events or activities, including, without limitation, any discussions relating to prices, fees, rates, profit margins, or other terms or conditions of sale (including allowances, credit terms, and warranties); allocation of markets or customers or division of territories; or refusals to deal with or boycotts of suppliers, customers or other third parties, or topics that may lead participants not to deal with a particular supplier, customer or third party.

www.comptia.org/antitrust

CompTIA’s Antitrust Statement

Strut Your Stuff

Panel Discussion

The CompTIA MSP Partners TrustmarkTM qualifies and differentiates those Solution Providers that offer on-premise IT services via a managed services business model.

Learn more at:www.comptia.org/trustmarks

$100 discount at ChannelCon

Community Leadership Chair – Barney Kister

− Senior Vice President of MPS Sales at Supplies Network

Vice Chair – Ian Berger− Outside Business Development

at Parts Now!

Staff Leader – Lisa Person− Director of Member Communities at

CompTIA

MPS Executive CouncilName Company

Bud Karakey BEI Services Frank Avsenik Compugen Gordon Snider PrintFleet Gus Yusem Xerox Jeff Bendix Bendix Imaging Jon Hafey Toshiba America Sam Moore Lexmark Steve Lu Synnex Tawnya Stone GreatAmerica West McDonald FocusMPS

Join us for the Community & Councils Reception & 60 Second Challenge…

• What:– Networking over drinks– Fun & Quick Updates

• When: 5-6 PM Today• Where: Peabody Grand U

Agenda 2:30 – 2:50 Opening 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?

o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network and West McDonald, Owner, FocusMPS

3:30 – 3:45 Break

3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not Say." - Managed Print Services End Game - Fewer Clients, Less Money.o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &

Shutwell Inc.

4:25 – 4:40 New HIPAA changes and how they affect your MPS businesso Presented by: Mike Semel, President, Mike Semel Consulting

4:40 – 5:00 Closing

CompTIA Public AdvocacyWashington, DC

CompTIA Public Advocacy Team• Liz Hyman, Vice President • Lamar Whitman, Director (Tech Entrepreneurs)• David Valdez, Sr. Director (IT Security)• Randi Parker, Director (IT Workforce)• Matthew L. Evans, Manager (Grassroots Advocacy

and PAC)

Important Issues 2013• Cybersecurity & Data Breach• Startup Act 3.0 & Startup Innovation Credit Act• Immigration Reform• Patent Reform

Public Advocacy2014 CompTIA TechVoice D.C. Fly-In

The CompTIA TechVoice D.C. Fly-In will take place February 11-12, 2014. The Liaison Hotel, in walking distance to the U.S. Capitol, will be the venue. New this year, we will be co-locating Colloquium with the Fly-In so that the training and education community can interact with policy makers. We will provide updates on these events as they become available.

See print out on the table for complete advocacy details. – If you would like the document emailed to you, please put a star next to

your name on the sign in sheet.

TechVoice & Social Mediawww.techvoice.org

Your Source For Grassroots Innovation and Technology

Follow Us: @Tech_Voice on TwitterFacebook and Linkedin

Public Advocacy2014 CompTIA TechVoice D.C. Fly-In

The CompTIA TechVoice D.C. Fly-In will take place February 11-12, 2014. The Liaison Hotel, in walking distance to the U.S. Capitol, will be the venue. New this year, we will be co-locating Colloquium with the Fly-In so that the training and education community can interact with policy makers. We will provide updates on these events as they become available.

See print out on the table for complete advocacy details. – If you would like the document emailed to you, please put a star next to

your name on the sign in sheet.

Agenda 2:30 – 2:50 Opening 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?

o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network and West McDonald, Owner, FocusMPS

3:30 – 3:45 Break

3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not Say." - Managed Print Services End Game - Fewer Clients, Less Money.o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &

Shutwell Inc.

4:25 – 4:40 New HIPAA changes and how they affect your MPS businesso Presented by: Mike Semel, President, Mike Semel Consulting

4:40 – 5:00 Closing

Agenda 2:30 – 2:50 Opening 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?

o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network and West McDonald, Owner, FocusMPS

3:30 – 3:45 Break

3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not Say." - Managed Print Services End Game - Fewer Clients, Less Money.o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &

Shutwell Inc.

4:25 – 4:40 New HIPAA changes and how they affect your MPS businesso Presented by: Mike Semel, President, Mike Semel Consulting

4:40 – 5:00 Closing

Agenda 2:30 – 2:50 Opening 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?

o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network and West McDonald, Owner, FocusMPS

3:30 – 3:45 Break

3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not Say." - Managed Print Services End Game - Fewer Clients, Less Money.o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &

Shutwell Inc.

4:25 – 4:40 New HIPAA changes and how they affect your MPS businesso Presented by: Mike Semel, President, Mike Semel Consulting

4:40 – 5:00 Closing

18

Connect the D ts to MPS HIPAA Compliance

&Make More

Money

1919

Mike Semel

Mike SemelPresident

Chief Compliance OfficerSEMEL Consulting

30+ year VAR/MSP & CompTIA member Former VentureTech, Varnex, HTG member Hands That Give architect/advisor Certified Business Continuity Professional Certified HIPAA Administrator Certified HIPAA Professional Certified Security Compliance Specialist Certified Health IT Consultant Hospital CIO (2004 – 2006) Chair, CompTIA Security Community (retired) ASCII Resident Expert CompTIA Security Trustmark (holder, development team,

author- quick reference guide, coach)

20

Health Insurance Portability & Accountability Act (1996)

Privacy Rule (2003) Covers all Protected Health Information (PHI) Verbal, Written, Electronic

Security Rule (2005) Covers Electronic Protected Health Information (ePHI)

HITECH Act (2009)

Provided $$ for Electronic Medical Records implementation Updated breach notification requirements Exempted encrypted data from breach reporting

HIPAA Overview

21

PHI & ePHI

• Protected Health Information– Identifiable– Plus treatment and/or diagnostic information

• Electronic Protected Health Information– PHI in electronic form– Words, images, voice files– On any media

22

Most healthcare providers & payers have to comply with the HIPAA Security Rule, implemented in 2005 and updated by the HITECH Act of 2009.

