Gerry Blass on Healthcare Vendor Risk Management

Health Care Compliance Association (HCCA)
Contact
Healthcare risk doesn’t stop at the facility’s door. Covered entities have countless business associates (BA), each of which poses risks of its own. That, in and of itself, is a challenge, but Gerry Blass, President and CEO of ComplyAssistant observes in this podcast that many covered entities aren’t even sure of their complete list of vendors, let alone the risks that can reside in them.

To get a handle on this situation he recommends creating an inventory of your BAs and then dividing them into high, See more +

Healthcare risk doesn’t stop at the facility’s door. Covered entities have countless business associates (BA), each of which poses risks of its own. That, in and of itself, is a challenge, but Gerry Blass, President and CEO of ComplyAssistant observes in this podcast that many covered entities aren’t even sure of their complete list of vendors, let alone the risks that can reside in them.

To get a handle on this situation he recommends creating an inventory of your BAs and then dividing them into high, medium and low inherent risk. That involves looking at what each vendor does and the relative risks involved on a granular level. For example, an electronic medical record (EMR) vendor with a cloud-based solution is going to be inherently high risk. A vendor that transfers but does not store data may be just a medium-level risk.

With reports indicating that approximately 60% of breaches occurred at the vendor level in 2021, getting a handle on this risk is critical.

Of course, preliminary scoring of the risk level is only the first step. From there the organization needs to get more detailed information to ensure that there are adequate mitigation measures.

He recommends putting together a detailed list of questions both to ask during the onboarding process and later as a part of ongoing auditing and monitoring of the BA. Checking in periodically is essential because situations do change. The work being done by the vendor may have evolved, and so may the vendor’s internal risk management efforts.

He also advises looking at the BA’s own business associates. A given vendor may rely on 10 others. As a result, it’s important to understand how the risk of the BA’s own BA’s are being managed.

Finally, he also addresses the need to reassess risk as organizations return to the workplace, including how remote access is handled.

Listened in to learn more about how to improve your healthcare vendor risk management processes. See less -

Embed
Copy

Written by:

Health Care Compliance Association (HCCA)
Contact
more
less

Health Care Compliance Association (HCCA) on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.