ATLANTA--(BUSINESS WIRE)--Vendors and their clients in health industry continue to work towards transparency, collaboration and responsiveness in information security risk assessments. Microsoft and Tivity Health are the two vendors most recently named by clients of CORL Technologies to its Vendor Honor Roll for vendors serving health industry customers with transparency and collaboration.
Neither vendor delayed the vendor risk assessment completion with a burdensome NDA process. Tivity Health granted reuse permission of previously supplied information so that other CORL and Tivity Health customers could quickly leverage previously provided information about their security environments. Microsoft makes publicly available all of their certifications to enable the security risk assessment.
“These two businesses provide models for sharing security program data by either opting in to our data reuse program as Tivity Health has done; or by making security program data available in the case of Microsoft,” said Cliff Baker, CEO of CORL Technologies. “A willingness to work with healthcare clients on compliance and data security protections results in a shorter sales cycle, contract renewals and increased business for these service providers. We are thrilled to add Tivity Health and Microsoft to the Vendor Honor Roll.”
CORL Technologies’ Vendor Honor Roll is the first of its kind for the health industry and has received positive response by healthcare professionals in security, compliance, privacy, and risk management, as well as industry interest and a July 2018 feature article in HealthITSecurity.com.
“CORL’s Vendor Honor Roll award may put healthy pressure on the vendors in the industry to rethink how they are approaching transparency, collaboration, and trust,” said Steve Dunkle, CISO at Geisinger Health System. “Even the vendors with problem areas, if they are transparent and working with us, it builds trust and makes them more appealing to choose as Business Associates.”
Criteria for the Vendor Honor Roll are:
1) Willingness to provide privacy and security information to their
health entity clients,
2) Ability to provide assurance of security controls,
3) Responsiveness to client’s inquiries regarding security and privacy practices and
4) Collaboration with client information security teams to protect patient information in the healthcare industry including health systems, health insurance plans, and other health-related service providers.
Increasingly healthcare organizations are making buying decisions based on transparency, cooperation and responsiveness of the vendor.
“Many vendors are still obstinate about sharing security program information. No one wants to be forced into pursuing an exit strategy situation with a vendor due to security risk. It’s a multi-year journey and a lot of work to transition a vendor and a system. Geisinger is innovative, so transparency, trust, and partnership are what we look for from our vendors,” said Dunkle.
CORL is the leading provider of vendor security risk management solutions for the healthcare industry with Vendor Security Risk Management solutions delivered as a managed service. Visit www.vendorsecurityrm.com and http://www.linkedin.com/company/corl-technologies.