The CompTIA Managed Print Services Community focuses on the creation of standards and initiatives specific to the managed print services industry. The group was created to provide networking opportunities among industry thought leaders, as well as to create beneficial tools and programs for managed print services providers.

2. MPS Community
Meeting

3. CompTIA has a policy of strict compliance with federal and state
antitrust laws. The antitrust laws prohibit competitors from engaging in
actions that could result in an unreasonable restraint of trade.
Consequently, you agree to avoid discussing certain topics in
participating at any CompTIA events or activities, including, without
limitation, any discussions relating to prices, fees, rates, profit margins,
or other terms or conditions of sale (including allowances, credit terms,
and warranties); allocation of markets or customers or division of
territories; or refusals to deal with or boycotts of suppliers, customers or
other third parties, or topics that may lead participants not to deal with a
particular supplier, customer or third party.
www.comptia.org/antitrust
CompTIA’s Antitrust Statement

4. Strut Your Stuff
Panel Discussion
The CompTIA MSP Partners TrustmarkTM qualifies
and differentiates those Solution Providers that offer
on-premise IT services via a managed services
business model.
Learn more at:
www.comptia.org/trustmarks
$100 discount at
ChannelCon

5. Community Leadership
 Chair – Barney Kister
− Senior Vice President of MPS
Sales at Supplies Network
 Vice Chair – Ian Berger
− Outside Business Development
at Parts Now!
 Staff Leader – Lisa Person
− Director of Member Communities at
CompTIA

6. MPS Executive Council
Name Company
Bud Karakey BEI Services
Frank Avsenik Compugen
Gordon Snider PrintFleet
Gus Yusem Xerox
Jeff Bendix Bendix Imaging
Jon Hafey Toshiba America
Sam Moore Lexmark
Steve Lu Synnex
Tawnya Stone GreatAmerica
West McDonald FocusMPS

7. Join us for the Community & Councils
Reception & 60 Second Challenge…
• What:
– Networking over drinks
– Fun & Quick Updates
• When: 5-6 PM Today
• Where: Peabody Grand U

8. Agenda
 2:30 – 2:50 Opening
 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network
and West McDonald, Owner, FocusMPS
 3:30 – 3:45 Break
 3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not
Say." - Managed Print Services End Game - Fewer Clients, Less Money.
o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
 4:25 – 4:40 New HIPAA changes and how they affect your MPS business
o Presented by: Mike Semel, President, Mike Semel Consulting
 4:40 – 5:00 Closing

9. CompTIA Public Advocacy
Washington, DC

10. CompTIA Public Advocacy Team
• Liz Hyman, Vice President
• Lamar Whitman, Director (Tech Entrepreneurs)
• David Valdez, Sr. Director (IT Security)
• Randi Parker, Director (IT Workforce)
• Matthew L. Evans, Manager (Grassroots Advocacy
and PAC)

11. Important Issues 2013
• Cybersecurity & Data Breach
• Startup Act 3.0 & Startup Innovation Credit Act
• Immigration Reform
• Patent Reform

12. Public Advocacy
2014 CompTIA TechVoice D.C. Fly-In
The CompTIA TechVoice D.C. Fly-In will take place February
11-12, 2014. The Liaison Hotel, in walking distance to the U.S.
Capitol, will be the venue. New this year, we will be co-locating
Colloquium with the Fly-In so that the training and education
community can interact with policy makers. We will provide
updates on these events as they become available.
See print out on the table for complete advocacy details.
– If you would like the document emailed to you, please put a
star next to your name on the sign in sheet.

13. TechVoice & Social Media
www.techvoice.org
Your Source For Grassroots Innovation and Technology
Follow Us:
@Tech_Voice on Twitter
Facebook and Linkedin

14. Public Advocacy
2014 CompTIA TechVoice D.C. Fly-In
The CompTIA TechVoice D.C. Fly-In will take place February
11-12, 2014. The Liaison Hotel, in walking distance to the U.S.
Capitol, will be the venue. New this year, we will be co-locating
Colloquium with the Fly-In so that the training and education
community can interact with policy makers. We will provide
updates on these events as they become available.
See print out on the table for complete advocacy details.
– If you would like the document emailed to you, please put a
star next to your name on the sign in sheet.

