Security Certifications: Lessons from the Trenches

Subscribe on your favorite platform:

About the Podcast: The CyberPHIx is a regular audio podcast series that reports and presents expert viewpoints on data security strategy for organizations handling patient health or personal information in the delivery of health-related services. These timely programs cover trends and data security management issues such as cybersecurity risk management, HIPAA and OCR compliance strategy and vendor risk management. Meditology Services, the healthcare industry's leading security and compliance firm, moderates the discussions with leaders in healthcare data security.

In this episode of CyberPHIx Derek Vorphal, VP and CISO at Davis Vision, discusses security certifications such as HITRUST and SOC 2. Davis Vision is a provider of managed vision care plans nationally.

Derek and Brian Selfridge, Meditology Services Partner, hold a candid conversation about where certifications fit into the overall spectrum of information security risk management tools for healthcare organizations.

Listen as Derek answers the following questions:

  • Do security certifications reduce the number of audit inquiries?
  • Can certification requirements be useful in managing day-to-day information security risk management?
  • What advice do you have for organizations in the early stages of the certification process?
  • What staffing resources do you need to complete the certification process?