Mac McMillan

Co-Founder and CEO, CynergisTek, Inc.

McMillan is co-founder and CEO of CynergisTek Inc., a firm specializing in information security and regulatory compliance. He has more than 30 years of federal and private sector experience in managing and delivering information security services and is chair of the HIMSS Privacy and Security Steering Committee.

Preparing for OCR Audits: Presented by Mac McMillan of the HIMSS Privacy and Policy Task Force

Presented by Mac McMillan • September 17, 2014

It's hard to believe, but a year has already passed since the deadline for the HIPAA Omnibus Final Rule went into place. Although the language is set, the full impact is still playing out. Recent changes within the Office of Civil Rights (OCR) and its leadership have energized enforcement and changed what...

Making the Business Case for IAM

Mac McMillan • August 21, 2014

Senior leaders are often faced with tough budget decisions. That's why winning support for an investment in an identity and access management tools requires painting a clear picture of the value to the business.

Securing the Brave New World of Online Patient Information

Presented by Mac McMillan , Tiffany Riley • May 30, 2014

Now that healthcare providers have spent large amounts of money for electronic health records (EHR), how will they keep the data secure from skilled, motivated criminals? A new focus by criminals on compromising EHRs is forcing the healthcare industry to step up their information security. This webinar features...

Beware: FTC Taking Action on Breaches

Mac McMillan • February 5, 2014

Two recent healthcare cases show that the Federal Trade Commission will not hesitate to take action against organizations that fail to protect patient data.

Termination: When Is It Appropriate?

Mac McMillan • September 17, 2013

Termination of an employee after a breach should be reserved for repeat offenders, individuals who show a total disregard for the rules, those who seek to harm another or the most egregious incidents, security expert Mac McMillan contends.

HIPAA Omnibus: Business Associate Tips

Mac McMillan • May 10, 2013

Business associates have new obligations under the HIPAA Omnibus Rule. What key compliance steps do they need to take? An expert on healthcare security and regulatory issues provides answers.

Updated Federal HIPAA Compliance Audit Preparation Tips

Presented by Mac McMillan • April 25, 2013

One of the best ways to prepare for federal HIPAA compliance audits is to learn from the experiences of those who have gone before you. Of the 115 organizations audited in the 2012 pilot project, only 10 percent passed without issue, another 10 percent were totally unprepared, and the remainder had multiple...

Dept. of Health & Human Services HIPAA Audits: How to Prepare

Presented by Mac McMillan • May 29, 2012

A good way to prepare for federal HIPAA compliance audits is to learn from the experiences of the first organizations audited earlier this year. This webinar will feature timely insights from a consultant who observed first-hand an audit at a hospital that was one of the 20 initial sites audited under the...

HIPAA Enforcement: Five Suggestions

Mac McMillan • May 26, 2011

Many have been asking lately if the Department of Health and Human Services' Office for Civil Rights has been effective in carrying out its HIPAA enforcement role. The question is a fair one.

Detecting and Preventing Health Data Breaches

Presented by Mac McMillan , Brian Singer • February 17, 2011

Healthcare data breaches and regulatory mandates have combined to create a new standard for data security that relies heavily on system and user activity awareness. To be compliant and avoid costly breaches, organizations must to improve their ability to predict and see in near real time where incidents are likely to...

Health Info Security: Much to be Done

Mac McMillan • November 29, 2010

Recent surveys point to the need for those entrusted with patient information to make security a higher priority.

Encryption as Part of a Broader 'Safe Harbor' Strategy

Presented by Mac McMillan • November 11, 2010

Because the HITECH Act's breach notification rule includes a safe harbor that exempts the reporting of breaches if the data involved was properly encrypted, many organizations are investigating whether to make wider use of encryption. But healthcare organizations need to develop a better understanding of how...