HIPAA MSP Guidance

Quick question for the forum. Does anyone have any resources, whitepaper, 3rd party consultant, etc that helps lay out exactly what is required to be a HIPAA compliant MSP?

I have a potential client that is an Ophthalmologist and owns her own clinic. She needs to find an “IT guy” and reached out to me. Just want to completely understand what I am getting into before agreeing to anything.

Initially she would like some phone / VoIP assistance with upgrading her current phones system since the clinic she purchased hasn’t been updated in many years. If that goes well that could lead into other jobs so again, wanted to cover my bases before starting anything.

Thanks!

Pax8 has a checklist that should help get you going.