In this year-end Healthcare Informatics podcast, Senior Editor Gabriel Perna speaks with David Holtzman, vice president of privacy and security compliance at CynergisTek, about the top trends in healthcare data security in 2013.
To start off the podcast, the former Office for Civil Rights (OCR) deputy director for Health Information Privacy and Security, explained his shift from the public to private sector.
When it comes to data security trends, Holtzman talks about the increased sophistication of malicious threats and subsequent rise of breaches of protected health information (PHI) at healthcare organizations of all sizes in 2013.
Naturally, the conversation flips to the regulations enacted by the Department of Health and Human Services (HHS) updating the the Health Insurance Portability and Accountability Act (HIPAA), with provisions that have come to be known as the Omnibus Rule. Holtzman talks in great detail about market changes that have come about from this rule, including the requirements around covered entities, risk assessments, and the regulations around business associates (BAs) and PHI.
“The market change this has driven has been with cloud-driven service providers,” Holtzman explains. “It was very interesting that for a number of months, the lament we were hearing from healthcare providers and healthcare facilities that they couldn’t a cloud service provider and for application services who would give them a BA agreement. One by one, the big three [cloud service providers] Microsoft, Amazon, and Google started offering BA agreements. I think this was driven by the requirements of the Omnibus rule.”
Later on, Perna asks Holtzman about what expectations he has for healthcare data security in the next twelve months. In this vein, mentions the revised audit programs that OCR will conduct in 2014, how healthcare organizations will develop industry standards for managing vendors, and lastly, the development of cybersecurity standards and technology. He also talks about how Microsoft will stop supporting the XP operating system and what it means for data security.