Jay Wilson – Healthgrades

To Jay Wilson, security is a mindset, not a department, and for him there is no bad time to start on the journey of protecting data.

In 2017 Wilson was asked to take the role of chief information security officer at Healthgrades—a technology and data company that connects patients and health care providers—after successfully launching new products as the senior vice president of engineering for Healthgrades’ hospital CRM division. In his new role, he continues to safeguard protected health information (PHI) and personal information for millions of consumers and physicians at more than 1500 hospitals that partner with Healthgrades.

His first order of business?

Wilson established a carefully constructed risk management program to get board members, executives and staff aligned and working toward the same goals. Simultaneously, he improved upon many core security disciplines within the company and worked to get Healthgrades’ CRM product HITRUST certified, the gold standard of Common Security Framework (CSF) regulation in the health care industry.

“Security is not a department, it’s a company-wide effort,” Wilson says, noting his team of seven help him lead security initiatives for the entire company. “It is an exciting and challenging process all at the same time.”

First things first

There are two sides to business at Healthgrades. For consumers, it’s an online marketplace to research care, make appointments, share and access physician reviews; for health care providers and health systems, Healthgrades offers products and services to help them connect to millions of consumers along their health care journey.

When those two camps converge, a metric ton of data is available to help both consumers and providers. The hospitals provide patient information to Healthgrades and, in combination with other data sources, Healthgrades’ data science team uses its proprietary machine-learning algorithms to augment customers’ CRM systems with predictive AI models. The information gleaned from those processes can go back to the hospitals to analyze patient needs and potential services from a health care perspective, and to offer business intelligence and marketing insights. In addition, the information can be used by consumers to help them find the best possible care while experiencing a seamless customer experience.

Enter HITRUST

To insure the greatest protection for the organization and its clients’ data, Healthgrades has been on a mission to become HITRUST certified. The health care-oriented HITRUST CSF is widely regarded as one of the most comprehensive and rigorous security frameworks, with a total of 19 domains that are required to document, monitor and measure in any organization that attempts certification.

“Each HITRUST implementation is unique, but for Healthgrades, our report is very comprehensive with 509 controls across all core security domains, including many additional state-level requirements for our certification to be effective across the nation,” Wilson says, commenting that he finds the work very satisfying and loves to interact with clients. “I like a challenge. That’s me.”

The honey do list

Like mowing the lawn and cleaning the gutters on the weekend, there is no shortage of projects for Wilson to do within an organization with so many pieces and parts.

Front and center has been the HITRUST project, but in the past year he has also been busy augmenting programs related to vulnerability management, threat intelligence, incident response and identity and access management.

Looking ahead, Wilson also sees himself spending a lot of time refining elements of existing programs to advance each capability, offer more proactive monitoring and develop strategies for Healthgrades’ products.

“We have created a strong foundation. At this stage, it is now all about measuring, learning and refining,” he says.

Challenges and satisfaction

It’s a given that Healthgrades will be growing the enterprise continually, as the nature of technology is to evolve.

With Healthgrades recently announcing its Customer Data Platform (CDP)—a product that provides additional data capabilities to clients—Wilson says that with innovation and advances in products there is also more scrutiny from a security and regulatory perspective; an exciting challenge to come.

“The bar needs to be set high, or even higher than where we are today,” Wilson says. “The reality is that there is no shortage of bad actors on the black market and people on the prowl for illegally obtained medical records. That’s why what we do matters so much.”

With a deep technology and software engineering background, Wilson is equipped to combat the problem and relishes the task.

“There’s always room for improvement, but I get a lot of satisfaction in the process to improve operations and to reach another milestone,” Wilson says. “We have an amazing team and amazing clients. Security is a mindset. Our entire company is committed to all security efforts and that is what matters. For me it’s a journey, and the key areas I focus upon are exciting and impactful the more that I do.”