Preview Mode Links will not work in preview mode

The CyberPHIx: A Meditology Services Podcast


May 23, 2018

Security framework certifications such as HITRUST and SOC 2 take center stage in this episode of CyberPHIx.  Hear from Derek Vorphal, VP and CISO at Davis Vision, a provider of managed vision care plans nationally.  Derek and Meditology Services partner, Brian Selfridge have a candid conversation about where certifications really fit into the overall spectrum of information security risk management tools for healthcare organizations.   Our discussion with Derek addresses some of the following issues: 

  • How well do security certifications reduce the number of security audit inquiries? 
  • Can security certification requirements be useful in managing day-to-day information security risk management? 
  • Derek offers advice for people in the early stages of the certification process. 
  • A broad range of staffing skills are needed to complete the certification process. 

Show Notes:

  • 2:15 Security Certifications is on the rise and why
  • 6:28 Does Certifications reduce the number of audits
  • 8:06 Do Certifications help create security program
  • 10:45 Things to understand as you start out getting Certifications
  • 13:22 What skills that your security teams need
  • 17:52 How to get people excited about security audits
  • 22:47 Is security sharing of value to your program
  • 26:05 Do you recommend the investment in sharing resources
  • 27:20 Preparing for an OCR Audit or regulatory threats
  • 29:56 How is mergers change a security program build out
  • 34:18 How do maintain a team when a merger happens
  • 37:19 Key learnings
  • 38:16 Introduction to next episode