“A Few Steps for Better Vendor Management: A Lifecycle Approach to Vendor Security”

Beckers logo

Written by Mac McMillan for Becker’s Hospital Review

CynergisTek CEO, Mac McMillan recently wrote an article for Becker’s Hospital Review to provide guidance for Covered Entities (CEs) when it comes to managing their vendors now that the Omnibus requires them to hold their Business Associates (BAs) accountable. McMillan states that you have to perform the necessary and appropriate due diligence with all vendors that handle PHI. He provides several practical tips that can help providers implement a lifecycle approach.

Where to start


Maintenance and Monitoring

When Incidents Happen
Covered entities have to take an active role in managing their business associates and their processes. Business associate agreements need to be clearly defined and vendor specific, no more “blanket BAAs”. Additional guidance is expected in the coming months regarding how to apply minimal necessary and the accounting for disclosure rule.  This information will need to be included in BAAs and the vendor management process.  McMillan concludes with, “No matter how you slice it, vendors are both integral to the industry’s success and critical to achieving compliance.”
Click here to read the full article in Becker’s Hospital Review