Quote Icon

Every single member of the Meditology Cloud Team is very helpful and very knowledgeable.

Technical, sound knowledge makes it easy. They are Professional, Trusted, Knowledgeable, Helpful, Communicative, and Personable, and give frequent, on-time status.

Security Architect

Data-driven technology to maximize outcomes for healthcare systems.

 
Quote Icon

I got comments from our VPs that the Meditology pen test engagement was by far an improvement over what we have had in the past.

Very high marks on the deliverables and the process was smoothly run and predictable. The VP and CIO out-brief delivered was at the right level and they were comfortable with the detail.

CISO

A unified health system of hospitals, labs, and physicians located in Maine.

 
Quote Icon

Unequivocally yes, Meditology made a positive contribution to our business – full marks, 5.0 out of 5.0.

They are highly technical auditors who also understand strategy. The team even brought on their cloud experts at the right time during our SRA, which takes a level of humility to do, to know when you know and when you hit your limit and need an expert. They minimized the scrap and rework I have seen on other SRA projects with other firms.

Lead Information Security Risk Manager

Digital-first health service provider and value-based care company combining an AI platform with virtual clinical operations for patients.

 
Quote Icon

Our satisfaction with Meditology speaks to the fact that we call you over and over again.

We wouldn’t do that if we weren’t very satisfied.

Director, Cyber Security

Not-for-profit children's healthcare system in the South.

 
Quote Icon

The Meditology Team has built trust with me. I don’t have an issue calling or emailing for clarification or to find out from them, “what does the expert say?”

The Meditology Team helped clarify questions for our M&A team during this due diligence penetration assessment.

Executive Director, Information Security

Major metropolitan Southeast integrated healthcare system.

 
Quote Icon

The value of partnering with Meditology on our HITRUST Certification is very high. Besides the fact that it’s required to use a 3rd party, Meditology is managing the project in a way I cannot while also doing the work at the same time.

The Team is excellent. Project management has been key for this HITRUST engagement. They follow through and our status meetings help, and the reporting for NY State is critical as well.

CISO

A Public Health Information Exchange based in NYC

 
Quote Icon

It’s very valuable having Meditology do our M&A Due Diligence Security Risk Assessments.

We have to do them, and as fast as they are coming to us, we have to have (Meditology's)  support to achieve that.

Manager, Information Security GRC

Major metropolitan Southeast integrated healthcare system.

 
Quote Icon

The Meditology Team made a positive contribution to our business. It was a great experience working with the team, they are very knowledgeable and gave the feedback we needed to meet objectives.

The team was very communicative and personable. And they were able to work with our joint venture partner too with the overlap of responsibilities; they knew what to ask them and it would have been difficult for us to manage that and be in between.

CISO

A primary care facility with the shared purpose of redefining the traditional health care experience

 
Quote Icon

I don’t have as much experience on the security side so having Meditology people who have gone through SOC 2 etc. to guide us has been very helpful.

We’ve gotten more done in the last couple of months with Meditology vCISO services than when I had an internal resource. It’s very valuable.

Vice President, Information Technology

The largest transcription services provider in the country

 
Quote Icon

Our satisfaction with Meditology speaks to the fact that we call you over and over again.

We wouldn’t do that if we weren’t very satisfied.

Director, Cyber Security

Not-for-profit children's healthcare system in the South.

 
Quote Icon

Meditology came to us recommended by our members and is well-respected in its service community.

As a health information exchange (HIE), we are a highly customer-focused organization – and we recognize this same orientation in a consulting partner. Meditology came to us recommended by our members and well-respected in its service community. They were readily able to evaluate our policy and security framework, and identify areas of key focus. We particularly appreciated their knowledge around HIPAA and our statewide HIE. With their help, we created an entire array of organizational policies. Meditology also conducted a security assessment that demonstrated we had appropriate safeguards in place for robust exchange. This has helped assure our member hospital/health systems, healthcare insurers, and ambulatory practices. Naturally, the effort has had an important influence on our service procedures. We look forward to continued work with Meditology for our consulting and ongoing risk-assessment needs.

Daniel Wilt

Senior Director of Information Technology and Chief Information Security Officer, HealthShare Exchange of Southeastern Pennsylvania

. . . . . . . . . . .

 
Quote Icon

I rate our relationship with Meditology a 5 out of 5.

