Blog May 11, 2015

Q&A with David Pollard: HIMSS15 Takeaways

If you’ve been following our blog or keeping up with us on social media, you know that we traveled to Chicago last month for HIMSS15, the largest health IT event in the industry. It was an action packed week—we listened to former President George W. Bush’s keynote speech on HIPAA and Electronic Medical Records (EMR) and even had a visit from The Department of Health and Human Services as they walked the floor looking to gain insight from service and application providers. Our regional director, David Pollard represented Connectria this year at the conference. We asked him a few questions about his experience at HIMSS15—see below for his key takeaways from the event.

Did you notice a shift in this year’s focus following major information breaches (e.g., Anthem and Premera Blue Cross)?

Yes! There was a great deal of emphasis on information security, how to secure cloud services and how to maintain HIPAA compliance. I think that as a result of these breaches, those who were starting to relax and look to the cloud are taking a much harder look at that option and really qualifying the provider.

In your discussions, how well versed were organizations around HIPAA compliant hosting?

It varied quite a bit.  Some were of the misguided mindset that you contract with a provider and wash your hands of compliance.  There were some that were laser focused on specific aspects of compliance, such as encryption options or data transmission elements.  And then there were others that more were realistic in their concept of how a provider works with the customer in managing the overall PHI footprint.

What questions did organizations have for you at the booth?

Compared with what I recall of last year, there were many more people talking about Risk Assessment. We let attendees know that access to our Compliance Team here at Connectria is free to our customers and that the team’s primary job is to help with Risk Assessment and other audit services.  This is a well utilized and appreciated advantage that many of our current customers leverage frequently.

Which areas are most in need of attention when it comes to security and threats?

It’s difficult to zero in on one area as just the phrase “HIPAA compliant” has become so over-used and over-simplified.  A prime example is Amazon Web Services (AWS).   While Amazon has had their infrastructure controls audited for HIPAA Compliance and HIPAA Compliance is possible, it is entirely up to the consumer to make it that way.

Unfortunately, some hosting companies also operate in this way: while the infrastructure is compliant, the user must still acquire their own Centralized Logging, Security Event Information Management (SEIM) Tools and File Integrity Management (FIM).  They also have to manage their own encryption services and manage all of the reporting for their Risk Assessment.  This is clearly a huge undertaking, but something that is completely covered under our HIPAA Compliance Support Plan.  We shared our HIPAA Vendor Comparison and talked about how we go further than any other hosting company in terms of compliance.  This means that we not only provide the tools and services that matter to the customer, but we help them implement those tools and service at no additional charge.

Overall thoughts about the conference in general?

This year’s conference was a success. We enjoyed speaking with different organizations about our solutions, especially our newly announced HIPAA Compliant Solution on AWS. Attendees loved our No Jerks Allowed philosophy as well. We’re looking forward to next year’s HIMSS conference in Las Vegas!

 

Related Resources

 
Disaster Recovery Options For The IBM i Series
In 2017, Forrester Research partnered with the Disaster Recovery Journal to look at the state of disaster recovery preparedness in today’s companies. The results were…
 
7 Signs You May Need Help With Your Azure or AWS Deployment
According to Cloud Computing Trends: 2017 State of the Cloud Survey, companies house 41% of their workloads in a public cloud like Microsoft Azure or…
 
6 Ways to Build a Better Relationship with Your MSP
Thinking of leveraging a “managed service provider” in 2019? You’re not alone! IDC’s 2017 research found that 30% of executives outsource at least some of…