15. Agenda
 2:30 – 2:50 Opening
 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network
and West McDonald, Owner, FocusMPS
 3:30 – 3:45 Break
 3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not
Say." - Managed Print Services End Game - Fewer Clients, Less Money.
o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
 4:25 – 4:40 New HIPAA changes and how they affect your MPS business
o Presented by: Mike Semel, President, Mike Semel Consulting
 4:40 – 5:00 Closing

16. Agenda
 2:30 – 2:50 Opening
 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network
and West McDonald, Owner, FocusMPS
 3:30 – 3:45 Break
 3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not
Say." - Managed Print Services End Game - Fewer Clients, Less Money.
o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
 4:25 – 4:40 New HIPAA changes and how they affect your MPS business
o Presented by: Mike Semel, President, Mike Semel Consulting
 4:40 – 5:00 Closing

17. Agenda
 2:30 – 2:50 Opening
 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network
and West McDonald, Owner, FocusMPS
 3:30 – 3:45 Break
 3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not
Say." - Managed Print Services End Game - Fewer Clients, Less Money.
o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
 4:25 – 4:40 New HIPAA changes and how they affect your MPS business
o Presented by: Mike Semel, President, Mike Semel Consulting
 4:40 – 5:00 Closing

18. 18
Connect the D ts to MPS
HIPAA Compliance
&
Make More
Money

19. 19
19
Mike Semel
Mike Semel
President
Chief Compliance Officer
SEMEL Consulting
 30+ year VAR/MSP & CompTIA member
 Former VentureTech, Varnex, HTG member
 Hands That Give architect/advisor
 Certified Business Continuity Professional
 Certified HIPAA Administrator
 Certified HIPAA Professional
 Certified Security Compliance Specialist
 Certified Health IT Consultant
 Hospital CIO (2004 – 2006)
 Chair, CompTIA Security Community (retired)
 ASCII Resident Expert
 CompTIA Security Trustmark (holder, development team,
author- quick reference guide, coach)

20. 20
 Health Insurance Portability & Accountability Act
(1996)
 Privacy Rule (2003)
 Covers all Protected Health Information (PHI)
 Verbal, Written, Electronic
 Security Rule (2005)
 Covers Electronic Protected Health Information (ePHI)
 HITECH Act (2009)
 Provided $$ for Electronic Medical Records
implementation
 Updated breach notification requirements
 Exempted encrypted data from breach reporting
HIPAA Overview

21. 21
PHI & ePHI
• Protected Health Information
– Identifiable
– Plus treatment and/or diagnostic information
• Electronic Protected Health Information
– PHI in electronic form
– Words, images, voice files
– On any media

22. 22
Most healthcare providers & payers
have to comply with the HIPAA
Security Rule, implemented in 2005
and updated by the HITECH Act of
2009.
HIPAA Covered Entities

23. 23
Companies that support Covered
Entities and come in contact with
Protected Health Information are
Business Associates and must now
comply with HIPAA. HIPAA Omnibus Final
Rule (2013)
HIPAA Business Associates

24. 24
Business Associates
• NOT Covered Entities but do come in contact with PHI
and ePHI – ALSO REQUIRE HIPAA COMPLIANT SERVICES
– Shredding Companies, Paper Records Storage
– IT companies, EHR vendors, copier vendors
– Lawyers, accountants, collections agencies, etc.
– & all subcontractors
• NEW – data centers, online backup companies,
Cloud vendors
– If they ‘maintain’ data
– Even if they don’t look at it
– Even if it is encrypted, in locked cabinets, sealed
boxes

25. 25
HIPAA Omnibus Final Rule
• Business Associates must
– Sign Business Associate Agreements
• New ones now
• Replacements by September 22, 2014
– Implement full compliance programs
– Train workforce
– Perform and document HIPAA-compliant tasks
– Manage all subcontractors (OEM’s, service providers)
• Compliance by ACT, not contrACT

