Preview Mode Links will not work in preview mode

The CyberPHIx: A Meditology Services Podcast


Jun 14, 2018

Handling thousands of security audit questions per month while also conducting routine internal audits is a daunting and tiring task.  Audit fatigue is real!  However, meeting security audit requests has become a standard for doing business in the healthcare industry.  This CyberPHIx episode examines successful approaches to handling security audits from a vendor’s perspective.  Hear from Chris Risley, Executive Director Enterprise Risk Management of NASCO, an exclusive provider of claims processing and other services to Blue Cross / Blue Shield Plans across the country.   This discussion addresses some of the following questions: 

  • How do you help your organization to combat audit fatigue? 
  • What standards do you have in place to improve responsiveness and drive efficiencies in the audit process? 
  • How do you handle capacity constraints in managing a portfolio of audits with limited bandwidth and staff?  
  • How does effective security risk management correlate to business value and how is that value communicated to leadership and the marketplace? 

Show Notes:

  • 1:04 Intro
  • 2:11 Increase volume for various audit plans
  • 3:07 Organizing to respond to audits
  • 5:39 What are the common frame works  for audit questions
  • 7:41 Can you be proactive in response to eliminate fatigue
  • 10:35 How far should organization go with being transparent
  • 12:49 Are more resources going to be needed for responding to audits
  • 15:33 How to prioritize internal risk management
  • 18:03 How flexible does your internal audit plan need to be
  • 19:49 What are the common pitfalls for creating a plan
  • 23:45 How to combat audit fatigue
  • 26:25 How to communicate risk to leadership
  • 33:12 Use of analogies to help communicate
  • 36:16 How to manage the organization change within the business
  • 42:05 Key Findings
  • 42:54 Introduction for next podcast