Fortified Health Security, a leader in information security, compliance and managed services focused solely in the healthcare industry, has launched Third Party Risk Management to provide hospitals and healthcare organizations with a solution to managing third-party risks associated with business associate vendor relationships.
“Healthcare organizations committed to protecting patient data and managing IT risks should establish safeguards that extend beyond their own walls to include their third-party vendors,” said Dan L. Dodson, president of Fortified Health Security. “Whether you’re managing a few or hundreds of third-party vendors, this service streamlines the process to drive compliance, increase production and free valuable resources while better managing third-party risk.”
The Omnibus Rule made significant changes to HIPAA regulations. It clarified that anyone hired to do work for or on behalf of a covered entity (CE) can fall into the business associate (BA) category if they create, receive, transmit or maintain protected health information for a provider. More importantly, it made BAs liable for compliance with the HIPAA Security Rule and certain provisions of the Privacy Rule. As a result, providers need to have an effective vendor management program in place and document greater due diligence.
“Managing business associates is complex and requires multiple stakeholders across the entire health system,” said Dodson. “Third Party Risk Management is a critical component of managing risk and should be part of each covered entity’s cybersecurity program.”
While not all business associates represent the same level of risk, Third Party Risk Management may be scaled to coordinate and manage any number of third-party relationships.
Learn more here.