Meditology provides consulting services to assist healthcare organizations address pressing IT and Risk Management challenges.

Vendor Security Risk Management

Your organization is ultimately responsible for safeguarding Protected Health Information. Performing due diligence on vendors who will have access to your patient’s PHI is critical. There are significant penalties associated with breaches of PHI, including fines for non-compliance, the costs of notification in the event of a breach of PHI, and the potential for reputational damage.

Vendor Security: The Unlocked Backdoor to Healthcare Data

  • The majority of healthcare vendors lack minimum security practices, well short of HIPAA standards
  • Healthcare organizations are often unaware of how many of their vendors have access to protected health information
  • There are an overwhelming number of small and niche healthcare vendors for organizations to manage
  • Healthcare organizations do little to gain assurances or enforce security requirements for vendors

Meditology can help your organization develop and improve your Business Associate and Vendor Security Risk Management (VSRM) to address the following areas:


Decision Support

Quickly and efficiently identify high risk vendors by focusing resources on those vendors that present the least confidence in their ability to prevent a breach of your organization’s PHI

Risk Remediation

Define and enforce security remediation activities for vendors that present the least confidence based on quantified risk

Satisfy Compliance

Easily scale your VSRM program to demonstrate due diligence for all vendors