Mac McMillan is co-founder and CEO of CynergisTek, Inc., a firm specializing in the areas of information security and regulatory compliance in healthcare. He is the current Chair of the HIMSS Privacy & Security Policy Task Force and was recognized in 2012 as a HIMSS Fellow.
Mr. McMillan brings over 30 years of combined intelligence, security countermeasures and consulting experience to his position from both Government and private sector positions. He has worked in the Healthcare industry since his retirement from the federal government in 2000 and has contributed regularly to organizations such as HIMSS, HCCA, AHIA, AHIMA, AAHSA, HFMA and AHLA and contributes regularly to the thought leadership around data security in healthcare.
He served as Director of Security for two separate Defense Agencies, and sat on numerous interagency intelligence and security countermeasures committees while serving in the US Government. McMillan is the former Chair, HIMSS Information Systems Security Working Group, and the HIMSS Privacy & Security Committee. He sits on the HIT Exchange and HCPro Editorial Advisory Boards, as well as the HealthTech Industry Advisory Board. He has contributed to more than 300 articles and postings in Healthcare IT magazines, healthcare IT blogs and other healthcare newsletters, etc.
He presents regularly at conferences and other events, and was a contributing author to the HIMSS book, Information Security in Healthcare: Managing Risk. Mr. McMillan holds a Master of Arts degree in National Security and Strategic Studies from the U.S. Naval War College and a Bachelor of Science degree in Education from Texas A&M University. He is a graduate of the of the Senior Officials in National Security program at the JF Kennedy School of Government at Harvard University and a 1993/4 Excellence in Government Fellow. He is retired from the U.S. Marine Corps.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets many rules and regulations to help create guidelines for healthcare providers (covered entities) to protect the integrity of personal health information (PHI). The HIPPA Security Rule specifically requires conducting a security risk analysis per 45 CFR 164.308(a)(1). Part of the risk analysis includes implementing updates as necessary and correcting identified vulnerability (or documenting why they did not take action to address the vulnerability).