Chief Information Security Officers highlight cloud cybersecurity risk and a common certification program for vendors serving health care
The resources required to properly vet and monitor third party cloud service providers can be a major challenge for health systems looking to manage cloud cybersecurity risk. In some cases, the time, resources, and expertise needed is too great an undertaking for smaller health care organizations.
SIGN UP FOR THE CCM WEBINAR, “BUILDING TRUST IN THE CLOUD”
That’s why a group of information security professionals from a variety of health systems formed the Provider Third Party Risk Management Council. The Council is developing common vetting and oversight practices to ensure the cloud security of vendors working with health systems, hospitals and other providers.
What is HITRUST CSF Certification?
Taylor Lehmann, Chief Information Security Officer at Wellforce/Tufts, and John Houston, Vice President of Privacy and Information Security and Associate Council at UPMC, described their work as founding members of the Council during a presentation at the Top of Mind 2019 Summit.
The organizations on the Council, including Wellforce/Tufts, UPMC, Cleveland Clinic, and others, will require their third-party vendors to become HITRUST CSF Certified within the next 24 months. The certification will serve as their standard for vendors that access to patient or sensitive information. Certification will be accepted by all of the council’s participating organizations.
“We’re actually providing the playbook for how to securely operate and work with large health systems two to three years before you’re actually ready to do so,” Lehmann said during the Top of Mind 2019 Summit.
Becoming certified allows vendors to save time and effort answering questions from every health system they want to do business with, and instead use that time creating more secure products, Lehmann said. It’s a win for health systems because they don’t need to spend extra time vetting the security of every vendor.
“I would have to summarize this in one word: Frictionless. We’re trying to build a frictionless environment while ensuring a high level of security,” Houston said.
See more videos from the Top of Mind 2019 Summit:
- Vivian Lee says Verily wants to help patients make health data more useful
- Don Rucker addresses health care prices, APIs, and White House support for interoperability
Learn more about:
- Top health IT priorities at health systems by downloading the Top of Mind for Top Health Systems 2019 research report
- Research into cloud cybersecurity perceptions at hospitals and health systems
- The Provider Third-Party Risk Management initiative