Blog May 18, 2015

Q&A with David Pollard: The Future (Part II)

In part two of our HIMSS15 Q&A session with our Regional Director, David Pollard, we wanted to dig a little deeper into his takeaways from the conference. Specifically, what does he predict for the future of HIPAA Compliance and the HIMSS conference? Below are his insights:

What is the future of HIPAA Compliance?

I believe HIPAA Compliance will start to look more and more like PCI (Payment Card Industry) Compliance. By design, HIPAA can be quite vague in that it doesn’t tell you how to implement controls around security and compliance, just that certain safeguards must be met. On the other hand, PCI is the exact opposite by telling you what you must do – and how you must do it (to the letter).

For example, while HIPAA says that you must keep your data in a manner that makes it “unreadable, undecipherable, and inaccessible to outside parties,” PCI not only states that you must encrypt your data, but tells you various levels of encryption within your stack – right down to the acceptable bit rate. The origin of this comes from the Omnibus Ruling that took final effect last year; the word ‘access’ was added to the descriptive: “any system that will use, distribute or store PHI.” By including the word ‘access,’ the concept of networking is brought into play, and thus you can no longer have non-PHI workloads on the same network as PHI workloads.

In your opinion, moving forward, will security solutions continue to take center stage at HIMSS?

Yes. Truthfully, while I think the consumer is getting smarter about security, it still seems like there are plenty of buyers out there that assume hiring a HIPAA-compliant service releases them from compliance liabilities.

Any emerging trends/new solutions particularly interesting?

Yes, our announcement regarding HIPAA Compliant Hosting on Amazon Web Services seemed to strike a chord. AWS had a booth and they were literally walking potential customers over to our booth to discuss their needs in detail.  The idea that you can still have AWS and HIPAA Compliance support from a quality provider was very interesting for many of the attendees.

We thank all those who stopped by our booth at HIMSS15 to chat, and look forward to seeing you all again next year. For those who missed us: if you have any questions, let us know!

Related Resources

It’s Time to Add Social Media to Your HIPAA Compliance Checklist
Whether they’re not-for-profits or more commercially focused operations, healthcare providers are in the business of healthcare. That means they care about developing relationships with their…
Know Your Audit Reports! More Advice on Vetting Cloud Providers
In a recent post, we discussed four ways to vet a cloud provider before trusting them with your mission-critical workloads. If you missed that post,…
It’s Time to Be Honest About IT
Most people are familiar with the saying fake it until you make it. We might even be able to name people who have made it…