From clinical workflows to the revenue cycle, third-party vendors play a critical role in keeping healthcare operations running smoothly. But they also introduce risk that, too often, traditional TPRM methodologies and platforms fail to meaningfully reduce.
In 2026, shift your focus from managing questionnaires to reducing risk. Learn a practical approach to move your TPRM program beyond ineffective assessments and mountains of data to a true understanding of third-party dependencies and decision-ready outputs your organization can control.
Key takeaways include:
- Tailoring assessments to focus on actual usage, data flows, and dependencies rather than relying on vendor-level scores
- Utilizing “compelling events” (such as onboarding new vendors, contract renewals, expansions, or incidents) to prompt action for existing vendors
- Generating decision-ready outputs that translate assessment efforts into measurable risk reductions
About the presenter
Mark Ferrari
Vice President, Risk and Governance
Fortified Health Security
Mark has a proven record of guiding cybersecurity strategy for healthcare, joining Fortified through the acquisition of his healthcare-focused cybersecurity firm, Latitude. Prior to that, he brought executive insight and hands-on expertise to his roles as EVP at a cybersecurity consultancy and CISO at a software development and consulting company.
Brian Tucker
Director of Risk and Governance Services
Fortified Health Security
Brian Tucker is Director of Risk and Governance Services at Fortified Health Security, an information security managed services organization dedicated to healthcare. He began his career at Latitude Information Security, advising providers on real-world cybersecurity challenges. Brian brings a technical foundation in networking and cybersecurity and partners with Fortified clients to strengthen governance, reduce risk, and steadily mature their security programs.