A Uniform Approach to Sharing Assurances and Other Certifications
Paddy Padmanabhan: There’s a question here. What is the average size of a company that obtains a hydro certification? So in other words, do you need to be of a certain size before hydrous begins to make economic or business sense? Who’d like to take that?
Michael Parisi: I can start and then maybe I’d like to get Brian’s thoughts, you know, I think we’ve heard from Howard as well and his journey where he started.
But I will tell you, we designed the programs to scale across all different shapes and sizes of organizations. For example, we actually have some very specific programs that are targeted at startup organizations or those members that are backed by venture capital firms. But we’ve got a VC program, we’ve got a right Start program. And ironically enough, Pol box was our very first organization to successfully go through the right STAR program. So they were the first organization ever globally, to go through that right. And now obviously, they’ve grown and matured, maintain that over a period of time.
There’s it’s also important to differentiate between adoption versus assessing. So we have 1000s of organizations that use our framework to be the backbone of their information security program, and they’re not certified. That’s okay, right, they just use it as a framework to build a program, Brian’s probably seen that a lot, they can’t necessarily meet the bar that requires certification is a high bar. When you think about Pabox, that’s where they started, right. And they were obviously able to quickly meet that bar and continue to maintain it. But we’ve designed programs to help organizations in either managing their information security posture, and privacy posture and or providing assurances in the form of certification. So it’s really all different shapes and sizes. The latest one that I heard a good friend of mine that is assessing is literally a two-person organization operating out of a garage, that is in the process of going through a readiness right now, up to some of the largest organizations in the world.
Brian Kline: And I’ll continue on that on that thread, I was about to say almost the same thing. It’s not a two-person organization is actually a four-person organization that I’ve helped get HITRUST out of working out of a garage as well. But I mean, the venture capital money, so they had the money that they were certified, up to, I mean, you know, the sky’s the limit. So no perfect size, we have seen exactly as Michael said that they’ve adopted a lot of the HITRUST standards, and they went to more dip their toe by going down. Again, if you want to say they’re quote-unquote, easier, the ISO 2701 route, or the sock two, which is a smaller subsection of everything. And then they went to go to, to HITRUST, sometimes doing a sock two-plus HITRUST, so they can kind of adopted it another kind of standard that is out there. So the answer is, again, two-person shops, I haven’t seen a one-person shop yet. But so let’s say two and above would be the size of the companies.
Howard Rosen: And, Patty, just to add, just to add to that, sorry, is in terms of really the determination, from our perspective was the nature of the clients you want. there’s a number of client sets, again, if you’ve satisfied so here’s the framework. And that’s all you need for that time and being you know, that may make the most sense, but if the nature of the client you want, and for whatever reason, the nature of the clients we had were such that, that made a huge business, this differentiation. And frankly, we sort of looked at it as part of a technology exercise upon a privacy and security exercise and a marketing exercise. Because to have HITRUST. So it was really a business decision, in part because of the nature of the clients that we were at that time going after that wanted to have and maintain.
Paddy Padmanabhan: Yeah. Michael Mead, would you like to weigh in?
Michael Mead: I just jumped on. So I didn’t hear the question. Hi, having really bad technical issues today for being at a technical conference?
Paddy Padmanabhan: Well, the question, the question was, do you have to be a certain size of an organization for HITRUST to make sense to you or can you be anybody and Michael Parisi just walked through the different programs they have for different kinds of organizations all the way from two-person startups and garages all the way to very large technology organizations. So you know, I was wondering whether you have a perspective on this?
Michael Mead: Well, I agree I, you know, I haven’t seen anything close to people, a two-person company either, but definitely startups and all the way up to an enterprise would definitely benefit. So, again, I agree with the, with Michael that it’s you know, two or more in probably 10 or more where it’d be easier to have those policies and procedures and, and other types of tasks oriented with this that can be spread out across the team, but definitely two and above.
Watch every minute of this session here.
Learn more about Paubox Spring Summit, Secure Communication During a Pandemic.
Read a full recap of Paubox Spring Summit.
About Paddy Padmanabhan Paddy Padmanabhan is the founder and CEO of Damo Consulting, a growth strategy and digital transformation advisory firm that works with healthcare enterprises and global technology companies. He is the host of The Big Unlock, a podcast focusing on healthcare digital transformation, and author of the book, The Big Unlock: Harnessing Data and Growing Digital Health Businesses in a Value-Based Era.
About Michael Parisi Michael Parisi is the vice president of business development & adoption at HITRUST. He’s a seasoned information security and privacy industry professional. He has served as a lead healthcare industry expert, a national healthcare third-party assurance specialist, and the national HITRUST services lead for PricewaterhouseCoopers.
About Michael Mead Michael Mead, BCPA, is the chief operations officer for The Medical Cost Savings Solution, where in just the past three years he has led the effort to save self-pay patients over $1.5 billion in their medical expenses. Before joining MCS, he led top Medicare Advantage programs in the reorganization and the implementation of new systems.
About Howard Rosen Howard is the strategic and visionary leader of LifeWIRE, which he invented and developed as a patented population management communication platform that humanizes digital communication through personalized, responsive interactions between parties like healthcare providers and patients.
About Brian Kline Brian Kline is the compliance and standards lead for Webb Adams — a veteran-owned business composed of cybersecurity and policy professionals well-versed in designing and managing security, privacy, and compliance programs. Kline is passionate about helping clients meet compliance standards and preparing them for industry certifications and attestations such as HITRUST, HIPAA/HITECH, SOC 2, GDPR, and ISO 27001.
Learn more about these panelists.