David Holtzman

David Holtzman

About David Holtzman

Considered a subject matter expert in health information privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules, David Holtzman was a senior advisor at OCR before joining the team at CynergisTek. He also previously served as the privacy & security officer for Kaiser Permanente’s Mid-Atlantic Region.

OIG Calls for Tighter Controls on PHI Sent to Offshore Vendors

Report to OCR and CMS Says Reliance on BA Agreements is Not Enough Healthcare, like many other industries, allows offshore outsourcing of information technology help desk functions, healthcare claims processing and medical transcription services. However, organizations that are considering the offshoring of health information should consider the liability associated with managing business agreements meant to provide satisfactory assurance that patient information is protected against unauthorized use or disclosure. 

June 18th, 2014|

Third Anniversary of Proposed HIPAA Access Reports Passes While Healthcare Waits

The third anniversary of the release by the Department of Health and Human Services (“HHS”) proposed regulations implementing changes to the accounting of disclosures provisions under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) has passed without much notice. The proposed regulations arose from requirements in the Health Information Technology for Economic and Clinical Health Act (“HITECH”), passed as part of the American Recovery and Reinvestment Act of 2009.

June 9th, 2014|

ONC & OCR Release Risk Assessment Tool

New HIPAA Security Risk Assessment Tool Is Designed For Small Providers & Business Associates A new security risk assessment (SRA) tool has been developed by the Department of Health & Human Services Office of the National Coordinator for Health IT (ONC) and the Office for Civil Rights (OCR). The tool is designed to help small and medium size health providers and business associates practices conduct and document a risk assessment in a thorough, organized fashion at their

April 2nd, 2014|