David Holtzman, CIPP/G



VP, Compliance Strategies

David Holtzman is vice president of privacy and security compliance services for CynergisTek, Inc., a firm specializing in the areas of information security and regulatory compliance in healthcare. He is considered a subject matter expert in health information privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules. Holtzman has over 10 years of experience in developing, implementing and evaluating health information privacy and security compliance programs from both government and private sector positions. Prior to CynergisTek, Holtzman was a senior advisor with the Department of Health and Human Services, Office for Civil Rights (OCR) where he played key roles in planning and developing policy and guidance issued under HIPAA/HITECH regulations. Additionally, Holtzman led many OCR initiatives including the effort to integrate the administration and enforcement of the HIPAA Security Rule by establishing workflows for processing, identifying and investigating alleged violations of the rule. He served as the subject matter expert to OCR and other federal agencies in the planning, execution, and resolution of complex investigations involving reviews of an organization's compliance with the HITECH Act and the HIPAA Privacy and Security Rules. Prior to joining OCR, Holtzman served as the privacy and security officer for Kaiser Permanente's Mid-Atlantic region, an organization with 500,000 subscribers, 6,500 employees and 35 administrative and healthcare facilities. He was the front-line leader responsible for developing and directing risk assessments for privacy and security compliance, prioritizing areas for assessment and audit, and developing and executing corrective plans for areas of noncompliance identified through risk based frameworks.
Holtzman is an accomplished and sought after public speaker to national and international audiences exploring the state of health information privacy and security, information protection, and data breach response. He served as the co-chair of the NIST/OCR Health Information Security Assurance Conference from 2010 to 2013 and was a presenter at annual events. Holtzman has also presented educational sessions to the HCCA Compliance Institute, HIMSS Annual Conference and IAPP Privacy Summit, as well as presented in numerous webinars and academic lectures. Holtzman earned his Juris Doctorate at the Western New England College, School of Law and graduated summa cum laude from the College at Brockport of the State University of New York. He is admitted to the practice of law in New York and Illinois.


Contributions by David Holtzman

  • Behavioral Analytics’ Role in Assuring Data Security
    Speaker at Privacy. Security. Risk. 2018
  • Speaker at Global Privacy Summit 2014
  • Speaker at IAPP Global Privacy Summit 2012
  • Speaker at IAPP Global Privacy Summit 2011