On our Ethical Hacking engagement, everyone was extremely professional and I was very comfortable with the communication and appreciated the knowledge they had. I really enjoyed working with them and would want to work with them again.

Chief Information Officer

Health System on the East Coast

 
Quote Icon

Dartmouth-Hitchcock has partnered with Meditology Services since 2012.

Over that period of time, they have helped with multiple projects, both large and small, repeatedly delivering as promised. We have come to trust their insights regarding regulatory issues and their vast experience of the healthcare industry when developing security policies, strategies and budgets. We regularly use their ethical hacking skills to test the effectiveness of our security program.  In summary, they have earned our trust and become an integral part of our security toolset.

Peter Merrill

Director of Information Systems, Dartmouth-Hitchcock Medical Center

. . . . . . . . . . .

 
Quote Icon

We have been a repeat Meditology customer for 4 years

in InfoSec Risk Assessments and Ethical Hacking engagements because of the depth of experience they bring and the value they add. The Meditology Team always jumps in as partners with us.

CISO

Large Healthcare System on the East Coast

 
Quote Icon

Meditology was nothing but professional from start to finish for the project with McLaren.

We outsource our IT services and they worked closely with us, and the vendor, to collect required documentation, they accepted input from both sides and explained their conclusions once findings were verified. The team's project time lines, status reports, and weekly follow up calls kept us all on track for a timely completion. Meditology addressed the significant risk areas in a straightforward manner without making respondents feel defensive, and they freely offered information about industry best practice. The team has definitely won the confidence of our Executive group and expect we will be asking Meditology for more work in the future.

Denise Dach

Corporate Director of Compliance, McLaren Health Care

. . . . . . . . . . .

Service LinesHIPAA & OCR Compliance

 
Quote Icon

I felt a strong sense of partnership right from the beginning.

Meditology is competent and knowledgeable about who we are and how we are trying to achieve our HITRUST Certification goals, and that’s a big part of success.

CISO

One of the Nation's Largest Healthcare Payors

 
Quote Icon

We chose Meditology mainly for their demonstrated knowledge and understanding of HIPAA, ARRA/HITECH and established security standards.

They were unfailingly professional throughout the information gathering and data gathering processes, kept to their timeline and verified the results that they found. The reports produced were accurate and easy to understand, with appropriate benchmarking to other health care organizations and the security industry as a whole. Most importantly, they provided concrete and achievable suggestions to help mitigate the risks identified.

 

Barbara Anson

CISO, Baptist Memorial Health Care Corporation of Memphis, TN

. . . . . . . . . . .

 
Quote Icon

We have done several Hacking engagements over the years and this was the most straight forward and best one we’ve had.

We got a well-executed pen test and the ability to take crisp action items that gives us a head start versus list of findings we have to interpret.

CISO

Award Winning Academic Medical Center

 
Quote Icon

It was vitally important that I had a complete sense of confidence in Meditology’s ability to successfully deliver this project without impacting clinical care.

As I learned more about Meditology’s deep technical skills and multiple prior experiences working in healthcare environments similar in size and complexity to Grady, my sense of confidence in Meditology grew. The project was delivered on-time and on-budget, and exceeded my expectations based on the thoroughness and care of the approach, and the quality of the reporting. Meditology was able to achieve each of the engagement objectives, and their report provided a comprehensive picture of Grady’s security posture. I plan to work with Meditology in the future and look forward to similar success.

Michael Francis

Executive Director, Infrastructure Services & ISSO, Grady Health System, Georgia

. . . . . . . . . . .

Service LinesHIPAA & OCR Compliance

 
Quote Icon

A significant value already imparted is Meditology’s knowledge and experience in Information Security and Privacy Policy Development.

They took what we had, it was a lift, but they organized it first-off according to what standard P&P should be, the format, and what best practices are, and into a roadmap that follows industry best practices. I wasn’t telling them what it should be – they had it. As we have been going through and asking questions and for opinion, it’s been provided and immediately imparted based on their experience, calling it like it is with experience and knowledge.

Executive Operating Officer

Large Health Information Exchange in the South

 
Quote Icon

100% satisfaction with the Meditology ethical hacking team.

