This content is part of the Conference Coverage: HIMSS 2016 conference coverage and analysis

HIPAA compliance audits coming, cybersecurity expert says at HIMSS 2016

In a podcast from HIMSS, cybersecurity expert Mac McMillan discusses a new health data security simulation system, long-delayed HIPAA audits and the safety of cloud technology.

LAS VEGAS -- The health IT world has expected HIPAA compliance audits of healthcare organizations and their business associates for more than a year, and they still haven't happened.

But one health data cybersecurity expert interviewed at HIMSS 2016 told SearchHealthIT he expects the long awaited audits to launch in 2016 despite the change of administrations at the end of the year.

At the midpoint of the weeklong show, HIMSS 2016 had drawn more than 40,000 attendees to what is traditionally the biggest health IT conference and exhibition.

In this podcast interview, Michael "Mac" McMillan, co-founder and CEO of CynergisTek, Inc., a health data security and privacy consulting firm, says political factors have little to do with the delayed HIPAA compliance audits.

Mac McMillan, CEO and co-founder, CynergisTekMac McMillan

Rather, he says, it is likely the work style of Deven McGraw, deputy director for health information privacy and head of the audit program for the Department of Health and Human Services' Office for Civil Rights' (OCR). He says McGraw wants to ensure -- after a round of pilot audits in 2014 -- that OCR is fully prepared to carry out thorough audits.

Even so, McMillan says he is surprised that no one in Congress has called for an inquiry into why the HIPAA compliance audits, which were expected last year, have still not begun.

McMillan also says CynergisTek has been working with a new data security threat system from Symantec Corporation that allows health information managers and security officers to practice in simulated real time how they'd respond to cyberattacks on their health data networks.

McMillan also touches on the growing use of cloud technology in most sectors of health IT, saying cloud issues are almost talked about too much.

Not only can cloud technology be as secure as enterprise-based systems, but the cloud is also inevitable because of its financial and performance advantages, McMillan, a former security director for two defense agencies, says.

Let us know what you think about the story or any other developments from HIMSS 2016; email Shaun Sutner, news and features writer or contact @SSutner on Twitter.

Next Steps

A data center CIO talks cloud security

What audits of HIPAA-covered entities will look like

How a New Jersey health system does cybersecurity

Dig Deeper on HIMSS conference and exhibition