Blog May 18, 2015

Q&A with David Pollard: The Future (Part II)

In part two of our HIMSS15 Q&A session with our Regional Director, David Pollard, we wanted to dig a little deeper into his takeaways from the conference. Specifically, what does he predict for the future of HIPAA Compliance and the HIMSS conference? Below are his insights:

What is the future of HIPAA Compliance?

I believe HIPAA Compliance will start to look more and more like PCI (Payment Card Industry) Compliance. By design, HIPAA can be quite vague in that it doesn’t tell you how to implement controls around security and compliance, just that certain safeguards must be met. On the other hand, PCI is the exact opposite by telling you what you must do – and how you must do it (to the letter).

For example, while HIPAA says that you must keep your data in a manner that makes it “unreadable, undecipherable, and inaccessible to outside parties,” PCI not only states that you must encrypt your data, but tells you various levels of encryption within your stack – right down to the acceptable bit rate. The origin of this comes from the Omnibus Ruling that took final effect last year; the word ‘access’ was added to the descriptive: “any system that will use, distribute or store PHI.” By including the word ‘access,’ the concept of networking is brought into play, and thus you can no longer have non-PHI workloads on the same network as PHI workloads.

In your opinion, moving forward, will security solutions continue to take center stage at HIMSS?

Yes. Truthfully, while I think the consumer is getting smarter about security, it still seems like there are plenty of buyers out there that assume hiring a HIPAA-compliant service releases them from compliance liabilities.

Any emerging trends/new solutions particularly interesting?

Yes, our announcement regarding HIPAA Compliant Hosting on Amazon Web Services seemed to strike a chord. AWS had a booth and they were literally walking potential customers over to our booth to discuss their needs in detail.  The idea that you can still have AWS and HIPAA Compliance support from a quality provider was very interesting for many of the attendees.

We thank all those who stopped by our booth at HIMSS15 to chat, and look forward to seeing you all again next year. For those who missed us: if you have any questions, let us know!

Related Resources

 
Do I Need to Comply With HIPAA/HITECH Privacy Rules?
In 2009, the U.S. Congress passed The Health Information Technology for Economic and Clinical Health (HITECH) Act as part of the American Recovery and Reinvestment…
 
What ISVs Need to Know About Hosting SaaS Apps in Healthcare
As reported in the HIPAA Journal, the HHS has issued a clarification statement for when business associates can be fined for non-compliance. If you are…
 
Your Crash Course on Security in the Cloud (and of the Cloud)
You’ve no doubt realized by now that cybercrime isn’t going away anytime soon. What you might not know is that approximately 43 percent of all…