IN THE NEWS: Health Industry Reacts to CORL Vendor Honor Roll of Business Associates
CORL Technologies, the leading provider of vendor security risk management solutions, recently named three businesses to its “Vendor Honor Roll” for vendors serving health industry customers with transparency and collaboration: Ciox Health, NAVEX Global, and ServiceNow. In response, several healthcare security professionals have commented on the role transparency and collaboration play in their selection of third-party vendors.
“At St. Luke’s University Health Network, we value business partners that collaborate with us to protect our patient’s data. It’s all about our patients at the end of the day. We hope these vendors – and others in the future – are seen as the example for other Business Associates in the health industry because our buying decisions are more and more becoming based on security, transparency, and ease of working with our vendor Business Associates,” said David Finkelstein, Chief Information Security Officer.
The CORL Vendor Honor Roll selection criteria centers on businesses willingness to provide relevant information in response to client inquiries regarding security and privacy practices. Ultimately a data breach by a Business Associate is a reputation killer for everyone – the customer, the vendor, and the patient.
“The CORL Vendor Honor Roll recognition speaks to the heart of what Ciox is trying to change in the industry, and we are honored to be recognized as a cooperative, transparent business partner by CORL clients,” said Leke Adesida, Chief Compliance Officer at Ciox Health.
CORL clients’ buying decisions are increasingly based on transparency and cooperation of the vendor. As Anthony Siravo, VP and Chief Information Security Officer at Lifespan academic health system, said, “With recent vendors in the news for breaches and investors involving the SEC, big conglomerate vendors are realizing they can’t refuse to cooperate on risk assessments. We have had vendors who will work with us, who react with, ‘Thank you – will you help us,’ and we always do.”
In another example, a CORL client who requested information for a security risk assessment with one of their vendors was told they didn’t want to complete the client’s request because the effort to do so is higher than the potential profit made off the client contract.
As David Haig, Vice President and Chief Compliance Officer at Hartford Healthcare, points out, “The privacy and security regulations are being strictly enforced and we try to explain to Business Associates that they are on the line, too. We’re working with vendors to help them understand how they may be at risk, especially since state AGs are making compliance issues public with strong language about how vendors are accountable. We aim to help vendors see that security is an expectation of the public and actually can be a competitive advantage for them.”