David Holtzman

David Holtzman is an executive advisor for CynergisTek. He is considered a subject matter expert in health information privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules. Prior to CynergisTek, Holtzman served on the health information privacy team at the Department of Health & Human Services, Office for Civil Rights (OCR/HHS), where he led many OCR initiatives including the effort to integrate the administration and enforcement of the HIPAA Security Rule, and health information technology policies. David has nearly two-decades of experience in developing, implementing and evaluating health information privacy and security compliance programs from both government and private sector organizations. He is a member of the HHS “CISA 405-d Workgroup”, the Joint Cybersecurity Working Group of the Healthcare Sector Coordinating Council and Co-Chair of the Privacy and Security Workgroup for North Carolina Healthcare Information & Communications Alliance (NCHICA).

  • OCR Allows Internet Apps for Telehealth During COVID-19 Emergency

    OCR Allows Internet Apps for Telehealth During COVID-19 Emergency

    In a pair of sweeping directives that will have far reaching implications for healthcare providers and their patients, the Office for Civil Rights (OCR) issued guidance and FAQs through which the...

    Read More
  • Some HIPAA Requirements Waived for Hospitals in Response to Coronavirus

    Some HIPAA Requirements Waived for Hospitals in Response to Coronavirus

    The Secretary of HHS has declared a nationwide public health emergency. The declaration includes a suspension of some of the requirements of the HIPAA Privacy Rule for hospitals to help ease...

    Read More
  • OCR Allows Use of Videoconferencing During Coronavirus Emergency

    OCR Allows Use of Videoconferencing During Coronavirus Emergency

    Healthcare providers may provide treatment services to patients using a variety of non-public facing telehealth technologies without complying with the requirements of the HIPAA Privacy and...

    Read More
  • Thinking About Buying New IoT Devices? Better Wait ‘til Next Year for Better Security Features!

    Thinking About Buying New IoT Devices? Better Wait ‘til Next Year for Better Security Features!

    IoT Devices Vulnerable to Cybersecurity Threats   Healthcare organizations, like other businesses, are integrating “smart technologies” into devices and facility controls that are connected to the...

    Read More
  • Debunking Four Common Myths of the California Consumer Privacy Act (CCPA)

    Debunking Four Common Myths of the California Consumer Privacy Act (CCPA)

    Read David Holtzman’s latest blog post as he talks about how CCPA applies to healthcare, non-profits, and data outside of California.

    Read More
  • New York SHIELD Act: Where Do I Begin?

    New York SHIELD Act: Where Do I Begin?

    This in-depth resource, written by Executive Advisor David Holtzman, provides best practices all organizations should consider in order to be ready for the New York SHIELD Act.

    Read More
  • New York’s Sweeping Data Protection & Breach Notification Law Takes Effect This Week

    New York’s Sweeping Data Protection & Breach Notification Law Takes Effect This Week

    New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act that amends the state’s breach notification law goes into effect this week. The SHIELD Act significantly expands what...

    Read More
  • OCR Business Associate Fact Sheet Sets Floor and AMCA Breach Shows Why We Must Do More

    OCR Business Associate Fact Sheet Sets Floor and AMCA Breach Shows Why We Must Do More

    Why Having a Vendor Security Management Program is Necessary News of a cybersecurity incident compromising the personally identifiable information of the American Medical Collections Agency...

    Read More
  • HHS Proposed Information Blocking Rules and OCR FAQs

    HHS Proposed Information Blocking Rules and OCR FAQs

    The Office of the National Coordinator (ONC) released its long-awaited proposed rule on interoperability and information blocking, the 21st Century Cures Act, by identifying conduct that is not...

    Read More
  • Changes to New California Privacy Law Exempts Some Healthcare Organizations

    Changes to New California Privacy Law Exempts Some Healthcare Organizations

    Much has been written about the potential impacts that the California Consumer Privacy Act of 2018 (CaCPA) could make on health care organizations and their business partners. The California...

    Read More
  • OCR Updates Audit Protocol Emphasizing its Role for Compliance and Enforcement

    OCR Updates Audit Protocol Emphasizing its Role for Compliance and Enforcement

    The US Department of Health and Human Services, Office for Civil Rights (OCR) has without fanfare updated its comprehensive audit protocol, making substantive changes to inquiries to demonstrate...

    Read More
  • Colorado Breach Law Uses Long Arms to Protect Health Information Not Covered by HIPAA

    Colorado Breach Law Uses Long Arms to Protect Health Information Not Covered by HIPAA

    Colorado has put into place a new law that will require organizations handling digital personal information of Colorado residents have security safeguards in place to protect information from...

    Read More
  • OCR Says Gap Analysis Does Not Meet HIPAA Requirements

    OCR Says Gap Analysis Does Not Meet HIPAA Requirements

    The HHS Office for Civil Rights (OCR) has issued guidance answering the question that performing a gap analysis of an information system’s safeguards is not enough to meet the minimum requirements...

    Read More
  • HIPAA Enforcement: 2017 Year in Review

    HIPAA Enforcement: 2017 Year in Review

    2017 will go down as a change year for Health Insurance Portability and Accountability Act (HIPAA) enforcement of the Privacy, Security, and Breach Notification Rules. This comes on the heels of...

    Read More
  • OCR Says Desk Audits Rates Many HIPAA Efforts to be Inadequate or Worse

    OCR Says Desk Audits Rates Many HIPAA Efforts to be Inadequate or Worse

    The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) released preliminary results from Phase 2 of the HIPAA Audit Program. The data was drawn from limited scope desk...

    Read More
  • OCR Tells Healthcare Organizations: A WannaCry Ransomware Attack is a HIPAA Breach

    OCR Tells Healthcare Organizations: A WannaCry Ransomware Attack is a HIPAA Breach

    The Office for Civil Rights (OCR) has issued advisories that a HIPAA covered entity or business associate that is affected by the “WannaCry” ransomware attack or other malware should respond to...

    Read More
  • OCR Enforcement Actions: Prioritize HIPAA Security & Vendor Management Requirements

    OCR Enforcement Actions: Prioritize HIPAA Security & Vendor Management Requirements

    Thus far in 2017, the Office for Civil Rights (OCR) has announced that they have negotiated settlements or levied penalties in seven cases that have resulted in covered entities and business...

    Read More
  • Organizations Subject to HIPAA Get a Pass from New Mexico Breach Notification Law

    Organizations Subject to HIPAA Get a Pass from New Mexico Breach Notification Law

    Earlier this month, New Mexico became the forty-eighth state to enact a data breach notification law. Only Alabama and South Dakota remain without such requirements. The Data Breach Notification...

    Read More
  • CMS Proposes EHR Incentive Program Changes and Affirms Stage 3 Effective in 2018

    CMS Proposes EHR Incentive Program Changes and Affirms Stage 3 Effective in 2018

    CynergisTek is alerting you to a number of changes the Centers for Medicare & Medicaid Services (CMS) is proposing to the requirements of the EHR Incentive Program that would apply to the program...

    Read More
  • Death, Taxes … and Breach Reporting

    Death, Taxes … and Breach Reporting

    It is said that the only two certainties in life are death and taxes. If you are a HIPAA covered entity, you can add reporting breaches of unsecured protected health information (PHI) to the...

    Read More
  • loading
    Loading More...