This is about why and how I decided to get the CISSP Certification, and how I studied to pass the exam. I don't put a lot of stock in certs but I saw some strategic reasons to do this one.
I've been at Iora Health since 2011. When Iora started, our business model did not involve the submission of medical claims. Having in those very early days no business relationships with insurance companies, we thought for a brief while that we would not be obligated by HIPAA. Soon enough, though, our business did start working with insurance companies, and that meant we had to stand up a HIPAA program. My colleague Andrew Schutzbank became the HIPAA Privacy Officer, and I became the HIPAA Security Officer. We wrote all of the initial policies and procedures, trained the staff, and began conducting periodic security/privacy reviews and walk-throughs of our practices.
Over the years I have continued as Security Officer. In 2016 I led up the effort to obtain HITRUST Certification for the company, and that required a complete overhaul of our policies, and a new effort to be able to prove, through evidence, that we are doing all the things we say we do. As a part of that, we started making deeper inquiries with our business partners about their security. We obtained our HITRUST Cert in 2017. Over those years security has become a top priority for the company and in my personal professional development.
About this time, I noticed that many of my opposite numbers at other companies have the...Read more and comment . . .