Vendor Risk Management Through Secured Access

Healthcare relies heavily upon its business associates and third-party vendors to ensure seamless transactions, bolster care quality, and other processes. Covered entities employ systems to support access to data. In doing so, vendors actually increase risks to provider organizations when those access points and contractual relationships aren’t properly managed. As healthcare has continued to be a prime target for hackers, as well, the use of those digital environments needs to be protected to ensure providers aren’t exposing their organization to HIPAA compliance issues, security incidents, or even a breach of patient data (PHI). As the Vice President of Assurance Strategy & Community Development for HITRUST, Mike Parisi has extensive experience with third-party assurance reporting, such as HITRUST readiness and certification, Agreed Upon Procedure, and customized AT-101 engagements. He’s led more than 500 controls-related engagements, primarily in the health and financial service industries. During this presentation, Parisi outlines the challenges of vendor risk management, while focusing on the benefits and drawbacks of various identity access methods. He’ll also highlight the increasing need for vendor privileged access management. Learning Objectives: - Outlining the risks third-party vendors and business associates pose to health delivery organizations - Identifying best practices for successfully building and assessing vendor risk management - Detailing steps to implementing secure access for vendors, including contracting, privileged access management, and other security policies and tools