Nation’s Health CISOs Take Lead to Manage Third-Party Risk
By a
Members of the Council observed their supply chains are filled with third parties who support the care delivery process and require access to patient information. Properly vetting and monitoring these third parties is a major challenge, and in some cases, insurmountable for many organizations who simply don't have the expertise or resources. Through innovation and industry leadership, the
"Health systems and other providers need to be more active in assessing and monitoring risks posed by third parties to protect patient information while delivering effective care," says
Lehmann says third parties may have a small number of customers or possibly hundreds or thousands to serve. For third parties, this challenge has resulted in lost time and resources in attempting to comply with each organization's risk management requirements and ensure efficiency for both parties.
The council is working with the HITRUST CSF® and its assurance programs for this initiative to better manage risk. The organizations on the council have each independently decided to require their third-party vendors to become HITRUST CSF Certified within the next 24 months. The HITRUST CSF Certification will serve as their standard for third parties providing services that require access to patient or sensitive information and will be accepted by all the council's organizations. The HITRUST CSF Assurance Program is already the most widely adopted assessment approach used by healthcare organizations and used by third parties to evaluate and communicate their information privacy and security posture. HITRUST will continue to work closely with council members and their organizations to ensure its programs are the hallmark for the industry.
"Our patients expect us to not only deliver robust healthcare to keep them healthy, but also to preserve the trust they have in us by safeguarding their sensitive data. When our patients' sensitive data is shared with our third parties, it's important that we have adequate controls in place. By aligning our third parties' controls to HITRUST CSF, a leading industry framework that evolves with the changing cyber landscape, our customers feel more confident their sensitive data is in good hands," says
"We believe the healthcare industry as a whole, our organizations and our third parties will benefit from a common set of information security requirements with a standardized assessment and reporting process," says
Council member organizations have each announced they will accept HITRUST CSF Certification in lieu of a separate assessment, questionnaire, audit or certification report.
Keywords for this news article include: HITRUST,
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2018, NewsRx LLC
Recent Findings from Diagnostica Stago Advance Knowledge in Health Insurance (Environmentally Overburdened Gulf State Residents Lack Access to…
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News