Enterprise Risk Management, HITRUST, SOC 2, and You

 In Health Informatics

Not long ago healthcare IT systems were information silos, safely isolated inside a payer’s or provider’s data center. The greatest threat to IT security was the unlikely inside job. Fast forward to 2019, and HIT systems are increasingly enmeshed across corporate, government, vendor, and even consumer boundaries. Information is flowing between multiple on-premise and cloud data centers; among vendors, software services, and APIs; and often across the public Internet.

The threat landscape healthcare organizations must mitigate today is greater, more complex, and evolving faster than ever. But while the IT world we work in gets more challenging by the day, the disciplines and how to manage the environment have also improved dramatically. Practices such as HITRUST certification and SOC audits are helping IT teams evaluate their organizations and ensure adherence with the highest security protocols and standards.

On today’s show, Bob Hoover, Vice President of Change Healthcare Consulting, discusses the state of IT security and where HITRUST, SOC 2, and enterprise risk management fit in with Haddon Bennett, Chief Information Security Officer at Change Healthcare; and Rusty Fancher and Susan Richards, Program Directors of Enterprise Information Security at Change Healthcare. Here’s what they hit on.

  • HIPAA compliance, HITRUST’s controlled framework, and SOC 2: What’s the difference? (03:05)
  • A top-down approach to establishing enterprise information security governance, policy implementation, and performance measurement (08:48)
  • Resources and skill sets required to build, troubleshoot, and manage enterprise information security programs (13:22)
  • Establishing an information security mindset (18:46)
  • Which way to go: Comparative benefits and a rationale for choosing either SOC 2 audits and reports or HITRUST certification (23:32)
  • Instituting sound security policies and procedures, risk assessments, and data protection regulations (30:33)
  • SOC report types and HITRUST scoring models (36:32)
  • How to assess HITRUST certification value for an organization (38:15)

Episode Resources

  1. Bob Hoover’s bio
  2. Haddon Bennet’s bio
  3. Rusty Fancher’s bio
  4. Susan Richards’ bio
  5. Consulting Resource Center
  6. Change Healthcare Consulting Services

Show Resources

Automation often breeds worry, as the people working in an area being automated sometimes fear the technology will put them out of a job. However, Montefiore Nyack Hospital—a 250-bed community hospital located 30 miles north of New York City—found that implementing artificial intelligence (AI) in the radiology ...

Recommended For You

Start typing and press Enter to search

© 2020 Change Healthcare