Healthcare organizations must regularly assess their vendors in order to understand their adherence to privacy and security practices. Without that knowledge, they can’t determine risk, and without determining risk, they can’t manage that risk and ensure their own success in attaining and maintaining compliance.
At the same time, business associates and other third-party vendors serving those healthcare companies need to implement and then document their privacy and security practices in order to facilitate those assessments. HITRUST offers programs to help healthcare organizations and their vendors standardize on templates and tools for conducting those assessments in a consistent, efficient manner.
Here are the results of a new study on how those HITRUST programs are affecting the healthcare industry ecosystem.