Contact Us
Blog May 18, 2015

Q&A with David Pollard: The Future (Part II)

In part two of our HIMSS15 Q&A session with our Regional Director, David Pollard, we wanted to dig a little deeper into his takeaways from the conference. Specifically, what does he predict for the future of HIPAA Compliance and the HIMSS conference? Below are his insights:

What is the future of HIPAA Compliance?

I believe HIPAA Compliance will start to look more and more like PCI (Payment Card Industry) Compliance. By design, HIPAA can be quite vague in that it doesn’t tell you how to implement controls around security and compliance, just that certain safeguards must be met. On the other hand, PCI is the exact opposite by telling you what you must do – and how you must do it (to the letter).

For example, while HIPAA says that you must keep your data in a manner that makes it “unreadable, undecipherable, and inaccessible to outside parties,” PCI not only states that you must encrypt your data, but tells you various levels of encryption within your stack – right down to the acceptable bit rate. The origin of this comes from the Omnibus Ruling that took final effect last year; the word ‘access’ was added to the descriptive: “any system that will use, distribute or store PHI.” By including the word ‘access,’ the concept of networking is brought into play, and thus you can no longer have non-PHI workloads on the same network as PHI workloads.

In your opinion, moving forward, will security solutions continue to take center stage at HIMSS?

Yes. Truthfully, while I think the consumer is getting smarter about security, it still seems like there are plenty of buyers out there that assume hiring a HIPAA-compliant service releases them from compliance liabilities.

Any emerging trends/new solutions particularly interesting?

Yes, our announcement regarding HIPAA Compliant Hosting on Amazon Web Services seemed to strike a chord. AWS had a booth and they were literally walking potential customers over to our booth to discuss their needs in detail.  The idea that you can still have AWS and HIPAA Compliance support from a quality provider was very interesting for many of the attendees.

We thank all those who stopped by our booth at HIMSS15 to chat, and look forward to seeing you all again next year. For those who missed us: if you have any questions, let us know!

Related Resources

Introducing Connectria’s IBM and AWS Hybrid Architecture
Today, most companies recognize the clear benefits of digital transformation, from improved IT agility and global scale to the cost-saving benefits of the transition from…
How HITRUST Transforms HIPAA/HITECH Requirements Into Actions
Compliance measures, responsibilities, and technologies are constantly evolving for healthcare IT. The primary concern for most healthcare organizations is focused on maintaining compliance with HIPAA/HITECH…