The last few years third-party vendor risk management (TPRM) has transitioned from being a relatively minor part of security and compliance programs for healthcare entities into a massive undertaking with potentially dire consequences if not managed properly. This is one of those topics that seems to really have CISOs shaking in their boots.
What makes third party vendor risk so scary? Why are security leaders having nightmares?
Join us for this episode of the CyberPHIx podcast where we hear from James Ballou, Chief Information Security Officer for North American Partners of Anesthesia.
James shares insights from his extensive experience managing security teams and third-party risk management programs for leading healthcare organizations.
Topics covered in this session include:
- What makes third-party vendor risk management so scary for healthcare cybersecurity and risk professionals?
- Regulatory requirements related to third-party vendor risk management including HIPAA and state laws
- OCR enforcement of third-party business associate compliance mandates
- Third-party vendor risk governance best practices and models
- The implications for vendors that acquire certifications including HITRUST, SOC 2, and ISO
- The limitations of questionnaire-based vendor assessment models
- Best practices for strategic and operational management of third-party vendor risk management programs in healthcare
- The future of third-party vendor risk management