If you’ve been following our blog or keeping up with us on social media, you know that we traveled to Chicago last month for HIMSS15, the largest health IT event in the industry. It was an action packed week—we listened to former President George W. Bush’s keynote speech on HIPAA and Electronic Medical Records (EMR) and even had a visit from The Department of Health and Human Services as they walked the floor looking to gain insight from service and application providers. Our regional director, David Pollard represented Connectria this year at the conference. We asked him a few questions about his experience at HIMSS15—see below for his key takeaways from the event.
Did you notice a shift in this year’s focus following major information breaches (e.g., Anthem and Premera Blue Cross)?
Yes! There was a great deal of emphasis on information security, how to secure cloud services and how to maintain HIPAA compliance. I think that as a result of these breaches, those who were starting to relax and look to the cloud are taking a much harder look at that option and really qualifying the provider.
In your discussions, how well versed were organizations around HIPAA compliant hosting?
It varied quite a bit. Some were of the misguided mindset that you contract with a provider and wash your hands of compliance. There were some that were laser focused on specific aspects of compliance, such as encryption options or data transmission elements. And then there were others that more were realistic in their concept of how a provider works with the customer in managing the overall PHI footprint.
What questions did organizations have for you at the booth?
Compared with what I recall of last year, there were many more people talking about Risk Assessment. We let attendees know that access to our Compliance Team here at Connectria is free to our customers and that the team’s primary job is to help with Risk Assessment and other audit services. This is a well utilized and appreciated advantage that many of our current customers leverage frequently.
Which areas are most in need of attention when it comes to security and threats?
It’s difficult to zero in on one area as just the phrase “HIPAA compliant” has become so over-used and over-simplified. A prime example is Amazon Web Services (AWS). While Amazon has had their infrastructure controls audited for HIPAA Compliance and HIPAA Compliance is possible, it is entirely up to the consumer to make it that way.
Unfortunately, some hosting companies also operate in this way: while the infrastructure is compliant, the user must still acquire their own Centralized Logging, Security Event Information Management (SEIM) Tools and File Integrity Management (FIM). They also have to manage their own encryption services and manage all of the reporting for their Risk Assessment. This is clearly a huge undertaking, but something that is completely covered under our HIPAA Compliance Support Plan. We shared our HIPAA Vendor Comparison and talked about how we go further than any other hosting company in terms of compliance. This means that we not only provide the tools and services that matter to the customer, but we help them implement those tools and service at no additional charge.
Overall thoughts about the conference in general?
This year’s conference was a success. We enjoyed speaking with different organizations about our solutions, especially our newly announced HIPAA Compliant Solution on AWS. Attendees loved our No Jerks Allowed philosophy as well. We’re looking forward to next year’s HIMSS conference in Las Vegas!