Extremely adaptable. Tracking sheet deliverable was very helpful. Classic example of vendor coming in and working with a company by modifying to meet our criteria. Testing was done really well. Very impressed, every ask we had Meditology Team found a way to get it done.

Sr. IT Project Manager,

Large Healthcare Payer Organization with Multi-hospital Health System

 
Quote Icon

The Med Device Security Assessment service was very valuable: 5 out of 5 rating.

We’ve been trying to get a foothold, traction, and focus on our BioMed security program and this was the way to kick-start it, to do it. The Assessment has a lot of good information in it and is outlined in a way that makes it understandable to Executive Team and to senior leadership. We are using the Final Report to form an action plan to address high-risk findings and to move our program forward.

CISO

Large Health System on the West Coast

 
Quote Icon

We are a small, women-owned business and going to SOC2 Certification was a big step for us.

A lot of the companies Meditology works with are larger than us but our Meditology team was very accommodating and made the process work for us versus being Draconian. And they took the time to learn our business and improve our security posture. We are continuing to work with Meditology on HITRUST next and that’s why.

CISO

Healthcare Data Services Organization

 
Quote Icon

I want to thank your team for helping us during this time.

The way the Meditology PCI Certification Consulting Services was so beneficial to me is that our qualified assessor is actually not as qualified on technologies and components, and it can take a lot of time out of my schedule. As the CISO, I don’t have time to explain that to someone; it would be a significant impact on our business. I rate Meditology PCI Certification Consulting Services a 5 out of 5 on Value because not only is the process and the structure smooth but they helped with education of that assessor which had an indirect impact on revenue.

CISO

Telephonic Software Analytics Company

 
Quote Icon

“You don’t know what you don’t know”

What Meditology brought to the table during our Ethical Hacking engagement was of exceptional value to our organization.

Information Services Security Manager

Large Health System in Texas

 
Quote Icon

We have been a repeat Meditology customer for 4 years

in InfoSec Risk Assessments and Ethical Hacking engagements because of the depth of experience they bring and the value they add. The Meditology Team always jumps in as partners with us.

CISO

Large Healthcare System on the East Coast

 
Quote Icon

The Meditology Team is 5-star.

We scheduled a call prior to the Pen Test, then pretty much let them go and tell us what they could find. We had everything scheduled in advance and coordinated, stuck to timelines. Good follow-up and discussions around the findings. And we took some actions and additional steps based on the findings to remediate these issues.

Manager

IS Info Security, Large Midwest Health Insurer

 
Quote Icon

What Meditology is doing is great, experience is great, and I’ve worked with their competitors before.

Meditology has a great team who are very friendly and overall my experience with the Cloud Security Controls Review project is great.

Head of Privacy and Information Security

Provider of Remote Medical Documentation

 
Quote Icon

Value of the Meditology Hacking engagement

Value of the Meditology Hacking engagement is providing us with opportunities to decrease attacks and take findings and remediation items to make everything safer.

Information Security Engineer

Academic Medical Center in the Northeast

 
Quote Icon

The Meditology deliverables have been extraordinarily important.

Meditology brings insight into risk management processes that are very valuable. In addition to delivering a product, they facilitate collaboration and bring out the best in our team. Risk assessment content process and tool as well as great value in the risk engine. We like the people, the company, the flexibility, and we are very pleased.

Consultant

Business Risk Solutions, Very Large Multi-State Healthcare Provider

 
Quote Icon

I’m very satisfied with my Meditology Team on our HSOC 2 engagement; 5 out of 5-star rating.

The Team is very knowledgeable. Very professional team touching questions that are not easy and require knowledge like cloud-based environments and regulatory matters. They have much more knowledge than I and are very helpful. Questions are answered and we are not asked to just provide whatever for them to score. Communication is great; clear and constant reminders about the project schedule and deadlines.

Infosec Engineer

IT Technology Service Company

 
Quote Icon

The Meditology Team is 5-star.

Went into it expecting not to find a lot but at the same time expecting to find things I knew would come up, and they did, which is a good sign. We didn’t go down this road to just get a piece of paper – our customers want a 3rd party validation – we are very satisfied with the results.

Engineering Director,

Radiology Solution & Services Company

 
Quote Icon

Evidence of a positive contribution to our business.

Evidence of a positive contribution to our business is the fact that we use Meditology for all kinds of projects now. It’s proof that the relationship is working so well. And everyone is a great bunch of people to work with.

