HITrust Certification Irony


(Markus) #1

Due to popular demand my firm is thinking about getting the HITrust Certification. Ironically the company that issues the certification was hacked back in 2013. It made me chuckle a bit at the idea of throwing money at a company to certify you for their best practices security measures when it’s proven to not work.


(Dave Hausmann) #2

That is funny. We have had audits done by external companies that tell us we need to follow certain guidelines, but when you check them out they don’t do it, or they do something else that is a no-brainer.
It makes you wonder when you pay to get a certification and a year or two later the vendor gets hacked, how does that affect the value of the certification. Not just in money but in how potential customers, partners, and vendors view your company.


#3

Often times they have workers not fully certified to do the audits (i.e. Credentialed) and the company doesn’t even know how to remediate findings in their own audits. Vetting of these audit companies can a long painful process, but if you’re going to throw a lot of money their way to do the job right, it definitely pays to do your research and make some calls.