Hello again and welcome to the Hcs PP certification course with Sai Buri. Maintain a list of third party organisations.
I'm your instructor Shalane Hutchins.
In today's video, we're going to discuss health information, use,
process, storage and transmission, and we will review third party roles and relationships with the organization.
A key responsibility of the primary entity is to know who it's vendors are and what function or functions they perform. On behalf of the organization,
the information security professionals should establish a collaborative and ongoing relationship with the areas of the organization responsible for procurement, contracting and accounts payable.
Those areas have a definite need for maintaining an inventory of vendors.
Once there is an inventory, the information security professional can begin to pair that with other information to create an overall picture of a vendor and identify specific types of risks that may be introduced,
for example, the criticality of vendor to health care delivery, the amount and type of data to which the vendor has access, and the frequency with which the data is shared with the vendor and the way in which the vendor access is sensitive. Data are all valuable inputs in determining risk calculation.
Because health care data is so personal to an individual and highly regulated, it's imperative that the primary entity spell out for a third party vendor the terms and conditions under which the data may be used, how it must be protected for transmission and where and how it can be accessed and stored.
A key ally for the security professional is the primary entity business owner will maintain, but they they relationship with the vendors.
This individual can become the eyes and ears in terms of changes at the vendor that could impact security controls.
This does require investment on the part of the security professional to ensure that the business owner understands major security risks.
Also, the relationship that the primary entity has,
what the vendor is important toe watch because it can help a security professional understand potential risks.
For example, is the relationship established or not?
Is the vendor performing a course service and parallel with a primary entity?
Or has the primary entity elected to completely outsource a course service?
Is the vendor meeting expectations of the business owner in regards to S L. A's or service level agreements
and what other considerations can help you identify potential risks.
some other considerations could be. How long has the vendor been in business? Performing these functions as a company
and how financially sound is the vendor?
What is the vendors, employee retention rate
and what certifications or at test stations, such as a sock to type to report or a stock? One report does the vendor half.
This diagram demonstrates the need for the H. D. I S P P professional toe. Understand the business of health care and how security can help to minimize risks while allowing delivery of care to succeed.
Security professionals who can make the connection between the business and technology and communicate well are in the best position to articulate risk.
Legal professionals, provide legal counsel regarding regulatory and contractual matters.
Procurement, negotiates with third party vendors and understand the vendor landscape.
A primary business owner maintains the operational relationship with third party,
so in summary. But we talked about today was health information used process storage and transmission
and the third party roles and relationships with the organizations
stay tuned for the next video