Deputy Security Officer

One of the nation’s largest and oldest hospitals devoted to the care of children.

 
Quote Icon

Meditology saw us all the way through as they always have,

we got our cert, they moved staff and timelines around, and they were very flexible in seeing us to the end. We were very happy with the deliverables. And A+ for getting us to the HITRUST Certification. We are satisfied, our Board and Execs are happy.

Director of Security

Software Development Company

 
Quote Icon

It’s rare that you deal with a vendor where everyone you deal knows their game.

From the first sales call onward, there was never a time where I thought anyone on the Meditology Team was less than excellent. Everyone knew what they were talking about and it made me feel good that they knew what they were talking about. No doubt they know the IT security space.

IT Architecture Security Lead

Large Academic Medical Center

 
Quote Icon

The Meditology Team helped improve our program maturity and achieve our HITRUST certification goal.

They guided us in what type of evidence to provide HITRUST, helped us organize all of that, and gave input to how we need to alter some of our P&Ps.

CISO

Large Public Health Information Exchange

 
Quote Icon

For the cost of the Ethical Hacking engagement and what we got, the value was exceptional.

Everything went very well, very smoothly.

CISO

Revenue Cycle Management Company

 
Quote Icon

Very satisfied with everything about our SOC2 Type II engagement with Meditology.

I thought it was very well organized and throughout the entire time the communication was really excellent. Everyone does a great job being detail-oriented and communicating very clearly. It has been a great experience.

CISO

Healthcare Data Services Organization

 
Quote Icon

if I could give a 10 rating, I would.

Where we sit now, the wins we’ve had and ability to demonstrate value has been absolute homeruns, 5 out of 5 rating. We would not be where we are today without this relationship. Meditology brings the brainpower to solve problems and provides us with a system and gives us a great starting point versus us creating from scratch.

Director in Business Risk Solutions

Very Large Multi-State Healthcare Provider

 
Quote Icon

Our Ethical Hacking engagement value was very good.

It was a strong effort, and will impact what we do going forward.

CIO

Not-for-Profit Healthcare Trade Association

 
Quote Icon

Meditology Security Risk Assessment is a great process,

a great product that comes out of it, and it’s educational and informative and gives me what I need to build on.

Director of Information Security

Medical Center in the South

 
Quote Icon

I am very satisfied with professionalism and knowledge base of the Team.

Definitely helped us to interpret a lot of the confusing HITRUST items. Plus, the Team was flexible on sliding timescales.

CISO

Large Public Health Information Exchange

 
Quote Icon

The Meditology Security Risk Assessment was a great experience for me.

I feel so much connection with the Team and plan to bring Meditology back for future assessments. Very pleased with what they have offered and how they managed the SRA and Cloud projects.

Head of Privacy and Information Security

Provider of Remote Medical Documentation

 
Quote Icon

We would rather Meditology than a hacker find any issues.

Things were found but also the engagement reinforced the need to take action on some items, and brought to light issues to our upper leadership team that we need to get some things in place; it expedited it.

Manager

IS Info Security, Large Midwest Payor

 
Quote Icon

Our SOC 2 Type II Attestation engagement has been organized and easy for us to send and share information.

When we’ve had questions, the Meditology team has been very helpful in clarifying things and flexible in how we provide information.

Project Manager

Technology Solutions Provider

 
Quote Icon

We have done security risk assessments with other competitor vendors for 6-7 years.

Compared, the Meditology Team did a great job. They are very professional and approached project in a very structured way and asked the right questions – it was impressive.

Head of Privacy and Information Security

Provider of Remote Medical Documentation

 
Quote Icon

Meditology is a name brand is the healthcare security assessment industry.

This year I wanted to move away from other vendors and give Meditology a chance – it really clicked with Meditology and the methodology they follow to complete the Cloud Security Controls Review project. The methodology is more in-depth and that’s a value I want our vendor to bring to the table. The Meditology name is well-accepted in the industry.

Head of Privacy and Information Security

Provider of Remote Medical Documentation

 
Quote Icon

I’m very satisfied with our Ethical Hacking engagement.

Great communication, great engagement, and Team was easy to work with.

Director of IT Ops

Healthcare Claims Management Company

 
Quote Icon

I felt like the Meditology Team were our employees and felt very connected.

