Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Enterprise Vendor Management, a Compliance and Information Security Strategy
In today’s business scenario, vendors play an...
Upcoming SlideShare
Loading in …5
×

1

Share

Download to read offline

Enterprise Vendor Management, a Compliance and Information Security Strategy

Download to read offline

Enterprise Vendor Management, a Compliance and Information Security Strategy

  1. 1. Enterprise Vendor Management, a Compliance and Information Security Strategy In today’s business scenario, vendors play an important role in the success of a business. They are strategic partners who can help to boost the overall performance of the enterprise. Obviously, not every vendor can contribute to the business success. Therefore, organizations need to scrutinize the prospects before selecting a suitable vendor. However, it does not stop there. Even after selecting a vendor, effective vendor management is essential to ensure success. With the Omnibus Final Rule coming into effect on March 26, 2013, the Business Associates of a Covered Entity are also covered under applicable rules such as the Breach Notification Rule, HIPAA Security Rule, and HIPAA Privacy Rule. As per the rules, a Business Associate, as much as a Covered Entity must comply with the applicable standards, implementation specifications, and requirements with respect to electronic protected health information of a Covered Entity. This is necessary to ensure confidentiality, integrity and availability of all protected health information in physical or electronic form that a Covered Entity or a Business Associate may create, receive, maintain, or transmit. Failure to comply with any or all of the requirements of HIPAA/HITECH regulations may lead to monetary penalties up to $1.5 million per incident (with no upper limit), potential lawsuits, and criminal prosecution. Therefore, healthcare practitioners and providers collectively known as covered entities must need a vendor management solution to know how far their vendors and Business Associates have progressed in their compliance efforts. An IT Compliance Management solution helps to automate the security and compliance management process of all external vendors and sub-contractors. This helps covered entities to gain complete visibility and have control over the security and compliance posture of all their vendors. Vendor management for HIPAA/HITECH is a simple process: 1. Covered Entity completes a HI-SCAN (HI-SCAN is a quick technique that utilizes a simple-to-use, brief question set to determine the level of Business Associate security and compliance with HIPAA/HITECH regulations) 25-question assessment of all Business Associates that involves four steps: · · · · Input all Business Associates into the HI-SCAN tool Send the assessment to the Business Associates Business Associates answer the questions online Covered Entity reviews responses and generates a quick compliance report that identifies remedial actions 2. Pursue the high-risk exposure Business Associates with a full assessment Deploying a vendor management solution, thus, is a Vulnerability management that helps to quickly access and manage the security and compliance levels of an enterprise’s organization and its Business Associates. Related Links – HIPAA compliance management
  • eGestalt

    Feb. 7, 2014

Views

Total views

271

On Slideshare

0

From embeds

0

Number of embeds

1

Actions

Downloads

2

Shares

0

Comments

0

Likes

1

×