Jay Wilson – Healthgrades

Security is a mindset, not a department

To Jay Wilson, security is a mindset, not a department, and for him there is no bad time to start on the journey of protecting data.

In 2017 Wilson was asked to take the role of chief information security officer at Healthgrades—a technology and data company that connects patients and health care providers—after successfully launching new products as the senior vice president of engineering for Healthgrades’ hospital CRM division. In his new role, he continues to safeguard protected health information (PHI) and personal information for millions of consumers and physicians at more than 1500 hospitals that partner with Healthgrades.

Jay Wilson – Healthgrades Toggle Magazine

His first order of business?

Wilson established a carefully constructed risk management program to get board members, executives and staff aligned and working toward the same goals. Simultaneously, he improved upon many core security disciplines within the company and worked to get Healthgrades’ CRM product HITRUST certified, the gold standard of Common Security Framework (CSF) regulation in the health care industry.

“Security is not a department, it’s a company-wide effort,” Wilson says, noting his team of seven help him lead security initiatives for the entire company. “It is an exciting and challenging process all at the same time.”

First things first

There are two sides to business at Healthgrades. For consumers, it’s an online marketplace to research care, make appointments, share and access physician reviews; for health care providers and health systems, Healthgrades offers products and services to help them connect to millions of consumers along their health care journey.

When those two camps converge, a metric ton of data is available to help both consumers and providers. The hospitals provide patient information to Healthgrades and, in combination with other data sources, Healthgrades’ data science team uses its proprietary machine-learning algorithms to augment customers’ CRM systems with predictive AI models. The information gleaned from those processes can go back to the hospitals to analyze patient needs and potential services from a health care perspective, and to offer business intelligence and marketing insights. In addition, the information can be used by consumers to help them find the best possible care while experiencing a seamless customer experience.Jay Wilson – Healthgrades Toggle Magazine


To insure the greatest protection for the organization and its clients’ data, Healthgrades has been on a mission to become HITRUST certified. The health care-oriented HITRUST CSF is widely regarded as one of the most comprehensive and rigorous security frameworks, with a total of 19 domains that are required to document, monitor and measure in any organization that attempts certification.

“Each HITRUST implementation is unique, but for Healthgrades, our report is very comprehensive with 509 controls across all core security domains, including many additional state-level requirements for our certification to be effective across the nation,” Wilson says, commenting that he finds the work very satisfying and loves to interact with clients. “I like a challenge. That’s me.”

The honey do list

Like mowing the lawn and cleaning the gutters on the weekend, there is no shortage of projects for Wilson to do within an organization with so many pieces and parts.

Front and center has been the HITRUST project, but in the past year he has also been busy augmenting programs related to vulnerability management, threat intelligence, incident response and identity and access management.

Looking ahead, Wilson also sees himself spending a lot of time refining elements of existing programs to advance each capability, offer more proactive monitoring and develop strategies for Healthgrades’ products.

“We have created a strong foundation. At this stage, it is now all about measuring, learning and refining,” he says.

Challenges and satisfaction

It’s a given that Healthgrades will be growing the enterprise continually, as the nature of technology is to evolve.

With Healthgrades recently announcing its Customer Data Platform (CDP)—a product that provides additional data capabilities to clients—Wilson says that with innovation and advances in products there is also more scrutiny from a security and regulatory perspective; an exciting challenge to come.

Jay Wilson – Healthgrades Toggle Magazine

“The bar needs to be set high, or even higher than where we are today,” Wilson says. “The reality is that there is no shortage of bad actors on the black market and people on the prowl for illegally obtained medical records. That’s why what we do matters so much.”

With a deep technology and software engineering background, Wilson is equipped to combat the problem and relishes the task.

“There’s always room for improvement, but I get a lot of satisfaction in the process to improve operations and to reach another milestone,” Wilson says. “We have an amazing team and amazing clients. Security is a mindset. Our entire company is committed to all security efforts and that is what matters. For me it’s a journey, and the key areas I focus upon are exciting and impactful the more that I do.”

Published on: June 25, 2019



Showcase your feature on your website with a custom “As Featured in Toggle” badge that links directly to your article!

Copy and paste this script into your page coding (ideally right before the closing tag) where you want to display our review banner.


Alliant is very pleased with our experience working with the TrueLine Publishing team. We were not only impressed with the caliber of the whitepaper that was produced, but with the level of attention from the team we partnered with. They were very detailed oriented and I appreciated their follow up. They even offered to refresh the article and invited Alliant to participate in some of the design features. It is without reservation that I highly recommend other businesses partnering with this publication and I look forward to an opportunity to work with them again in the future.
— Katie Patterson, Director of Marketing, Alliant Technologies


Spring I 2024



  • * We’ll never share your email or info with anyone.
  • This field is for validation purposes and should be left unchanged.