Nation’s Health CISOs Take Lead to Manage Third-Party Risk
Recommend approach to manage third-party risk and streamline supply chain ecosystem
Members of the Council observed their supply chains are filled with third parties who support the care delivery process and require access to patient information. Properly vetting and monitoring these third parties is a major challenge, and in some cases, insurmountable for many organizations who simply don’t have the expertise or resources. Through innovation and industry leadership, the
“Health systems and other providers need to be more active in assessing and monitoring risks posed by third parties to protect patient information while delivering effective care,” says
Lehmann says third parties may have a small number of customers or possibly hundreds or thousands to serve. For third parties, this challenge has resulted in lost time and resources in attempting to comply with each organization’s risk management requirements and ensure efficiency for both parties.
The council is working with the HITRUST CSF® and its assurance programs for this initiative to better manage risk. The organizations on the council have each independently decided to require their third-party vendors to become HITRUST CSF Certified within the next 24 months. The HITRUST CSF Certification will serve as their standard for third parties providing services that require access to patient or sensitive information and will be accepted by all the council’s organizations. The HITRUST CSF Assurance Program is already the most widely adopted assessment approach used by healthcare organizations and used by third parties to evaluate and communicate their information privacy and security posture. HITRUST will continue to work closely with council members and their organizations to ensure its programs are the hallmark for the industry.
“Our patients expect us to not only deliver robust healthcare to keep them healthy, but also to preserve the trust they have in us by safeguarding their sensitive data. When our patients’ sensitive data is shared with our third parties, it’s important that we have adequate controls in place. By aligning our third parties’ controls to HITRUST CSF, a leading industry framework that evolves with the changing cyber landscape, our customers feel more confident their sensitive data is in good hands,” says
Goal of the
The
“We believe the healthcare industry as a whole, our organizations and our third parties will benefit from a common set of information security requirements with a standardized assessment and reporting process,” says
Council member organizations have each announced they will accept HITRUST CSF Certification in lieu of a separate assessment, questionnaire, audit or certification report.
*The founding member organizations for the
-
Allegheny Health Network -
Cleveland Clinic -
University of Rochester Medical Center - UPMC
-
Vanderbilt University Medical Center -
Wellforce/Tufts University
Learn more about the council and how your organization can utilize its policies and practices at
About the
Representing Chief Information Security Officer from leading health systems and hospitals, the
About HITRUST
Learn more at www.hitrustalliance.net.
View source version on businesswire.com: https://www.businesswire.com/news/home/20180829005255/en/
For HITRUST
[email protected]
or
For the
[email protected]
Source: HITRUST
Lincoln Investment to Offer eMoney Advisor as Part of its Technology Offering for Advisors
Tanita Launches “Tanita Health Program” across the US
Advisor News
- CFP Board appoints K. Dane Snowden as CEO
- TIAA unveils ‘policy roadmap’ to boost retirement readiness
- 2026 may bring higher volatility, slower GDP growth, experts say
- Why affluent clients underuse advisor services and how to close the gap
- America’s ‘confidence recession’ in retirement
More Advisor NewsAnnuity News
- Insurer Offers First Fixed Indexed Annuity with Bitcoin
- Assured Guaranty Enters Annuity Reinsurance Market
- Ameritas: FINRA settlement precludes new lawsuit over annuity sales
- Guaranty Income Life Marks 100th Anniversary
- Delaware Life Insurance Company Launches Industry’s First Fixed Indexed Annuity with Bitcoin Exposure
More Annuity NewsHealth/Employee Benefits News
- Researchers at Eli Lilly and Company Target Migraine [The Role of Income and Health Insurance on Migraine Care: Results of the OVERCOME (US) Study]: Primary Headache Diseases and Conditions – Migraine
- Access Health CT Adds Special Enrollment Period For New State Subsidy
- Trademark Application for “EVERY DAY, A DAY TO DO RIGHT” Filed by Hartford Fire Insurance Company: Hartford Fire Insurance Company
- Researchers at City University of New York (CUNY) Target Mental Health Diseases and Conditions (Impact of Medicaid Institution for Mental Diseases exclusion on serious mental illness outcomes): Mental Health Diseases and Conditions
- Reports Outline Health and Medicine Findings from Jameela Hyland and Colleagues (Embedding Racial Equity in a Health Access Campaign in New York City: The Importance of Tailored Engagement): Health and Medicine
More Health/Employee Benefits NewsLife Insurance News