Healthcare organizations increasingly rely on vendors, suppliers, and other third parties to facilitate billing, data management and infrastructure, and other clinical services. With the volume of electronic medical data traveling across these third parties, healthcare organizations are facing unprecedented risk. Various industry reports indicate that more than 50% of all data breaches have occurred at a third-party site.
While the HIPAA Omnibus Rule significantly broadened the definition of a third-party business associate and shifted liability to the third-party business associate, ultimately, the covered has a responsibility to ensure the privacy of their patients. Additionally, the results of the Office of Civil Rights (OCR) health information audit pilot program in 2012 revealed that the vast majority of the audited organizations had failed to implement sufficient privacy and security measures to ensure data security internally and with their third-party business associates. With the OCR Audit program set to resume in the fall of 2014, healthcare organizations should expect greater scrutiny on the thoroughness of HIPAA security risk assessments, as well as implemented privacy and security controls necessary to ensure protected health information is safe and secure both internally and among third-party business associates.
Since 2004, Prevalent has enabled healthcare organization to mitigate the risks of a data breach, ensure compliance with ever-increasing healthcare privacy regulations, and lay the foundation for a robust third-party risk management program.
Prevalent Vendor Risk Manager (PVRM) allows healthcare organizations to better manage and monitor risks posed by third and fourth-party business associates. The solution automates the collection of third-party information in a secure and scalable way, helping better understand the risks of your data supply chain. In addition, PVRM 3.0 now integrates with Prevalent’s newest product, Prevalent Vendor Threat Monitor, enabling you to leverage dynamic, real-time vendor risk information collected from external sources; enabling better visibility and monitoring between your assessments.