Cyberattacks against healthcare organizations and their business associate vendors have begun to threaten patient safety and fundamental business operations. As a result, SOC 2 audit reports have become one of the most common and cost-effective vehicles for healthcare organizations to demonstrate adoption of controls relevant to security, availability, confidentiality, processing integrity and privacy.
However, acquiring a SOC 2 audit report can be a challenge for many organizations and there are often questions that arise about how to achieve SOC 2 compliance with the least amount of cost, effort, and time.
Join us for this episode of The CyberPHIx where we hear from Paul Gray, Chief Information Security Officer for Meditology Services.
Paul provides insights from his decades of experience with SOC 2 best practices and answers some frequently asked questions:
- What is SOC 2 compliance?
- What are the different types of SOC audits including SOC 1, SOC 2, and SOC 3?
- Why do healthcare organizations obtain SOC 2 audit reports?
- Are healthcare vendors required to obtain SOC 2 reports?
- What are the AICPA Trust Criteria?
- What other certifications are available for healthcare organizations?
- What should healthcare organizations do to prepare for a SOC 2 audit?
- What are critical success factors for a successful SOC 2 engagement?
- What are some common pitfalls for healthcare organizations seeking to obtain a SOC 2 audit report?