Preview Mode Links will not work in preview mode

Welcome to the Change Healthcare podcast.

Change Healthcare is inspiring a better healthcare system.

Whether you need to improve operational efficiency, optimize financial performance, or enhance the consumer experience, we offer the industry insight and innovative technology to help you meet your objectives.

Nov 19, 2019

Not long ago healthcare IT systems were information silos, safely isolated inside a payer’s or provider’s data center. The greatest threat to IT security was the unlikely inside job. Fast forward to 2019, and HIT systems are increasingly enmeshed across corporate, government, vendor, and even consumer boundaries. Information is flowing between multiple on-premise and cloud data centers; among vendors, software services, and APIs; and often across the public Internet.

The threat landscape healthcare organizations must mitigate today is greater, more complex, and evolving faster than ever. But while the IT world we work in gets more challenging by the day, the disciplines and how to manage the environment have also improved dramatically. Practices such as HITRUST certification and SOC audits are helping IT teams evaluate their organizations and ensure adherence with the highest security protocols and standards.

On today’s show, Bob Hoover, Vice President of Change Healthcare Consulting, discusses the state of IT security and where HITRUST, SOC 2, and enterprise risk management fit in with Haddon Bennett, Chief Information Security Officer at Change Healthcare; and Rusty Fancher and Susan Richards, Program Directors of Enterprise Information Security at Change Healthcare. Here's what they hit on.

  • HIPAA compliance, HITRUST’s controlled framework, and SOC 2: What’s the difference? (03:05)
  • A top-down approach to establishing enterprise information security governance, policy implementation, and performance measurement (08:48)
  • Resources and skill sets required to build, troubleshoot, and manage enterprise information security programs (13:22)
  • Establishing an information security mindset (18:46)
  • Which way to go: Comparative benefits and a rationale for choosing either SOC 2 audits and reports or HITRUST certification (23:32)
  • Instituting sound security policies and procedures, risk assessments, and data protection regulations (30:33)
  • SOC report types and HITRUST scoring models (36:32)
  • How to assess HITRUST certification value for an organization (38:15)

Episode Resources

  1. Bob Hoover’s bio
  2. Haddon Bennet’s bio
  3. Rusty Fancher's bio
  4. Susan Richards’ bio
  5. Consulting Resource Center
  6. Change Healthcare Consulting Services

Show Resources