26. 26
Business Associate Agreements
• Between Covered Entity & Service Provider
• Contract between 2 organizations
• Must include specific language
• May include other requirements (read carefully!)
• New guidance published Jan. 25, 2013
• May be provided by either party
• New agreements must include new language
• Existing agreements must be replaced by
September 22, 2014

27. 27
Sub-BA Agreements
• Between Business Associates and their
subcontractors, like OEMs & Service Providers
• Recommendations
– Include all required language
– Add language to include right to audit, demand
proof of compliance, report breaches in enough
time to meet federal and state guidelines
– IF NO, you have no choice but to replace vendor
– Any data stored or shared would be a data breach
for which you are responsible

28. 28
2012 - 2013 Penalties
• $ 100,000 – 5-doctor practice in Phoenix for sending patient
data by unsecure e-mails
• $ 1.7 million – Alaska state health dept. lost backup drive
• $ 1.5 million – Massachusetts hospital stolen laptop
• $ 50,000– small hospice stolen laptop
• $ 400,000 – university clinic failed firewall
• Plus costs to notify patients & remediate problems
• Publication on the HIPAA ‘Wall of Shame’

29. 29
Why are VARs, MSP’s, copier
manufacturers, & copier
service companies HIPAA
Business Associates ?

30. 30
Old vs. New
Paper in  Paper Out
HARD DRIVES STORE
AN IMAGE OF EVERY
DOCUMENT COPIED,
PRINTED, SCANNED,
OR EMAILED BY THE
DEVICE

31. 31
Sell Secure MFP’s to regulated clients
• Image Overwrite – “electronic shredding” of images
• Data Encryption (at rest & in transit)
• Access Security (users sign in)
• Track User Activity
• Separation of fax line from network connection
• Secure Print (no prints sitting in copier)
• Hard drive security cabinets (drive cannot be
removed)
• Network Security Source: Xerox

32. 32
HIPAA-compliant services
Example: Hard Drive Replacement
1. Remove Old Drive
2. Dispose old drive or return to
mfg for core credit or warranty
Standard Service
Compliance Service
1. Follow compliance checklist
2. Erase old drive at client site
3. Save erasure report to
ticket
4. Remove old drive & track
transport
5. Destroy old drive
6. Send photo of damaged
drive to ticket
7. Dispose old drive – do not
ship back
8. Send report to client’s
compliance officer

33. 33
Where printer techs touch ePHI…
charge for compliance services
Cradle to Grave
• Installation – linking MFP to
network, testing scanning to
EHR system or network folder,
faxing, e-mail
• Support – Assisting users with
problems
• Repairs – handling hard drives
• Equipment return (from lease)
• Equipment disposal

34. 34
Who needs to understand HIPAA?
• Management
– Sales opportunities, service risks/opportunities, compliance
policies, procedures, workforce training, documentation,
security incident/data breach management, Internal Auditing
• Sales
– Know rules, penalties, Meaningful Use payments, how HIPAA
relates to Managed Print Services
• Service Coordinator
– recognize compliance service requests, schedule enough
time
• Techs/Engineers
– Follow compliance service checklists
– Detailed Documentation

35. 35
Contact Info
Mike Semel
mike@semelconsulting.com
888-997-3635 x 101
www.semelconsulting.com
GIVE ME YOUR CARD & I WILL SEND YOU MORE
INFO AND A COMPLIANCE CHECKLIST

36. Agenda
 2:30 – 2:50 Opening
 2:50 – 3:30 Printing Trends – What will you do? Refute? Evolve? Do you know?
o Presented by: Doug Johnson, SVP Managed Print Services, Supplies Network
and West McDonald, Owner, FocusMPS
 3:30 – 3:45 Break
 3:45 – 4:25 The Future of Our Business - "The Things We Think And Do Not
Say." - Managed Print Services End Game - Fewer Clients, Less Money.
o Presented by: Greg Walters, President, MPSA and Co-Founder, Walters &
Shutwell Inc.
 4:25 – 4:40 New HIPAA changes and how they affect your MPS business
o Presented by: Mike Semel, President, Mike Semel Consulting
 4:40 – 5:00 Closing

37. Thank you!
For more information visit
www.comptia.org/channelcon