In less than two years, healthcare vendors that are classified as a business associate have reported potentially exposing over 3.6 million personal health records.* Healthcare providers need to understand how their vendors manage protected health information (PHI). Because of this and regulatory requirements, providers should have an effective vendor management program in place and document greater due diligence. Providers can achieve this with Vendor Security Management.
CynergisTek’s Vendor Security Management program will evaluate and monitor vendors on a regular and ongoing basis and hold them accountable for requirements your organization identifies or assigns as remediation. CynergisTek will evaluate each vendor’s level of risk, require them to attest to their compliance with HIPAA, and determine which protections are in place so your organization can make a determination around how to adjust your contracts, service levels, or your overall relationship. CynergisTek will then actively monitor each vendor, communicate the security gaps identified, and alert the covered entity on any changes to the vendor’s status over time. All associated risks, questions, and documents are maintained and included in regular vendor status reports.
Documenting this information is necessary to demonstrate due diligence in any investigation or compliance review. The end result will alleviate the challenges and manual process of managing multiple vendors and documenting your organization’s due diligence when it comes to demonstrating compliance with HIPAA regulations.
CynerigsTek’s Security Risk Assessment Tool (RiskSonar) can be used to alleviate manual processes and streamline the assessment workflow.
*Office for Civil Rights Breach Report (August 2017)