KLAS Evaluates Healthcare Cybersecurity, Data Privacy Consulting Vendors

August 25, 2022 - More healthcare organizations are engaging with healthcare cybersecurity and data privacy consulting vendors to help mitigate risk and avoid the numerous repercussions of healthcare cyberattacks, data breaches, and HIPAA violations, a new KLAS report noted.

Researchers asked healthcare professionals about the security and privacy consulting vendors that their organizations worked with and how satisfied they were with vendor relationships, services, operations, and value.

Respondents reported being highly satisfied with First Health Advisory and Impact Advisors in particular. Healthcare professionals also reported improved executive involvement within Clearwater and CynergisTek, the latter of which recently entered into an agreement to be acquired by the former.

Other assessed vendors included tw-Security, Intraprise Health, Guidehouse, Fortified Health Security, and Meditology Services.

First Health Advisory was depicted as a responsive and engaged business partner, whose clients utilize its services for IoMT device assessments and security program development and assessments. Impact Advisors was the 2022 Best in KLAS winner for security and privacy consulting services, and all respondents said that the firm exceeded their expectations.

“Clients consistently report a collaborative relationship with the firm and say the consultants are high quality and well incorporated into the organization,” the report stated.

Clients of Clearwater and CynergisTek separately experienced a decline in executive involvement in past years, prior to the acquisition. However, clients of both firms reported increased satisfaction and increased engagement from executives in this year’s report.

Similarly, tw-Security clients reported consistent involvement by executives. The most dissatisfied response came from a large healthcare organization that noted that the firm is a better fit for smaller organizations.

“Among firms in this high-performing market, Intraprise Health and Meditology Services receive the lowest overall scores,” KLAS stated.

“Half of the Intraprise Health respondents feel the firm does not exceed expectations, often because the assessment staff seemed inexperienced or didn’t offer guidance. Similarly, a few respondents cite staff turnover and limited staff availability.”

Researchers were unable to gain a consistent assessment of Meditology Services. The sample size included a few highly satisfied clients, along with two highly dissatisfied clients.

“Additionally, there is mixed feedback around the firm’s staff, with some clients highlighting quality partnerships and others saying turnover has forced them to work with inexperienced people,” the report found.

“These complaints, in addition to one report of poor executive involvement that resulted in a lower-quality deliverable, are why respondents score Meditology ’s ability to exceed expectations below average.”

The percentage of clients who reported that Fortified Health Security exceeded expectations increased by 20 percentage points compared to last year. Respondents emphasized the firm’s strong partnerships and healthcare cybersecurity expertise.

Overall, clients of all firms reported varying experiences dependent on organization size, executive involvement, and return on investment. As healthcare organizations continue to rely on third-party vendors for security and privacy, strong vendor relationships are becoming even more crucial.