Enterprise Vendor Management, a Compliance and Information Security Strategy

213 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
213
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Enterprise Vendor Management, a Compliance and Information Security Strategy

  1. 1. Enterprise Vendor Management, a Compliance and Information Security Strategy In today’s business scenario, vendors play an important role in the success of a business. They are strategic partners who can help to boost the overall performance of the enterprise. Obviously, not every vendor can contribute to the business success. Therefore, organizations need to scrutinize the prospects before selecting a suitable vendor. However, it does not stop there. Even after selecting a vendor, effective vendor management is essential to ensure success. With the Omnibus Final Rule coming into effect on March 26, 2013, the Business Associates of a Covered Entity are also covered under applicable rules such as the Breach Notification Rule, HIPAA Security Rule, and HIPAA Privacy Rule. As per the rules, a Business Associate, as much as a Covered Entity must comply with the applicable standards, implementation specifications, and requirements with respect to electronic protected health information of a Covered Entity. This is necessary to ensure confidentiality, integrity and availability of all protected health information in physical or electronic form that a Covered Entity or a Business Associate may create, receive, maintain, or transmit. Failure to comply with any or all of the requirements of HIPAA/HITECH regulations may lead to monetary penalties up to $1.5 million per incident (with no upper limit), potential lawsuits, and criminal prosecution. Therefore, healthcare practitioners and providers collectively known as covered entities must need a vendor management solution to know how far their vendors and Business Associates have progressed in their compliance efforts. An IT Compliance Management solution helps to automate the security and compliance management process of all external vendors and sub-contractors. This helps covered entities to gain complete visibility and have control over the security and compliance posture of all their vendors. Vendor management for HIPAA/HITECH is a simple process: 1. Covered Entity completes a HI-SCAN (HI-SCAN is a quick technique that utilizes a simple-to-use, brief question set to determine the level of Business Associate security and compliance with HIPAA/HITECH regulations) 25-question assessment of all Business Associates that involves four steps: · · · · Input all Business Associates into the HI-SCAN tool Send the assessment to the Business Associates Business Associates answer the questions online Covered Entity reviews responses and generates a quick compliance report that identifies remedial actions 2. Pursue the high-risk exposure Business Associates with a full assessment Deploying a vendor management solution, thus, is a Vulnerability management that helps to quickly access and manage the security and compliance levels of an enterprise’s organization and its Business Associates. Related Links – HIPAA compliance management

×