HITRUST Assessment XChange (XChange), a wholly-owned subsidiary of HITRUST, is providing healthcare organisations with free access to its third-party risk management (TPRM) solution, including methodologies, technology, and staff augmentation.
The decision to provide the TPRM service free of charge was made, after discussions with leaders in the healthcare industry concerning operational challenges, financial impacts, and disruptions being faced by organisations across the healthcare ecosystem and the direct effect on supply chain management, caused by the COVID-19 pandemic.
Impact of COVID-19 on supply chain management
The impact of COVID-19 on supply chain management relates to organisations attempting to vet and onboard new third parties in an expeditious manner, as well as maintain assurances from current third parties, while cyber threats and other risks continue to escalate, in a time of distracted, remote, or limited resources.
This is compounded, as they work to ensure the integrity of the risk management process is preserved and not introducing additional complexity, and costs to themselves or their third parties.
Enhancing efficiencies in third-party risk management
Breaches involving third parties continue to create substantial disruptions and costs"
“Breaches involving third parties continue to create substantial disruptions and costs, as well as risk to the entire health ecosystem,” said John Houston, Esq., Vice President, Privacy, and Information Security & Associate Counsel Information Assurance Services at UPMC.
John Houston adds, “Now more than ever, we need to collaborate in adopting approaches that can reduce the risk and improve efficiencies in third-party risk management.”
XChange solution
The XChange solution empowers organisations around the world to evaluate and gain visibility into the risk posed by their third parties, including managing and maintaining risk assessment, and compliance information provided in an efficient and effective manner.
It minimises duplicative and inconsistent assessment requirements, imposed by customers on their third parties, which reduces costs and increases efficiencies, throughout the entire ecosystem. It streamlines identifying the level of risk, posed by a third party, based on organisational criteria and automates the process to obtain, and maintain appropriate assurances in a timely manner.
Comprehensive and fully integrated solution
The solution is comprehensive and fully integrated, thereby allowing it to be leveraged by organisations of varying sizes. Healthcare providers, wellness management companies, distributors and manufacturers can use the service for two years, at no cost.
It includes functionality to address third-party pre-qualification, risk triage, risk assessment, risk mitigation, risk evaluation, third-party qualification and risk monitoring. In addition, designated Onboarding Specialists help expedite and streamline the process of loading and engaging third parties.
Effective evaluation and management of third-party risk
Most of us in the industry face the same challenges in evaluating and managing third-party risk"
“Most of us in the industry face the same challenges in evaluating and managing third-party risk, so adopting and leveraging a single approach is the most efficient and effective manner to achieve our mutual goal and further industry collaboration,” said Omar Khawaja, Vice President, Chief Information Security Officer at Highmark Health.
Omar Khawaja adds, “I believe the approach outlined by the Provider TPRM Council, in conjunction with the offering from the XChange, allows us to achieve that industry goal, which now is more important than ever.”
Information risk management expert
As a globally renowned company in information risk management, HITRUST understands and has studied the challenges associated with TPRM, specifically in evaluating and assessing the risk a third-party relationship poses to an organisation, and the impact on the supply chain ecosystem with inconsistent assurance approaches.
Daniel Nutkis, the Founder and Chief Executive Officer (CEO) of HITRUST, said “Over the past few weeks, I’ve been speaking with many leaders in the healthcare industry, whose teams are feeling overwhelmed by the COVID-19 pandemic and seeking additional support, and opportunities for collaboration.”
HITRUST TPRM Methodology and the XChange solution
Daniel Nutkis adds, “Making the XChange solution available free of charge to the healthcare industry is one of the ways we can help support and drive collaboration in the industry.”
The HITRUST TPRM Methodology and the XChange solution are widely adopted across the healthcare industry, including by renowned major organisations, such as Advent Health, Allegany Health Network, Cleveland Clinic, Highmark, Mayo Clinic, Tufts Medical Centre, University of Rochester Medical Centre, UPMC, and Vanderbilt University Medical Centre, as well as leveraged by the Provider TPRM Council.
- Network / IP
- Electronic security systems
- Application security
- Physical security
- Hospital security
- Commercial security
- Perimeter security
- Healthcare security
- Private sector security
- Public sector security
- Security management
- Security policy
- Security devices
- Security installation
- Security access systems
- Asset tracking
- Electronic access control
- Identity management
- Building security
- Facility security
- Institute security
- Public security
- Door access control
- Security software
- Security service
- Physical Security Information Management (PSIM)
- IP security solutions
- Security communication
- Integration software
- Perimeter protection
- Cyber security
- Mobile communications
- Internet of Things (IoT)
- Data Security
- Incident Management
- Security Assessments
- Cloud security
- Artificial intelligence (AI)
- Mobile access
- COVID-19
- Mergers & Acquisitions
- Machine Learning
- Touchless Security
