Security Officers often focus on locking down their network, training their employees and securing their facilities. Yet the biggest security risk may be outside the organization. The 2017 Ponemon Institute Report (Data Risk in the Third-Party Ecosystem, September 2017) found that 56% of respondents experienced a data breach caused by one of their vendors. This is a 7% increase from the previous year.
How do you know that your vendors have a solid HIPAA security and compliance program in place to protect your data? Do you even know who your vendors are? Do you know how much data they have? Eagle Consulting Partners can assist with your data governance, prioritize vendors in terms of risk, and then validate the security, confidentiality, and compliance of these vendors.
According to HIPAA regulations, Covered Entities are generally responsible for – and bear the legal and financial impact of – a PHI data breach or security incident at one of their vendors.
Eagle uses multiple instruments to assess the security and compliance of your vendors. These instruments include inexpensive, evidence-based evaluations to more elaborate evaluations. We offer evaluations which require evidence of the organization’s security posture, and not merely the completion of a questionnaire.
For example, Eagle can confirm and document the vendor’s security protocols for data transmission, data-at-rest, and data handling, the presence of HIPAA Privacy and Security Policies and the presence of a HIPAA Security Risk Analysis. Additional activities can be included based on your situation.
Through this vendor security evaluation process, you can clarify expectations with your vendors, validate their security and compliance programs, partner with them to improve their security posture… or occasionally realize you might need to make a change for the good of your organization and the people you serve.
Build peace of mind and trust in your vendors. Contact us today to discuss tailored recommendations for your vendor management needs.