Western Reserve’s Tailored HITRUST Experience
Mark Davidson is the Chief Information Officer for Western Reserve Area Agency on Aging. After managing multiple different auditing processes each year he decided to simplify everything by making the leap to become HITRUST certified.
We’re a nonprofit agency on aging and we work with a lot of different managed care providers, so we go through anywhere from three to a half dozen audits a year. In those audits they ask various things, and there’s always a point within that audit where they ask if we are HITRUST certified or if we have a comparable certification.
We always knew we were going to get to the point where we’d want a HITRUST certification, and we finally got to the point where we thought, “Yeah, let’s just go ahead and do it.”
And it’s been really beneficial to us, because it makes the audit process way easier for us. It’s actually far more strict than our audits, so we can say, “Hey, we are HITRUST certified.” And they go, “Okay, cool! That’s more strict than what we have.”
We were going into this with a fresh point of view, and we didn’t know what to expect when looking for an assessor or even what our HITRUST process was going to look like. But we did our due diligence, and reached out to a handful of different consultants and companies that would help us throughout this journey of getting the HITRUST certification.
Obviously, the number one thing would be expertise and experience. The reputation of the company that we were going to go with was really important as well, and just general communication skills. Obviously cost factors into that as well.
But I’ve worked on a bunch of different projects and worked with different companies where communication is lacking, and especially when you’re going into a project such as this, you really want solid communication with those that you’re working with. And we have had nothing but great experiences when it comes to communication with you all.
I think the most intimidating thing was that we went straight for r2, where I know a lot of organizations go for one of the lower certifications. Just seeing the sheer amount of controls that we had to gather evidence for was kind of
an eye opener.
But luckily, for us, we did have quite a few policies and procedures in place that we were already doing. I would say we were 80% of the way there. We didn’t really have to add many systems or technology, we just needed to wrap it all up with a bow and formalize everything. So, we had to create a lot of procedures and then tighten up a few of our policies and combine things, but the sheer amount of evidence that we had to collect and populations to collect was intimidating.
This was my first time going through this and if we didn’t have a solid backing to guide me the whole way, I would’ve been totally lost.
I’ve had a couple of colleagues at other organizations that kind of went more on their own with that, and man, kudos to them, because that’s a very large undertaking outside of your regular job responsibilities.
In the tech field, we like to say, “There’s no dumb questions.” But in our weekly meetings, I had a lot of dumb questions, especially in those early meetings. And they handled them with such grace, kind of held my hand, and made me com-
fortable with the process.
As we got further along the process, everything was just clicking. And even now–going into our interim assessment–I’m not sweating it at all.
I have even talked to other CIO’s, directors of IT, and other organizations and let them know of the experience I had.
I feel super comfortable with the process now, with you all.
Put everything that you already know about the HITRUST process to the side. They really just helped us along the way and any stress you might be feeling, they reassure you the whole time that everything is going to be okay. They have a whole team to help you out.
And I know in our project, that we reached some points where I was pretty stressed out about it, but I talked to the team over there and they said, “You know what, we’re going to put our focus here.”
Privaxi really helped us focus in and get everything wrapped up, to the point where it’s finalized, submitted, and it’s a pro-
duct that you are proud to present.
.svg)
