Originally published in the Compliance and Ethics Blog
Both HIPAA and the HITECH Act have been around forever in compliance years, but that doesn’t mean that the challenges they pose have all been met.
In fact, Adam Greene, a partner at Davis Wright Tremaine in Washington, DC explains that the risks keep changing because technology keeps evolving. Big data, Artificial Intelligence and machine learning are all changing the playing field, not to mention ransomware, information sharing and interoperability.
In our talk together on this podcast he speaks to the dynamic environment as well as some of the issues compliance teams are facing when dealing with the regulators. It’s a topic he knows well, having seen it from both sides. Before his current tenure in the law firm, he served at HHS in the Office for Civil Rights (OCR).
Some of the other topics he discusses include:
- The disconnect between how information security professionals look at security vs. what OCR wants to see in compliance documentation
- Ongoing difficulties in enabling patients to access and share their health data
- Vendor management after the business associate agreement is in place
- The European General Data Protection Regulation (GDPR), and not over or under-reacting
- How best to approach regulators after a breach occurs
Click here to listen in. He provides a good guide to changing times for this substantial compliance risk area.