HIPAA/HITECH , Standards, Regulations & Compliance , Video

Giving Patients Easy Access to Health Info: A Balancing Act

David Holtzman of HITprivacy on Regulatory, Industry Challenges Facing Healthcare
David Holtzman, attorney, principal and founder, HITprivacy LLC

As regulators push healthcare entities and technology vendors to provide patients with easier access to their electronic health information, organizations face a delicate balance between compliance and the prevention of potential security breaches, says attorney David Holtzman, founder and principal of consulting firm HITprivacy LLC.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

A top priority for the Department of Health and Human Services - through its HIPAA patient "right of access" initiative and provisions contained within the 21st Century Cures Act - is to ensure that individuals have access to their health information. And that's not just HIPAA-protected information, says Holtzman, "but all of the health information that's maintained by a healthcare organization." Individuals have "the right of access to that information using the least disruptive consumer based technology that's available to them," he says.

But at the same time, that patient access objective, to some extent affects HHS' Office for Civil Rights' regulators and the healthcare sector's compliance mindset, according to Holtzman.

"They have to be careful to not impinge on that priority of allowing individuals access, using third-party technology to health information," he says. They have to make sure that they are adopting appropriate technologies that allow consumers access to all of this health information … but at the same time that they are not creating vulnerabilities that will impact or weaken their information security that protects that same health information from unauthorized disclosure."

In this video interview with Information Security Media Group, Holtzman also discusses:

  • The latest HIPAA enforcement trends;
  • Top healthcare cybersecurity challenges;
  • Government efforts to help improve healthcare sector cybersecurity.

Holtzman previously served on the health information privacy team at the Department of Health and Human Services, Office for Civil Rights and as a consultant at security and privacy consultancy CynergisTek. He has two decades of experience in developing, implementing and evaluating health information privacy and security compliance programs for both government and private sector organizations and is a member of the HHS 405(d) Task Group and the Joint Cybersecurity Working Group of the Healthcare Sector Coordinating Council.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.