May 23, 2018
Security framework certifications such as HITRUST and SOC 2 take center stage in this episode of CyberPHIx. Hear from Derek Vorpahl, VP and CISO at Davis Vision, a provider of managed vision care plans nationally. Derek and Meditology Services partner, Brian Selfridge have a candid conversation about where certifications really fit into the overall spectrum of information security risk management tools for healthcare organizations. Our discussion with Derek addresses some of the following issues:
- How well do security certifications reduce the number of security audit inquiries?
- Can security certification requirements be useful in managing day-to-day information security risk management?
- Derek offers advice for people in the early stages of the certification process.
- A broad range of staffing skills are needed to complete the certification process.
Show Notes:
- 2:15 Security Certifications is on the rise and why
- 6:28 Does Certifications reduce the number of audits
- 8:06 Do Certifications help create security program
- 10:45 Things to understand as you start out getting Certifications
- 13:22 What skills that your security teams need
- 17:52 How to get people excited about security audits
- 22:47 Is security sharing of value to your program
- 26:05 Do you recommend the investment in sharing resources
- 27:20 Preparing for an OCR Audit or regulatory threats
- 29:56 How is mergers change a security program build out
- 34:18 How do maintain a team when a merger happens
- 37:19 Key learnings
- 38:16 Introduction to next episode