The CompTIA Managed Print Services Community focuses on the creation of standards and initiatives specific to the managed print services industry. The group was created to provide networking opportunities among industry thought leaders, as well as to create beneficial tools and programs for managed print services providers.
3. CompTIA has a policy of strict compliance with federal and state
antitrust laws. The antitrust laws prohibit competitors from engaging in
actions that could result in an unreasonable restraint of trade.
Consequently, you agree to avoid discussing certain topics in
participating at any CompTIA events or activities, including, without
limitation, any discussions relating to prices, fees, rates, profit margins,
or other terms or conditions of sale (including allowances, credit terms,
and warranties); allocation of markets or customers or division of
territories; or refusals to deal with or boycotts of suppliers, customers or
other third parties, or topics that may lead participants not to deal with a
particular supplier, customer or third party.
www.comptia.org/antitrust
CompTIA’s Antitrust Statement
4. Strut Your Stuff
Panel Discussion
The CompTIA MSP Partners TrustmarkTM qualifies
and differentiates those Solution Providers that offer
on-premise IT services via a managed services
business model.
Learn more at:
www.comptia.org/trustmarks
$100 discount at
ChannelCon
5. Community Leadership
Chair – Barney Kister
− Senior Vice President of MPS
Sales at Supplies Network
Vice Chair – Ian Berger
− Outside Business Development
at Parts Now!
Staff Leader – Lisa Person
− Director of Member Communities at
CompTIA
6. MPS Executive Council
Name Company
Bud Karakey BEI Services
Frank Avsenik Compugen
Gordon Snider PrintFleet
Gus Yusem Xerox
Jeff Bendix Bendix Imaging
Jon Hafey Toshiba America
Sam Moore Lexmark
Steve Lu Synnex
Tawnya Stone GreatAmerica
West McDonald FocusMPS
7. Join us for the Community & Councils
Reception & 60 Second Challenge…
• What:
– Networking over drinks
– Fun & Quick Updates
• When: 5-6 PM Today
• Where: Peabody Grand U
8. Agenda
2:30 – 2:50 Opening
2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network
and West McDonald, Owner, FocusMPS
3:30 – 3:45 Break
3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not
Say." - Managed Print Services End Game - Fewer Clients, Less Money.
o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
4:25 – 4:40 New HIPAA changes and how they affect your MPS business
o Presented by: Mike Semel, President, Mike Semel Consulting
4:40 – 5:00 Closing
10. CompTIA Public Advocacy Team
• Liz Hyman, Vice President
• Lamar Whitman, Director (Tech Entrepreneurs)
• David Valdez, Sr. Director (IT Security)
• Randi Parker, Director (IT Workforce)
• Matthew L. Evans, Manager (Grassroots Advocacy
and PAC)
12. Public Advocacy
2014 CompTIA TechVoice D.C. Fly-In
The CompTIA TechVoice D.C. Fly-In will take place February
11-12, 2014. The Liaison Hotel, in walking distance to the U.S.
Capitol, will be the venue. New this year, we will be co-locating
Colloquium with the Fly-In so that the training and education
community can interact with policy makers. We will provide
updates on these events as they become available.
See print out on the table for complete advocacy details.
– If you would like the document emailed to you, please put a
star next to your name on the sign in sheet.
13. TechVoice & Social Media
www.techvoice.org
Your Source For Grassroots Innovation and Technology
Follow Us:
@Tech_Voice on Twitter
Facebook and Linkedin
14. Public Advocacy
2014 CompTIA TechVoice D.C. Fly-In
The CompTIA TechVoice D.C. Fly-In will take place February
11-12, 2014. The Liaison Hotel, in walking distance to the U.S.
Capitol, will be the venue. New this year, we will be co-locating
Colloquium with the Fly-In so that the training and education
community can interact with policy makers. We will provide
updates on these events as they become available.
See print out on the table for complete advocacy details.
– If you would like the document emailed to you, please put a
star next to your name on the sign in sheet.
