Third parties (both vendors and business partners) with access to an organization’s Protected Health Information (PHI) and/or Personally Identifiable Information (PII) can put your organization at risk of a data breach. Until recently, Third-Party Risk Management (TPRM) has been primarily treated as a compliance and contract approval “checkpoint,” something to check off the to do list of your procurement process with some level of diligence. But with more frequent and complicated cyberattacks, organizations need to implement effective TPRM programs that truly identify, manage and mitigate security risks.
REGISTER HERE to join Intraprise Health & Westchester Medical Center on November 14 @ 1pm EST as we discuss how to structure a robust, best-practices driven security program that delivers a high degree of Validation and Assurance.
Topics we will address include:
Alignment with legal, procurement and other supply chain partners
Healthcare-specific Tiering Models
Profiling your Third Parties with applicable regulatory requirements and security risk controls
More effectively managing the dreaded “security questionnaire”
Effective ways to share the work effort with your Third Parties
Creating a continuous process not a “one-and-done” milestone event
Ongoing management of known third-party risks (post-assessment)
Decreasing the timeframe for assessment completion
Embedding Validation and Assurance in your TPRM process