CynergisTek, Inc.
CynergisTek News & Upcoming Events
November 2013
Table of Contents

In case you missed it, we recently made an exciting announcement that David Holtzman is bringing his privacy, security and OCR expertise to CynergisTek's executive leadership team. Holtzman's addition exemplifies our focus on privacy, security and audit services, and we look forward to sharing our expertise with you.
Sr OCR Privacy & Security Expert Joins CTek
CynergisTek welcomes David Holtzman, industry veteran, author and highly-regarded thought leader, to our Compliance Services executive team as vice president of privacy and security. In this role, Holtzman will compliment CynergisTek's leadership in healthcare privacy and security with his government and private sector expertise, enhancing our position as the premier provider of enterprise privacy and security solutions and services for healthcare organizations. Click here to read the entire story.
Guidance on the Omnibus Rule
godly-enter-key.jpgCynergisTek CEO, Mac McMillan recently wrote several articles addressing the Omnibus Rule guidance OCR provided on their website. McMillan breaks it down by category: Marketing (Refill Reminders), Decedent Information, and Student Immunizations. OCR included several FAQs on their website and wanted to clarify some of the complex changes. Additionally, OCR recently released examples and templates of reviewed notice of Privacy Practices. Click here to read the entire story.
Compliance Needs a Shrewd Strategic Plan
CEO Mac McMillan recently contributed to Healthcare Finance News about how compliance needs a strategic plan. "A lot of our healthcare organizations are engaging in ACOs, or they're part of a HIE," he said and as a result of many of these relationships, they are signing data use agreements with the Centers for Medicare & Medicaid Services, which raises the bar in terms of the level of security that healthcare organizations have to maintain. Click here to read the entire story.
CTek Featured Stories
As HIT thought leaders and experts, CynergisTek has recently participated in several interviews and wrote multiple articles for industry publications. Click on the links below to read more:
Choosing a Cloud Provider: Cloud Provider Research, Due Diligence Needed to Maintain Compliance (
Culture Influences HIPAA Compliance: PSST! -Security Culture -The Key to HIPAA Compliance (HIMSS Privacy & Security Committee Blog)
Experts Question Tech Issues: Insurance Exchanges -A Work in Progress (
Data Storage Challenges: Securing Mountains of Data (HFMA Leadership Magazine)
Upcoming Events
Free Webinar: Ready or Not - HIPPA Just Got Tougher


Tuesday, November 19th, CynergisTek and Iatric Systems are teaming up for a webinar to address patient privacy challenges. Between frequent insider snooping and nearly a 20% increase in medical identity theft over the past year* it is clear that healthcare organizations still have a long way to go to comply with the Omnibus Rule & HIPAA. Click here to learn more and register.


Free HIPAA Compliance Workshop in St. Louis

CynergisTek will continue to lead interactive, educational sessions across the country to help providers comply with the Omnibus Rule, as well as to help improve audit readiness for OCRs forth coming random HIPAA compliance audits. CynergisTek has already provided several sessions since the rule was announced in January of this year. McMillan will discuss how recent changes to the Omnibus Rule affect provider privacy and security programs and provide insight of OCRs enforcement. McMillan will also draw from his experience working with several provider organizations selected for OCRs 2012 audit pilot program to share proven strategies for audit readiness. Join us in St. Louis on Wednesday, December 11th. Click here to learn more and register.

Compliance Q&A
As a speaker at several national and regional conferences over the past month, Mac McMillan was asked by several about the security and the accountability factor that covered entities (CEs) must have with their business associates (BAs) now that the Omnibus Rule can be enforced. Mac explains that now it is a shared responsibility if a BA has an incident and requires a closer collaboration among the two. CEs must have a good understanding of the vendor's ability to protect the CEs sensitive data. Mac recently told GovernmentHealthIT, "It assumes due diligence prior to contracting, evaluation of capabilities during contracting, and monitoring throughout the contract. Covered entities that do not take this seriously run the risk of possible implication during a review or investigation of one of their vendors by the OCR as a result of a breach or complaint. HIPAA's security rule provides for remedies when faced with a vendor who has demonstrated some form of noncompliance. The entity can terminate the relationship or provide them with some period of time to fix the issue. If that doesn't work, the next step is to report the vendor to OCR. There is an important lesson here. Organizations that do not follow this process, and who become aware of a noncompliant situation, fail to remedy it and continue to utilize the vendor in question, will increase their own liability for enforcement action in the event of an incident."

Email us if you have a compliance question that you like to ask CynergisTek.
Follow us on Twitter        View our profile on LinkedIn