15. Agenda
2:30 – 2:50 Opening
2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network
and West McDonald, Owner, FocusMPS
3:30 – 3:45 Break
3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not
Say." - Managed Print Services End Game - Fewer Clients, Less Money.
o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
4:25 – 4:40 New HIPAA changes and how they affect your MPS business
o Presented by: Mike Semel, President, Mike Semel Consulting
4:40 – 5:00 Closing
16. Agenda
2:30 – 2:50 Opening
2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network
and West McDonald, Owner, FocusMPS
3:30 – 3:45 Break
3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not
Say." - Managed Print Services End Game - Fewer Clients, Less Money.
o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
4:25 – 4:40 New HIPAA changes and how they affect your MPS business
o Presented by: Mike Semel, President, Mike Semel Consulting
4:40 – 5:00 Closing
17. Agenda
2:30 – 2:50 Opening
2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network
and West McDonald, Owner, FocusMPS
3:30 – 3:45 Break
3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not
Say." - Managed Print Services End Game - Fewer Clients, Less Money.
o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
4:25 – 4:40 New HIPAA changes and how they affect your MPS business
o Presented by: Mike Semel, President, Mike Semel Consulting
4:40 – 5:00 Closing
19. 19
19
Mike Semel
Mike Semel
President
Chief Compliance Officer
SEMEL Consulting
30+ year VAR/MSP & CompTIA member
Former VentureTech, Varnex, HTG member
Hands That Give architect/advisor
Certified Business Continuity Professional
Certified HIPAA Administrator
Certified HIPAA Professional
Certified Security Compliance Specialist
Certified Health IT Consultant
Hospital CIO (2004 – 2006)
Chair, CompTIA Security Community (retired)
ASCII Resident Expert
CompTIA Security Trustmark (holder, development team,
author- quick reference guide, coach)
20. 20
Health Insurance Portability & Accountability Act
(1996)
Privacy Rule (2003)
Covers all Protected Health Information (PHI)
Verbal, Written, Electronic
Security Rule (2005)
Covers Electronic Protected Health Information (ePHI)
HITECH Act (2009)
Provided $$ for Electronic Medical Records
implementation
Updated breach notification requirements
Exempted encrypted data from breach reporting
HIPAA Overview
21. 21
PHI & ePHI
• Protected Health Information
– Identifiable
– Plus treatment and/or diagnostic information
• Electronic Protected Health Information
– PHI in electronic form
– Words, images, voice files
– On any media
22. 22
Most healthcare providers & payers
have to comply with the HIPAA
Security Rule, implemented in 2005
and updated by the HITECH Act of
2009.
HIPAA Covered Entities
23. 23
Companies that support Covered
Entities and come in contact with
Protected Health Information are
Business Associates and must now
comply with HIPAA. HIPAA Omnibus Final
Rule (2013)
HIPAA Business Associates
24. 24
Business Associates
• NOT Covered Entities but do come in contact with PHI
and ePHI – ALSO REQUIRE HIPAA COMPLIANT SERVICES
– Shredding Companies, Paper Records Storage
– IT companies, EHR vendors, copier vendors
– Lawyers, accountants, collections agencies, etc.
– & all subcontractors
• NEW – data centers, online backup companies,
Cloud vendors
– If they ‘maintain’ data
– Even if they don’t look at it
– Even if it is encrypted, in locked cabinets, sealed
boxes
25. 25
HIPAA Omnibus Final Rule
• Business Associates must
– Sign Business Associate Agreements
• New ones now
• Replacements by September 22, 2014
– Implement full compliance programs
– Train workforce
– Perform and document HIPAA-compliant tasks
– Manage all subcontractors (OEM’s, service providers)
• Compliance by ACT, not contrACT
26. 26
Business Associate Agreements
• Between Covered Entity & Service Provider
• Contract between 2 organizations
• Must include specific language
• May include other requirements (read carefully!)
