CynergisTek, Inc.
CynergisTek, Inc. Newsletter

January 2014
In This Issue
Upcoming Events
PHI As An Asset
2013 Technology Trends
Using Private Cloud Service
Upcoming Events
HIPAA Compliance Workshop: Are you in the Tampa area? If so come join us 1/31 for a free HIPAA compliance workshop. Click here to learn more and to register.

HIMSS14 Conference: CynergisTek will be exhibiting in booth 1277 and Mac Millan and David Holtzman will be presenting at HIMSS14. We look forward to seeing our customers, friends and partners. Be sure to visit our HIMSS page often to learn more and read all of the details. See you in Orlando!   
CTek in the News
"When Important Assets Go Missing"
McMillan looks at how often unencrypted devices are stolen and provides practical guidance how to react when it happens. Click here to read the article featured in Advance for Health Information professionals.
"Administrative Security Policies Hold Enterprise Together" 
Dr. Mathews concludes part four of his series on enterprise security. Part four focuses on the administrative elements of security programs. Click here to read the article featured in SearchHealthIT.
Quick Links...
Follow us on Twitter      View our profile on LinkedIn        

2013 was an eventful year in Health IT. It began when the long-awaited final HIPAA Omnibus Rule was released on January 23rd and concluded with a $150,000 HIPAA penalty in late December after OCR investigated a small breach and ended with an announcement that Leon Rodriguez was nominated for another sector in the government. 2014 is already shaping up to be another eventful year. It is a lot for Health IT professionals to keep up with but CynergisTek has responded with several articles to help review the changes and provide guidance on next steps. Read below for some recent news and insight of the ever-changing environment.
Securing PHI As An Asset
CynergisTek's David Holtzman, VP of Privacy & Security Compliance Services, recently recorded a podcast on how PHI should be looked at and secured as a business asset. In this podcast he provides guidance on how covered entities, business associates and subcontractors should safeguard PHI. 
Click here to listen to it.
A Look at 2013 Technology Trends 
Physician's Practice recently provided an outlook of some of physician's top technology interests and topics. Security topped the list, in particular privacy monitoring, data loss prevention and encryption, as more technologies call for more proactive security. 
Click here to see what else made the list. 

The Private Cloud Gets Some Respect
Some healthcare CIOs are turning to the "private" cloud despite some of the skepticism towards using "public" cloud. Children's Hospital of Central California's CIO provides his experience of using it as a solution and gives guidance for anyone considering or using a cloud service. 
Click here to read more.
Compliance Q&A Answered By the Experts
Q: One CIO recently asked us, "Would displaying the notice of privacy practices (NPP) on an electronic screen fulfill the NPP regulation? Could other documents be displayed with it?"
A: Per the requirement in 45 CFR 164.520(c), a covered provider that maintains a physical service delivery site must prominently post the notice where it is reasonable to expect individual's seeking service from the provider to be able to read the notice. 
David Holtzman says that, in his opinion, an electronic version or summary of the NPP would meet the requirement, granted that the text was in a sufficient size and manner to be readable by patients at the service delivery/registration area. It could be a problem if the NPP is presented with other documents, such as notice of patient rights. There has been consistent, long-standing concerns about presenting NPP with other "important" notices informing patients of their rights.
Have a question you want answered? Email us to have one of our experts answer your toughest compliance question.