Interview: Zbyněk Sopuch, Chief Technology Officer, Safetica
The HIPAA Journal has spoken with Zbyněk Sopuch, Chief Technology Officer at Safetica Inc., a global software company that provides business data protection and insider threat prevention solutions, including HIPAA-regulated entities.
Zbyněk Sopuch, Chief Technology Officer at Safetica Inc.
What is your current position?
My current role is Chief Technology Officer (CTO) at Safetica, a security software vendor, and I am currently connecting my technology perspective and background with customer needs. The goal is to solve complicated challenges with the overall objective to empower users, and to not overwhelm them. This is especially important in the healthcare sector where the job is to focus on patients, not on computers.
What was your first position?
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
I started as an OS security developer, understanding the details of protection and vulnerabilities in different operating systems. Then I progressed through various organizations, including Safetica, to different leadership roles in product development, allowing me to ascertain a strategic understanding of how to balance cost, value and engineering. Connecting technology with the real-world scenarios and organization demands has become personally very fulfilling.
Tell the readers about your career in the healthcare industry
My first professional contact with the healthcare industry was 11 years ago as head of software development for a Data Leak Prevention solution. Besides protection of intellectual property, having hospitals and private clinics as clients brought us into data regulation even before the personal data regulation era. One of the key parts of the healthcare industry is the protection of patient data, established in the United States through HIPAA, and here in Europe with parallel HHS safeguards, which are quite similar. A key role of these early data leak solutions was aligning organizations in compliance with these healthcare regulations.
On a particular level, some of my first tangible healthcare experiences have been around data protection in a chain of private reproduction clinics. Data there felt personally very sensitive, and I began to understand data protection in healthcare as the extension of the trust between a doctor and a patient.
What are the main challenges in your position?
At Safetica, as we saw global demand for data security grow over the last ten years, we saw the medical sector as a key driver of that growth, both due to rising data regulations, emergence of digital transformation in the sector, and increasing data mobility across private and public networks. The mission of Safetica is to bring this enterprise level data security to small and medium businesses with limited IT resources and capacities.
And to connect it personally to my position, it’s seeing beyond the technology horizon. What we are designing and developing now, the market will fully adopt in a year. So, we are dealing with questions like cloud or AI will affect these regulated sectors and how it can reshape the security landscape.
Are you working on any interesting projects?
Yes, all the time! Just at the moment, I’m deeply involved in an exciting project centered around our Safetica DLP Cloud Security solution, specifically tailored for the regulated sectors in the USA like finance and healthcare. So, from a healthcare perspective, recognizing the unique challenges faced by small medical practices shifting to the modern SaaS solutions and concerning HIPAA and patient data security. Our goal is to provide security practices with a robust data loss prevention tool that not only safeguards sensitive information but also seamlessly integrates with their workflows, ensuring that they can maintain the highest standards without any added complexities.
What products/services do you provide for the healthcare industry and what is unique about them?
We provide the healthcare industry with our Data Loss Prevention (DLP) solution, which strikes a balance between security and operational efficiency. Straightforward implementation and ease of use are critical for us, and our solution is aimed to empower smaller and larger clinics with internal trust and confidence to deal with sensitive patients’ data without having extensive resources. We designed it to fit into all types of environments and regulations and we provide both, managed cloud version for regular offices and clinics, but even a version for self-managed in cloud or on-premises for organizations with the highest demand for separation and maximum control.
What are your main challenges regarding HIPAA?
HIPAA is undeniably crucial for patient data protection, but its nature poses challenges, especially for smaller entities. It’s written by lawyers for lawyers, and while larger institutions have dedicated teams to decipher and implement its guidelines, smaller clinics or practices might struggle with the complexity. They often lack the resources to hire specialists, leading them to rely on common sense, intuition and ideally some form of digital assistance.
Additionally, staying updated with the ever-evolving regulations and ensuring that every staff member is trained and compliant adds another layer of complexity. Our aim with Safetica DLP is to bridge this gap and offer a tool that simplifies the compliance process for these entities.
What do you think needs to be improved in the HIPAA regulations?
HIPAA has been foundational in preserving patient data integrity, but there’s room for enhancement. One of the primary concerns is its adaptability in the face of rapidly advancing technology like cloud, AI, or telemedicine. Another example can be enforcement and standards. HIPAA is not very specific in this area and has space for flexibility. That’s positive for mitigating negative regulatory impact but leaves a huge number of organizations in a gray zone. The solution should be a clear set of practical recommendations, better awareness and strict control when incidents happen. Instead of just penal repercussions, a more proactive stance focusing on preventive measures, regular training, and educational resources can foster a culture of genuine data protection across the sector.
Do you have any predictions for the future of HIPAA?
Given the surge in healthcare-related cyberattacks, I expect a greater emphasis on cybersecurity measures and guidelines. We can see that this diligent convergence of cybersecurity and data regulation is leading to a growing segment of managed security providers. As well as outsourcing IT administration litigation and taxes, many organizations, and especially smaller ones, are going to outsource even the regulation compliance regimes like HIPAA.
Do you have any predictions for the future of healthcare regulation?
We’re likely to see more regulation over emerging technologies, such as telemedicine, AI-driven diagnostics, and wearable health devices. The topic of data anonymization and using patient data for machine learning needs to balance privacy and personal rights, but without killing the innovation – because this kind of innovation can in the end save a lot of lives. Additionally, as patient data starts to flow across borders, especially with telemedicine and health SaaS (and fitness) tools, there might be a push toward global harmonization of health data regulations, led by US and EU standards.
You can contact Zbyněk Sopuch via his LinkedIn account https://www.linkedin.com/in/zbyneksopuch/