• New guidance published Jan. 25, 2013
• May be provided by either party
• New agreements must include new language
• Existing agreements must be replaced by
September 22, 2014
27. 27
Sub-BA Agreements
• Between Business Associates and their
subcontractors, like OEMs & Service Providers
• Recommendations
– Include all required language
– Add language to include right to audit, demand
proof of compliance, report breaches in enough
time to meet federal and state guidelines
– IF NO, you have no choice but to replace vendor
– Any data stored or shared would be a data breach
for which you are responsible
28. 28
2012 - 2013 Penalties
• $ 100,000 – 5-doctor practice in Phoenix for sending patient
data by unsecure e-mails
• $ 1.7 million – Alaska state health dept. lost backup drive
• $ 1.5 million – Massachusetts hospital stolen laptop
• $ 50,000– small hospice stolen laptop
• $ 400,000 – university clinic failed firewall
• Plus costs to notify patients & remediate problems
• Publication on the HIPAA ‘Wall of Shame’
29. 29
Why are VARs, MSP’s, copier
manufacturers, & copier
service companies HIPAA
Business Associates ?
30. 30
Old vs. New
Paper in Paper Out
HARD DRIVES STORE
AN IMAGE OF EVERY
DOCUMENT COPIED,
PRINTED, SCANNED,
OR EMAILED BY THE
DEVICE
31. 31
Sell Secure MFP’s to regulated clients
• Image Overwrite – “electronic shredding” of images
• Data Encryption (at rest & in transit)
• Access Security (users sign in)
• Track User Activity
• Separation of fax line from network connection
• Secure Print (no prints sitting in copier)
• Hard drive security cabinets (drive cannot be
removed)
• Network Security Source: Xerox
32. 32
HIPAA-compliant services
Example: Hard Drive Replacement
1. Remove Old Drive
2. Dispose old drive or return to
mfg for core credit or warranty
Standard Service
Compliance Service
1. Follow compliance checklist
2. Erase old drive at client site
3. Save erasure report to
ticket
4. Remove old drive & track
transport
5. Destroy old drive
6. Send photo of damaged
drive to ticket
7. Dispose old drive – do not
ship back
8. Send report to client’s
compliance officer
33. 33
Where printer techs touch ePHI…
charge for compliance services
Cradle to Grave
• Installation – linking MFP to
network, testing scanning to
EHR system or network folder,
faxing, e-mail
• Support – Assisting users with
problems
• Repairs – handling hard drives
• Equipment return (from lease)
• Equipment disposal
34. 34
Who needs to understand HIPAA?
• Management
– Sales opportunities, service risks/opportunities, compliance
policies, procedures, workforce training, documentation,
security incident/data breach management, Internal Auditing
• Sales
– Know rules, penalties, Meaningful Use payments, how HIPAA
relates to Managed Print Services
• Service Coordinator
– recognize compliance service requests, schedule enough
time
• Techs/Engineers
– Follow compliance service checklists
– Detailed Documentation
36. Agenda
2:30 – 2:50 Opening
2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network
and West McDonald, Owner, FocusMPS
3:30 – 3:45 Break
3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not
Say." - Managed Print Services End Game - Fewer Clients, Less Money.
o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
4:25 – 4:40 New HIPAA changes and how they affect your MPS business
o Presented by: Mike Semel, President, Mike Semel Consulting
4:40 – 5:00 Closing
RestroomsWifi- Internet Availability at the Peabody CompTIA has negotiated complimentary internet in guest sleeping rooms and the conference space. To gain internet access in the conference space: Open the web browserLook for the CompTIA networkEnter Password (Text is All Caps): COMPTIA13Accept the Terms and ConditionsI-Ride TrolleyCompTIA has negotiated two I-Ride trolley tickets per room per day for all ChannelCon attendees Hours of Operation: Seven days a week: 8 AM – 10:30 PM
West and Doug’s “Prezi” document
Check Time to make sure we have 15 minutes available
Greg Walters preso
MPSA Awards Reception – Tue 7pm to 8pmChannelCon 2014August 4 – 6, 2014 JW Marriott Phoenix Desert RidgePhoenix, AZ AMM 2014April 1 – 3, 2014 Rancho Bernardo InnSan Diego, CA