David Holtzman

David Holtzman

About David Holtzman

Considered a subject matter expert in health information privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules, David Holtzman was a senior advisor at OCR before joining the team at CynergisTek. He also previously served as the privacy & security officer for Kaiser Permanente’s Mid-Atlantic Region.

Is an Online Risk Analysis That Pays for Fines & Penalties a Bad Bet?

A recent marketing come-on to healthcare practices and business associates from a company that provides an online HIPAA Security Rule risk assessment triggered some old memories. You know the ad, “Give us two hours of your time and we will give you a risk analysis.” If you buy into their online risk assessment, they promise that they will pay the first $100,000 of any fine or penalty levied by OCR or CMS.

June 23rd, 2014|

OCR Continues to Ramp Up for Audits

Office for Civil Rights Seeks a Senior Auditor Earlier this year OCR announced that they are launching the HIPAA/HITECH Audit Program this year and have been ramping up efforts to kick off the program. They added staff to execute the audits, announced the scope of the next phase and now are taking another step towards launching Phase II by inviting applications to fill the position of a new Senior Auditor to lead the project. What is interesting is that the posting on the

June 20th, 2014|

OIG Calls for Tighter Controls on PHI Sent to Offshore Vendors

Report to OCR and CMS Says Reliance on BA Agreements is Not Enough Healthcare, like many other industries, allows offshore outsourcing of information technology help desk functions, healthcare claims processing and medical transcription services. However, organizations that are considering the offshoring of health information should consider the liability associated with managing business agreements meant to provide satisfactory assurance that patient information is protected against unauthorized use or disclosure. 

June 18th, 2014|

Third Anniversary of Proposed HIPAA Access Reports Passes While Healthcare Waits

The third anniversary of the release by the Department of Health and Human Services (“HHS”) proposed regulations implementing changes to the accounting of disclosures provisions under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) has passed without much notice. The proposed regulations arose from requirements in the Health Information Technology for Economic and Clinical Health Act (“HITECH”), passed as part of the American Recovery and Reinvestment Act of 2009.

June 9th, 2014|

ONC & OCR Release Risk Assessment Tool

New HIPAA Security Risk Assessment Tool Is Designed For Small Providers & Business Associates A new security risk assessment (SRA) tool has been developed by the Department of Health & Human Services Office of the National Coordinator for Health IT (ONC) and the Office for Civil Rights (OCR). The tool is designed to help small and medium size health providers and business associates practices conduct and document a risk assessment in a thorough, organized fashion at their

April 2nd, 2014|