Sign up to save your podcasts
Or
Share Enterprise Risk Management, HITRUST, SOC 2, and You
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Enterprise Risk Management, HITRUST, SOC 2, and You
Not long ago healthcare IT systems were information silos, safely isolated inside a payer’s or provider’s data center. The greatest threat to IT security was the unlikely inside job. Fast forward to 2019, and HIT systems are increasingly enmeshed across corporate, government, vendor, and even consumer boundaries. Information is flowing between multiple on-premise and cloud data centers; among vendors, software services, and APIs; and often across the public Internet.
The threat landscape healthcare organizations must mitigate today is greater, more complex, and evolving faster than ever. But while the IT world we work in gets more challenging by the day, the disciplines and how to manage the environment have also improved dramatically. Practices such as HITRUST certification and SOC audits are helping IT teams evaluate their organizations and ensure adherence with the highest security protocols and standards.
On today’s show, Bob Hoover, Vice President of Change Healthcare Consulting, discusses the state of IT security and where HITRUST, SOC 2, and enterprise risk management fit in with Haddon Bennett, Chief Information Security Officer at Change Healthcare; and Rusty Fancher and Susan Richards, Program Directors of Enterprise Information Security at Change Healthcare. Here's what they hit on.
- HIPAA compliance, HITRUST’s controlled framework, and SOC 2: What’s the difference? (03:05)
- A top-down approach to establishing enterprise information security governance, policy implementation, and performance measurement (08:48)
- Resources and skill sets required to build, troubleshoot, and manage enterprise information security programs (13:22)
- Establishing an information security mindset (18:46)
- Which way to go: Comparative benefits and a rationale for choosing either SOC 2 audits and reports or HITRUST certification (23:32)
- Instituting sound security policies and procedures, risk assessments, and data protection regulations (30:33)
- SOC report types and HITRUST scoring models (36:32)
- How to assess HITRUST certification value for an organization (38:15)
Episode Resources
- Bob Hoover’s bio
- Haddon Bennet’s bio
- Rusty Fancher's bio
- Susan Richards’ bio
- Consulting Resource Center
- Change Healthcare Consulting Services
Show Resources
- SUBSCRIBE to the podcast using any podcatcher or RSS reader
- Download the audio and listen offline
- Get the iOS app
- Get the Android app
- Suggest or become a guest
- Contact Change Healthcare
View all episodes
By Change Healthcare
4.4
1717 ratings
Not long ago healthcare IT systems were information silos, safely isolated inside a payer’s or provider’s data center. The greatest threat to IT security was the unlikely inside job. Fast forward to 2019, and HIT systems are increasingly enmeshed across corporate, government, vendor, and even consumer boundaries. Information is flowing between multiple on-premise and cloud data centers; among vendors, software services, and APIs; and often across the public Internet.
The threat landscape healthcare organizations must mitigate today is greater, more complex, and evolving faster than ever. But while the IT world we work in gets more challenging by the day, the disciplines and how to manage the environment have also improved dramatically. Practices such as HITRUST certification and SOC audits are helping IT teams evaluate their organizations and ensure adherence with the highest security protocols and standards.
On today’s show, Bob Hoover, Vice President of Change Healthcare Consulting, discusses the state of IT security and where HITRUST, SOC 2, and enterprise risk management fit in with Haddon Bennett, Chief Information Security Officer at Change Healthcare; and Rusty Fancher and Susan Richards, Program Directors of Enterprise Information Security at Change Healthcare. Here's what they hit on.
- HIPAA compliance, HITRUST’s controlled framework, and SOC 2: What’s the difference? (03:05)
- A top-down approach to establishing enterprise information security governance, policy implementation, and performance measurement (08:48)
- Resources and skill sets required to build, troubleshoot, and manage enterprise information security programs (13:22)
- Establishing an information security mindset (18:46)
- Which way to go: Comparative benefits and a rationale for choosing either SOC 2 audits and reports or HITRUST certification (23:32)
- Instituting sound security policies and procedures, risk assessments, and data protection regulations (30:33)
- SOC report types and HITRUST scoring models (36:32)
- How to assess HITRUST certification value for an organization (38:15)
Episode Resources
- Bob Hoover’s bio
- Haddon Bennet’s bio
- Rusty Fancher's bio
- Susan Richards’ bio
- Consulting Resource Center
- Change Healthcare Consulting Services
Show Resources
- SUBSCRIBE to the podcast using any podcatcher or RSS reader
- Download the audio and listen offline
- Get the iOS app
- Get the Android app
- Suggest or become a guest
- Contact Change Healthcare