Interview: Marc Haskelson, CEO, Compliancy Group
The HIPAA Journal has spoken with Marc Haskelson, CEO of Compliancy Group. Marc explains to readers of The HIPAA Journal why he formed Compliancy Group, what the company offers, the challenges with compliance, and predictions on future regulations in healthcare.
Marc Haskelson, CEO, The Compliancy Group
Tell the readers about your career in the healthcare industry.
My involvement in healthcare started when I was the CEO of a healthcare product business. I founded Compliancy Group after a bad experience trying to satisfy HIPAA. At the time, the options were limited—hire an expensive consultant or combine tools to meet the somewhat confusing law. The real growth came as the Omnibus Rule went into effect, mandating that healthcare vendors had the same obligation to HIPAA law.
What was your first position?
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
My earlier career was with Experian and the early days of subscription and continuity billing technology before we all called it SaaS.
What is your current position?
President and CEO of Compliancy Group
What are the main challenges in your position?
As risks have increased, we must continually expand our products and services to assist the changing landscape. To best meet the needs of our customers, we have invested in a new team of security and compliance specialists who have developed an entirely new platform.
Tell the readers about any significant event in your career.
The opportunity to lead a great team and have Compliancy Group recognized as one of Inc.’s Best Places to Work and Inc. 5000’s fastest-growing companies in 2020. We have been blessed to have won it four consecutive years and are hoping for a fifth.
Are you working on any exciting projects?
I am fascinated by the changing landscape of the risks to healthcare information. The new security threats and the expansion of AI-based solutions create great new solutions and opportunities; unfortunately, this has also increased the risks. We are working on both sides to identify new and creative solutions. Growth areas are going to be using AI-based relative threat role-playing. Think of a fire drill. Assessments, training, policies and procedures, and controls are great, but 80% of breaches are caused by simple employee error. There is a real opportunity to use real-time AI-based (Fire Drill) response to a threat.
What products/services do you provide for the healthcare industry, and what is unique about them?
We offer healthcare compliance tracking software. Our software allows clients to monitor their ongoing compliance efforts. It offers templated materials that eliminate the need for clients to research what they need in place for compliance – saving them hundreds of hours and reducing their investment in resources, whether money or staffing.
Our platform supports OIG compliance, HIPAA, OSHA, Texas HB 300, and SOC 2, and we have other regulatory compliance frameworks and security standards on our product roadmap. We will soon support CIS, CSF, NIST, and ISO.
When did you first get involved with HIPAA compliance?
When I first became involved in HIPAA in 2005, I saw an opportunity to simplify security and compliance challenges, especially for the small and midsize players of covered entities and vendors who serve them.
What are your main challenges regarding HIPAA?
Our main challenge with HIPAA is explaining why businesses, especially smaller practices, must comply. Many of them don’t believe that HIPAA applies to them and don’t recognize the risk that comes when they don’t follow the law. However, as we’ve seen on many occasions, even sole practitioners can be fined for HIPAA violations.
What do you think needs to be improved in the HIPAA regulations?
As threats increase, a better definition of security and compliance frameworks as we see in other heavily regulated markets like banking and manufacturing.
Do you have any predictions for the future of HIPAA?
There has been chatter for several years that the HIPAA regulation would be amended. Changes to strengthen the HIPAA Privacy Rule are likely on the horizon. This is evident by the increase in enforcement of the right of access standard, proving that patient medical record access is a sore spot.
Do you have any predictions for the future of healthcare regulation?
The future of healthcare regulation is likely to be shaped by several key trends and challenges. As the government struggles to regulate AI, there will likely be an increased focus on data privacy and security, leading to a need to implement stronger data protection laws. Health apps have also called into question which entities need to be regulated. The FTC recently responded by revising health breach notification requirements to include health apps.
Do you have any predictions for the future of healthcare technology?
Telehealth and remote patient monitoring will continue to grow, improving patient care. Patients who live in rural areas or have health issues that limit their mobility will benefit from this the most. Future health information systems will also be more integrated, allowing for seamless communication between care providers and improving patient care coordination. Keeping patient information private and secure with both advancements will become more complex.
Do you have any predictions for the future of the healthcare industry?
Patients will have greater control over their healthcare decisions. With more transparency due to improved access to their medical records through health apps, wearable devices, and electronic record platforms, patients can advocate for themselves, leading to personalized care.
Do you have anything else interesting to share with readers?
Threats, tools, and services to protect healthcare are changing rapidly. The good news and bad news is that with the growth of AI, for every new protection, there is also a threat.
