Blog May 18, 2015

Q&A with David Pollard: The Future (Part II)

In part two of our HIMSS15 Q&A session with our Regional Director, David Pollard, we wanted to dig a little deeper into his takeaways from the conference. Specifically, what does he predict for the future of HIPAA Compliance and the HIMSS conference? Below are his insights:

What is the future of HIPAA Compliance?

I believe HIPAA Compliance will start to look more and more like PCI (Payment Card Industry) Compliance. By design, HIPAA can be quite vague in that it doesn’t tell you how to implement controls around security and compliance, just that certain safeguards must be met. On the other hand, PCI is the exact opposite by telling you what you must do – and how you must do it (to the letter).

For example, while HIPAA says that you must keep your data in a manner that makes it “unreadable, undecipherable, and inaccessible to outside parties,” PCI not only states that you must encrypt your data, but tells you various levels of encryption within your stack – right down to the acceptable bit rate. The origin of this comes from the Omnibus Ruling that took final effect last year; the word ‘access’ was added to the descriptive: “any system that will use, distribute or store PHI.” By including the word ‘access,’ the concept of networking is brought into play, and thus you can no longer have non-PHI workloads on the same network as PHI workloads.

In your opinion, moving forward, will security solutions continue to take center stage at HIMSS?

Yes. Truthfully, while I think the consumer is getting smarter about security, it still seems like there are plenty of buyers out there that assume hiring a HIPAA-compliant service releases them from compliance liabilities.

Any emerging trends/new solutions particularly interesting?

Yes, our announcement regarding HIPAA Compliant Hosting on Amazon Web Services seemed to strike a chord. AWS had a booth and they were literally walking potential customers over to our booth to discuss their needs in detail.  The idea that you can still have AWS and HIPAA Compliance support from a quality provider was very interesting for many of the attendees.

We thank all those who stopped by our booth at HIMSS15 to chat, and look forward to seeing you all again next year. For those who missed us: if you have any questions, let us know!

Related Resources

 
7 Signs You May Need Help With Your Azure or AWS Deployment
According to Cloud Computing Trends: 2017 State of the Cloud Survey, companies house 41% of their workloads in a public cloud like Microsoft Azure or…
 
6 Ways to Build a Better Relationship with Your MSP
Thinking of leveraging a “managed service provider” in 2019? You’re not alone! IDC’s 2017 research found that 30% of executives outsource at least some of…
 
A Short FAQ on Disaster Recovery as a Service
Disaster Recovery as a Service (DRaaS) is becoming increasingly popular as a way to ensure business continuity in the event of a natural or manmade…