HIPAA Covered Entities

23

Companies that support Covered Entities and come in contact with Protected Health Information are Business Associates and must now comply with HIPAA. HIPAA Omnibus Final

Rule (2013)

HIPAA Business Associates

24

Business Associates• NOT Covered Entities but do come in contact with PHI

and ePHI – ALSO REQUIRE HIPAA COMPLIANT SERVICES– Shredding Companies, Paper Records Storage– IT companies, EHR vendors, copier vendors– Lawyers, accountants, collections agencies, etc.– & all subcontractors

• NEW – data centers, online backup companies, Cloud vendors– If they ‘maintain’ data– Even if they don’t look at it– Even if it is encrypted, in locked cabinets, sealed boxes

25

HIPAA Omnibus Final Rule

• Business Associates must – Sign Business Associate Agreements

• New ones now• Replacements by September 22, 2014

– Implement full compliance programs– Train workforce– Perform and document HIPAA-compliant tasks– Manage all subcontractors (OEM’s, service providers)

• Compliance by ACT, not contrACT

26

Business Associate Agreements

• Between Covered Entity & Service Provider• Contract between 2 organizations• Must include specific language• May include other requirements (read carefully!)• New guidance published Jan. 25, 2013• May be provided by either party• New agreements must include new language• Existing agreements must be replaced by

September 22, 2014

27

Sub-BA Agreements

• Between Business Associates and their subcontractors, like OEMs & Service Providers

• Recommendations– Include all required language– Add language to include right to audit, demand

proof of compliance, report breaches in enough time to meet federal and state guidelines

– IF NO, you have no choice but to replace vendor– Any data stored or shared would be a data breach

for which you are responsible

28

2012 - 2013 Penalties

• $ 100,000 – 5-doctor practice in Phoenix for sending patient data by unsecure e-mails

• $ 1.7 million – Alaska state health dept. lost backup drive• $ 1.5 million – Massachusetts hospital stolen laptop• $ 50,000– small hospice stolen laptop• $ 400,000 – university clinic failed firewall• Plus costs to notify patients & remediate problems• Publication on the HIPAA ‘Wall of Shame’

29

Why are VARs, MSP’s, copier manufacturers, & copier service companies HIPAA Business Associates ?

30

Old vs. New

Paper in Paper Out

HARD DRIVES STORE AN IMAGE OF EVERY DOCUMENT COPIED,

PRINTED, SCANNED, OR EMAILED BY THE

DEVICE

31

Sell Secure MFP’s to regulated clients

• Image Overwrite – “electronic shredding” of images• Data Encryption (at rest & in transit)• Access Security (users sign in)• Track User Activity• Separation of fax line from network connection• Secure Print (no prints sitting in copier)• Hard drive security cabinets (drive cannot be

removed)• Network Security Source: Xerox

32

HIPAA-compliant servicesExample: Hard Drive Replacement

1. Remove Old Drive2. Dispose old drive or return to

mfg for core credit or warranty

Standard Service

Compliance Service1. Follow compliance checklist2. Erase old drive at client site3. Save erasure report to

ticket4. Remove old drive & track

transport5. Destroy old drive6. Send photo of damaged

drive to ticket7. Dispose old drive – do not

ship back8. Send report to client’s

compliance officer

33

Where printer techs touch ePHI…charge for compliance services

Cradle to Grave• Installation – linking MFP to

network, testing scanning to EHR system or network folder, faxing, e-mail

• Support – Assisting users with problems

• Repairs – handling hard drives• Equipment return (from lease)• Equipment disposal

34

Who needs to understand HIPAA?

• Management– Sales opportunities, service risks/opportunities, compliance

policies, procedures, workforce training, documentation, security incident/data breach management, Internal Auditing

• Sales– Know rules, penalties, Meaningful Use payments, how HIPAA

relates to Managed Print Services• Service Coordinator

– recognize compliance service requests, schedule enough time• Techs/Engineers

– Follow compliance service checklists– Detailed Documentation

35

Contact InfoMike Semelmike@semelconsulting.com888-997-3635 x 101

www.semelconsulting.com

GIVE ME YOUR CARD & I WILL SEND YOU MORE INFO AND A COMPLIANCE CHECKLIST

Agenda 2:30 – 2:50 Opening 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?

o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network and West McDonald, Owner, FocusMPS

3:30 – 3:45 Break

3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not Say." - Managed Print Services End Game - Fewer Clients, Less Money.o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &

Shutwell Inc.

4:25 – 4:40 New HIPAA changes and how they affect your MPS businesso Presented by: Mike Semel, President, Mike Semel Consulting

4:40 – 5:00 Closing

Thank you!

For more information visit www.comptia.org/channelcon