They know their stuff, they come well-prepared and are knowledgeable and know what to ask and where to look.

Head of Privacy and Information Security

Provider of Remote Medical Documentation

 
Quote Icon

Very pleased with the ability of Meditology Team to communicate effectively with my Team.

They are people my team can talk to and get good answers and a trusting relationship with our assessor. Meditology saved us.

CEO

Large Health Information Exchange in the Northeast

 
Quote Icon

Meditology gave us exactly what we need to do to mature in this space.

The Medical Device Information Security Consulting Services gave us an assessment of our current state, brought us to an actionable roadmap, and then the full-on implantation plans – Meditology gave us exactly what we need to do to mature in this space. It’s very valuable.

Manger, InfoSec Risk

Community Health System in Atlanta

 
Quote Icon

I am very satisfied.

The Meditology Team is focused on healthcare which we are as well, they do a thorough job, and they came recommended to us by a major children’s hospital who are also very happy with them. This is the second year we’ve done Ethical Hacking with Meditology.

Global Information Security Officer & Data Protection Officer

Dental Software and Practice Management Company

 
Quote Icon

Particularly valued working with Meditology because of the expertise that has been brought to the questions we have.

We are a different beast as a university. Most vendors put us in cookie cutter mold, but you took time to understand how we were different and couched the assessment. That was valuable – making the product fit our work environment.

Director of HIPAA Compliance

Public Research University in New York

 
Quote Icon

Everybody on the Meditology Team has been above-board and excellent to deal with and very responsive.

We get a bit of a different team each year but it’s always consistent, which is what I need as a practitioner.

Director of Information Security

Medical Center in the South

. . . . . . . . . . .

Service Lines

 
Quote Icon

Meditology is knowledgeable.

It’s helpful to have a conversation with someone who has worked in the field and understands the challenges we have. We have open lines of communication in our weekly HIPAA Privacy Risk Assessment meetings. They are very personable, very easy to work with, and they have teams of people who have done this before; Meditology has dedication to having a team of SMEs who understand.

Assistant Privacy Officer

Large Health System

 
Quote Icon

I talked to Meditology last year, as they came highly recommended by other colleagues, and I wanted to bring Meditology in with our Executive Director.

I had a level of expectation when I brought the Team in. And I have not been disappointed. They are professional, very knowledgeable – and it’s very clear they know exactly what they are doing, what needs to be done, and have the content behind them to provide this service. You don’t have to worry about communication – they communicate and over-communicate.

Executive Operating Officer

Large Health Information Exchange in the South

 
Quote Icon

We learned there was an industry and Meditology benchmark and we were happy we had that data.

Meditology delivered on our ability to have a Roadmap going forward. For 10-15 years I have been involved in different clients and companies, and I like the Meditology SRA deliverable for the way the data was laid out and the graphics – was innovative.

IT Architecture Security Lead

Large Academic Medical Center

 
Quote Icon

The Meditology Team has been very responsive and very good.

We got an accurate and comprehensive assessment of our security risks and will use the deliverables as a “Roadmap.” The Team really knocked it out, all the interviews, evidence, got it all submitted – and the SRA Report is an accurate reflection of where we are.

Manager of Information Security

Large Not-for-profit Healthcare System, Health Plan, and Medical Group

 
Quote Icon

The value in our multi-year partnership with Meditology is high.

Very valuable to our organization. Team members are very valuable. We had conversations around GRC and HIPAA and some of the recent court rulings. And this didn’t have to be provided as part of the Security Risk Assessment.

Manager of Information Security

Large Not-for-profit Healthcare System, Health Plan, and Medical Group

 
Quote Icon

I rate this project a 5 “Exceptional Value.”

For what this effort was supposed to be, I thought it was good to have an outside perspective. Some internal teams may make assumptions and it is good to have an objective point of view. We learned a lot of useful insights from this whole effort and it was worthwhile. It gave us the perspective of changing our methods of assessing the practices which is valuable.

Security Consultant

Large Integrated Health Network

 
Quote Icon

It’s extremely valuable to have an outside firm do this work.

Compared to in-house where it would take 4 months and 100% of my time, it’s completely worth it – and I know how much work it is. It’s nice to have my concerns validated too.

