BLOG

The rate at which healthcare is contracting with vendors is truly unprecedented. From operational technology to connected medical devices, to supply chain operations—your typical healthcare system works with somewhere in the range of 1,300 vendors.  Given this scale, it’s not surprising that most healthcare organizations can’t name all 1,300, and those that can certainly don’t feel that they have their arms around risk for all of their vendors.

Dominated by a few risk repositories and scorecards, the TPRM ecosystem’s solutions have left healthcare largely wanting—still facing the same challenges that inspired the solution search in the first place. So, what does it take the actually solve for third-party risk in healthcare? Turns out, this question is best answered by professionals who have worked in healthcare.

Mathew Webb of HealthTrust Purchasing Group and CORL’s own Britton Burton unpacked this pertinent question in a recent webinar discussing the shortcomings of the industry’s current TPRM approaches, and how a more effective solution is critical. In their conversation, they speak on modern trends in risk management, where technology and services alone fall short, and key characteristics that will lead to a brighter future for healthcare TPRM. In case you missed it, here’s a quick recap of what was covered. If you have some time, definitely check out the replay.  

Rising risk within the healthcare ecosystem

Britton opens up the webinar by discussing the current risks facing the industry. Amid ongoing digital transformation, the healthcare industry is swiftly expanding the number of digital tools and technologies used in care delivery. This technology is opening up a world of new possibilities, but with it comes a rise in vendors, and a corresponding rise in risk.

This doesn’t mean that we shouldn’t work with vendors, or even that we should slow the pace of adoption. What it does mean is that the healthcare TPRM problem of five years ago is not the same healthcare TPRM problem today. It is an order of magnitude bigger in terms of scale, complexity, and sophistication of threats.

Where TPRM approaches fall short

Britton continues the conversation, pointing out existing holes in even the most well-established third-party risk management approaches. Whether we’re looking at internal efforts that rely on technology, or external efforts that rely on an outside contractor, it’s obvious that neither is fully equipped to solve the TPRM problem.

In many ways, the strengths of one approach are the weaknesses of the other. For example, internal efforts with an outside solution typically struggle with scalability as internal teams are hamstrung. In addition, this approach frequently falls short when it comes to data validation—which represents a significant operational lift for internal teams. Conversely, tactical outside help can help improve scalability, but it falls short when it comes to understanding each vendor’s business impact and enforcing the standardized approaches that enable meaningful analysis.

Characteristics that will change the game

The problem is bigger, the solutions are inadequate, and a better approach is needed. But how can we transform TPRM in a meaningful way to actually solve the problem? Matthew discusses six key ways in which healthcare organizations can change the narrative on risk management. These characteristics include:

1. A convergence of tech and services
2. The integration of remediation into TPRM efforts
3. Vendor ecosystem visibility and prioritization
4. Novel approaches to reporting out on risk
5. A focus on vendor experience
6. The emergence of a common standard

Britton and Matthew bring a refreshing perspective informed by real, hands-on experience. Prior to his role at CORL, Britton was Director of Risk Management, Information Protection & Security at HCA Healthcare. In this role, he lived through TPRM challenges firsthand and was responsible for addressing them within his organization. As Chief Product Security Officer at HealthTrust, Matthew regularly engages with some of the nation’s largest providers as he advances the organization’s mission to enhance performance with operator-proven practices.

The future of TPRM in healthcare

Matthew and Britton concluded their conversation unanimous that major changes in the industry must be made in order to accommodate the rapid adoption of digital technology in healthcare. Although the current state of TPRM in healthcare leaves room for improvement, both speakers believe that a few key changes in the industry’s practices and a commitment to collaboration can bring major changes for a more secure future.

To get a more in-depth look at Matthew and Britton’s conversation, watch the full on-demand recording. Interested in learning more about how CORL can help you solve the TPRM problem? Schedule some time to speak to an expert.