A recent KPMG report [PDF] shows that nearly half of healthcare organizations surveyed rely on trust when it comes to sharing data with their third-party healthcare business partners. More specifically, only 35% claim to have a solution in place to properly manage third-party vendor security risks.
“Sharing data with a third party is the second highest vulnerability facing healthcare organizations,” says Harry Wan, Co-Founder and Chief Technology Officer at Datum Security. “With only 35% claiming adequate resources in managing their third-party vendor risk, we’re destined to have a huge problem if this security assessment gap doesn’t get filled quickly. Business partners can no longer rely on trust and business agreements to avoid this risk.”
While the providers and payers share a common view that job security is the least of their worries, they weigh the other 4 concerns a bit differently.
Top 5 concerns for providers and payers
|Regulatory enforcement (50%)||Financial loss (57%)|
|Litigation (45%)||Reputation (46%)|
|Financial loss (44%)||Litigation (38%)|
|Reputation (39%)||Regulatory enforcement (35%)|
|Job security (6%)||Job security (3%)|
Although a properly executed HIPPA Business Associate Agreement might mitigate most third party concern regarding regulatory enforcement, the high ranking concerns of Litigation, Financial Loss and Reputation cannot be mitigated by contractual terms alone. Raising and inspecting the security posture of third party vendors, not trust alone, is a must to meet these adequately address these concerns.