Published August 10, 2021 • 3 minute read
According to IT security research organization Ponemon Institute’s report “The Economic Impact of Third-Party Risk Management in Healthcare,” surveyed healthcare organizations averaged 1,320 contracted vendors each. These third parties are often critical to their overall operations, including patient care. However, they also expose companies in the healthcare sector to additional risk.
We’ll break down what healthcare organizations should know about third-party risk and how to protect themselves through COI tracking.
Sources of Third-Party Risk in the Healthcare Sector
Every industry faces cybersecurity threats, but healthcare organizations are particularly appealing to hackers. Not only do they frequently house valuable protected health information (PHI), but many also have intellectual property from in-house research. Because of this unique combination, the medical field faces cybersecurity risks from multiple angles.
For-profit hackers often have their eyes on PHI they can sell on the dark web. Ponemon Institute’s analysis “Are Risk Assessments Failing to Secure the Third-Party Healthcare Ecosystem?” reports 54 percent of healthcare vendors experienced a data breach exposing PHI, which may include medical history, financial information, and biographical information. The novel coronavirus (COVID-19) pandemic also saw a surge in nation state-sponsored hacks against healthcare operations by threat actors seeking to steal research and/or cause disruption.
Hackers look to exploit any possible weakness, and if a third party has access to your systems, they could inadvertently give cybercriminals an entry point.
Health Insurance Portability and Accountability Act (HIPAA) rules govern how healthcare organizations must protect PHI from theft and fraud. Two critical components include the HIPAA Privacy Rule and HIPAA Security Rule. The Privacy Rule pertains to the protection of PHI, and the Security Rule sets standards for the creation, transmission, and storage of electronic health records.
While HIPAA permits healthcare organizations to share information with third-party vendors—including independent transcriptionists, claims processors, benefits managers, and other relevant organizations—those outside parties must also comply with HIPAA regulations, or your organization could face penalties. HIPAA violations can carry hefty fines, ranging from $100 to $50,000 per violation, so choosing the wrong third-party vendor can be a costly mistake.
Failure in Care
All organizations that work with external subcontractors, suppliers, and vendors expose themselves to third-party risk. However, these are amplified in the healthcare industry due to the element of patient care. In most industries, if a supplier doesn’t deliver on time or a vendor makes a mistake, it might hurt your bottom line. In healthcare, it could cost patient lives. That’s why every healthcare organization should thoroughly screen any potential vendors and maintain all relevant documentation.
Why Healthcare Organizations Should Invest in COI Tracking Software
- Save Time
- Achieve Compliance
- Provide Greater Insight & Transparency
- Centralize Data
- Modernize Your Processes
BCS: Your Partner in COI Tracking for Business
BCS is an industry-leading COI tracking solution with full-service and self-service options. The full-service solution couples software and expert support for the highest standard in third-party liability risk management, with minimal work on your end. The self-service option gives you access to the BCS App to reduce the burden on your employees by bolstering their efforts with easy-to-use features, including automation.