Information Security Specialist

Large Pediatric Health System

 
Quote Icon

'Exceptional Value' rating.

We couldn’t have done our HITRUST Certification without the Meditology help and feedback, the Meditology Workbook, and looking at what we had in place and how to get there – and with as few CAPs as possible.

Director of Operations

Healthcare Technology Company Delivering SaaS Solutions

 
Quote Icon

I know about competitors providing service and most of them are like a filter that uploads to HITRUST what you give without advice.

But with Meditology advice, I know it will work. I can forget about it and it will work. It’s very important, reliable advice – a great value.

Infosec Engineer

IT Technology Service Company

 
Quote Icon

'Exceptional Value' rating.

Overall without Meditology would be very hard to get HITRUST Certified or would take a lot longer. We learned a lot and it’s been helpful to have Meditology as partner through this journey.

CTO

Healthcare Technology Company Delivering SaaS Solutions

 
Quote Icon

The Incident Response Tabletop Exercise engagement process was great.

Communication, logistics, deliverable – everything was of the highest quality. We use hundreds of vendors, I made the case to bring in Meditology and the output of this was exceptional.

Senior Manager

Information Assurance, Award Winning Academic Medical Center

 
Quote Icon

I’m very satisfied with my Meditology Team on our HSOC 2 engagement; 5 out of 5-star rating.

The Team is very knowledgeable. Very professional team touching questions that are not easy and require knowledge like cloud-based environments and regulatory matters. They have much more knowledge than I and are very helpful. Questions are answered and we are not asked to just provide whatever for them to score. Communication is great; clear and constant reminders about the project schedule and deadlines.

Infosec Engineer

IT Technology Service Company

 
Quote Icon

The Med Device Security Assessment service was very valuable: 5 out of 5 rating.

We’ve been trying to get a foothold, traction, and focus on our BioMed security program and this was the way to kick-start it, to do it. The Assessment has a lot of good information in it and is outlined in a way that makes it understandable to Executive Team and to senior leadership. We are using the Final Report to form an action plan to address high-risk findings and to move our program forward.

CISO

Large Health System on the West Coast

 
Quote Icon

We don’t have a med device program and for us to build it in the short time Meditology did would be impossible, and we don’t have the expertise or bandwidth.

Laid the foundation, know where our gaps are, have a non-bias deliverable to give to Execs to get money and funding to fully build program like this. I rate it a 5/5 and for the record, I am not an easy grader.

Security Analyst

Large Award-winning Physician-led Healthcare System

 
Quote Icon

The Meditology Team is always very responsive.

Very satisfied with the process and deliverables for the PCI assessment and ethical hacking engagement.

Manager Information Security GRC,

Large Integrated Health System in the South

 
Quote Icon

The Cloud Security Risk Assessment was a great experience for me.

I feel so much connection with the Team and plan to bring Meditology back for future assessments. Very pleased with what they have offered and how they managed the risk assessment and cloud projects.

Head of Privacy and Information Security

Provider of Remote Medical Documentation

 
Quote Icon

We were looking for a partner to assist us in taking our risk management program to a new level.

We chose Meditology because of their track record in healthcare and reputation in the region. Meditology's security operational experience, coupled with their knowledge of HIPAA, Meaningful Use, HITRUST, PCI and other security requirements was invaluable to help us map out our path forward. The project was professionally managed from start to finish and Meditology was able to effectively communicate with senior leadership to help us advance our program. We continue to look to Meditology to provide additional insight and assistance for security and privacy matters for our organization.

Interim CISO

Large Mid-Atlantic Health System

. . . . . . . . . . .

Service LinesHIPAA & OCR Compliance

 
Quote Icon

Throughout the readiness process, Meditology Services provided templates and recommendations for changes needed to meet HITRUST requirements.

As a provider of data analytics to health plans, it is essential that our firm demonstrate the highest levels of data security for our clients. We set a goal to achieve certification on the HITRUST security framework and sought out Meditology Services as a third-party security assessor to assist us. Throughout the readiness process, Meditology Services provided templates and recommendations for changes needed to meet HITRUST requirements. Their guidance, knowledge and professionalism was essential to our successful HITRUST certification. We are thrilled with their team and resources and look to leverage them for our future HITRUST assessments as well.

Matt Siwickie

Chief Information Security Officer, NextHealth Technologies