Title: Feeling in Control with Vendor Privacy Assessments
Date: Thursday August 30, 2018
Time: 01:00 PM Eastern Daylight Time
Duration: 1 hour
Feeling in Control with Vendor Privacy Assessments
After August 30, 2018, check back to sign up for the On-Demand Replay!
Do you have sleepless nights filled with the worry that a breach at your organization is on the horizon? Are you wondering if you have done enough to protect your patients? Are files of protected health information going out the door to vendors you don’t know exist? The infamous vendor breaches of Facebook, Equifax, ExpressScripts and Nuance have turned the spotlight on vendor data privacy and its impact on securing personal information. Healthcare organizations have an obligation to inventory and mitigate the risk of sharing confidential information with their vendors and Business Associates, but the task can seem overwhelming. Join this webinar to gain a better understanding of the importance of vendor privacy assessments as a part of a holistic risk management program and the next steps for your organization. We will discuss the following strategies:
Identify “hidden” vendors that may be receiving protected health information.
Investigate vendors to understand the risk of doing business.
Validate vendor controls to assure risks are kept to a minimum.
Remediate control gaps within your organization and at vendor locations.
Mary Potter is the Director of Product Development for CORL Technologies, where her focus is to develop, test and roll out new products and services to address high-level needs raised by CORL's clients. Her IT career spans more than 20 years and includes extensive audit experience to meet compliance, privacy and information security objectives for a large, regional health system.
Mary has been consulting on research privacy, HIPAA risk analysis, NIST 800-53 and NIST 800-171 safeguards after leaving her role with a large health system in Virginia as the Privacy and Information Security Officer. She has a background that includes third party risk assessment/risk mitigation, access control, IT audit, information security/privacy investigations, training, testing, implementation and support. She has served on the boards of IIA, ISACA and AHIA.