PRO+ Premium Content/Information Security

CISOs are making strides in some industries to drive support for a common set of information security requirements to help manage third-party security risk. Taylor Lehmann, CISO of Wellforce, the parent organization of Tufts Medical Center, and Omar Khawaja, CISO of Alleghany Health Network and Highmark Health, joined forces with security leaders from the healthcare industry to create the Provider Third-Party Risk Management Council. Announced in August, the council is working with the Health Information Trust Alliance (HITRUST) to develop industrywide best practices for managing third-party security risk associated with supply chain vendors and their information security-related systems. The goal is to create and adopt a common third-party assessment and certification process for healthcare industry providers and their vendors -- companies that have to spend considerable time and money attempting to meet the information security requirements of different hospitals and health plans. The founding members of the healthcare ...