Providers and other covered entities rely heavily on third-party vendors and other business associates to provide seamless care transactions. However, the need for greater data access expands the threat surface and increases risk when those access points and contractual relationships aren’t properly managed.
As healthcare continues to be a prime target for hackers, digital environments need to be protected to ensure providers aren’t exposing their organization to HIPAA compliance issues, security incidents, or even a breach of patient data. Vendor management refers to both ensuring security standards are included in the contracting process, creating a complete data inventory, and identifying just who has access and when.
As the Executive Director of Information Security and Compliance at IU Health, Mitchell Parker, MBA, CISSP, focuses on addressing the business needs of Information Security across the organization, contract and vendor management, risk management, and researching and developing security controls for emerging technologies.
Learning objectives
- Identify the risks posed by third-party vendors, from contracting to risk assessments.
- Define the importance of vendor privileged access management.
- Outline the best practices to identify, assess, and prioritize vulnerabilities, and pick the right security tools to support the process
- Describe the differences between managing network access for internal vs. third-party vendors