Open Source Encryption & Certificate Management
February 29, 2016
US Healthcare Data Breaches on the Rise
March 13, 2018

Do you know your 4th parties?

Many healthcare professionals swear by their vendors, entrusting them with sensitive customer credit and debit card data for the purposes of facilitating billing and delivery of treatment and services.  But how much do you know about the vendors that serve them?

Fourth parties may have full access to your customer data through your vendor relationships.  And you may not be aware of how far downstream your customer data goes.  Are there 5th and 6th party vendors touching this information?  What would an audit by Health & Human Services turn up?  How expensive would it be to track down the data and access granted?

Data breaches have become an epidemic in healthcare so knowing who has access to your patients’ card data, how much and how often is critical to controlling risk.  Should your vendors fail to keep healthcare or payment data safe, consumers will ultimately place the blame on you.

The monetary and reputational damage can be devastating for a healthcare organization, so it is increasingly incumbent on providers to conduct proper due diligence on third parties and any parties that serve them.

At a baseline, healthcare providers should ensure vendors are adhering to PCI compliance standards.  PCI is not a one-time activity but an ongoing process.  Many companies fall out of PCI compliance due the labor and time involved.  Organizations with good PCI practices often have experience with a security-conscious architecture.

So what can be done?  Use proactive rights management software…

Recognizing that it is unrealistic to comb every log file, the best alternative is to implement a common data sharing and access software platform that can share data all the way down the supply chain of vendors.  This type of software allows for common, secured, and carefully logged access to your data.  Each vendor, no matter how deep down the chain can be required to access data through this common exchange software.  This ensures that your data is stored in a centralized, secure manner; and that all vendors that access your data are logged and authorized by your organization.  This creates insight into not only who your 4th party vendors are, but also logs and organizes all access to the data in a programmatic, centralized and easy-to-audit system.

Systems that support proactive rights management enable you to monitor and control who has access to sensitive consumer data.  These systems put you in the driver’s seat by notifying you when someone new is requesting access to your consumer data.  You can then determine if this individual should be granted access based additional investigation with your vendor.

Implementing systems that enable control over external user access to your consumer data can help reduce the effort and expense associated with managing vendor relationships – allowing you and your compliance officer to sleep better.  It’s a cost effective line of defense which can shield your organization – and your patients – from data thieves.

Cathy Manning
Cathy Manning
I am a versatile, high energy marketing professional with B2B and B2B2C experience who leverages strategy development and program management expertise to increase brand awareness and drive customer acquisition and retention. I consider the entire customer experience when developing marketing programs to ensure it aligns with the brand promise. I adeptly manage marketing resources and budgets to create successful marketing initiatives aligned with strategic business goals. My ability to adapt and respond to rapidly changing market environments enables me to capitalize on business development opportunities and mitigate risks. I am a confident and clear communicator who effectively collaborates with internal and external stakeholders, knowledgeably interacts with leadership, and drives decisions. I actively contribute to projects and programs to ensure they achieve the desired business results. I have experience managing staff located in offices locally and around the globe. My industry experience includes healthcare, financial services, information technology & services, professional education, and media.

Leave a Reply

Your email address will not be published. Required fields are marked *