BLOG

Securing the Healthcare Data Supply Chain

CORL Technologies CEO Cliff Baker recently had the opportunity to deliver a presentation alongside leadership from the Office for Civil Rights (OCR) on the state of HIPAA Security Rule compliance and risk management for third-party Business Associate vendors servicing the healthcare industry. The breach data and enforcement updates supplied by OCR reinforced his perspective on the paradigm shift currently underway for healthcare delivery in the migration of critical business functions to third-party cloud-based platforms. Read More

Optimizing the Human in Third-Party Risk Management

Security and risk teams have been overwhelmed by the tsunami of requests for vendor security risk assessments as the digital health movement continues to shift data to third-party platforms. Constraints on human capital and time have never been tighter. Leading organizations are looking for ways to focus their teams on true risk management activities rather than perpetually collecting and formatting risk data. Information security and risk leaders have turned to technology and automation to help keep pace with this unprecedented demand for third-party security assessments. Read More

Rise of the Little Guys | How Small Vendors Carry Most of Your Risk

Did you know that over 86% of vendors servicing healthcare providers in 2020 are either in the Very Small (between 1-50 employees) or Small (between 51-500 employees) categories? That figure derives from analysis that was conducted in February 2020 of security assessments conducted on CORL’s database of over 50,000 healthcare vendors. This latest analysis highlights a growing trend of smaller vendors dominating the healthcare vendor landscape and changing the way in which healthcare vendor risk managers need to think about third-party risk mitigation approaches. Read More

Got Certs? The Pros and Cons of Enterprise Security Certifications

Healthcare has become a prime target for malicious actors bent on profiting from the resale and reuse of patient information. Healthcare entities are scrambling to sure up security controls for their own organizations and third-party business partners as the sprawl of patient information continues to drive widespread data breach events. Many healthcare Covered Entities and Business Associates servicing the industry are pursuing or evaluating enterprise security certifications to provide assurance of their security program and control effectiveness to the market. Read More