Taking a Proactive Approach to Healthcare Vendor Security
Wellforce and Tufts Medical Center
Taylor Lehmann is the CISO of Wellforce and Tufts Medical Center, partner with Side Channel Security, and cofounder of SnapEval. He was formerly an advisor to Sqrrl Data, SVP and CIO at healthcare software provider HealthEdge, as well as the former VP of cyber risk management at State Street Bank. Lehmann is also an expert in securing software development and delivery and is on the boards of Gartner Evanta, the HITRUST Community Extension Program, the TPA Summit, and the Business Associate Council. He has CBCP, CISM, CISA, CRISC, CIPP/US, CCSFP (HITRUST), ITIL, HCISPP, and PMP certifications.
Sponsored by: Securelink
SecureLink manages secure third-party remote access and remote support for enterprise organizations and technology vendors. World-class companies across multiple highly regulated industries, including healthcare, retail, government, financial, legal and gaming, rely on SecureLinks purpose-built platform to securely control network access, ensure industry compliance, manage audit trails, decrease time to resolution, and reduce liability.
October 16th, 2018 1:00PM ET
Healthcare providers and vendors struggle with some of the same IT security challenges. Providers need to work with the vendors who are willing to improve their security so that both groups are more secure.
When working with vendors around security issues, healthcare organizations need to go beyond the business associate agreement required by HIPAA. They should conduct annual security assessments of their vendors and include date-specific security remediation requirements in their vendor contracts. Above all, they need to work with the vendors who are willing to improve their security so that both groups are more secure. Vendor security is one of the biggest risks for healthcare organizations and one of the biggest sources of frustration for CISOs.
In his presentation, Wellforce CISO Taylor Lehmann, a founding member of the Provider Third Party Risk Management Council, will outline the risks to patient privacy and PHI posed by vendors, security best practices for providers and vendors, and the work of the council in promoting security best practices.
•Understanding vendor risks and threats to patient privacy and PHI
•How HIPAA applies to healthcare vendors and how providers can ensure compliance
•Developing security best practices and deploying security technologies for vendor security
•Council’s work on improve provider-vendor collaboration on security
This webcast is approved for up to 1.0 continuing education (CE) hours for use in fulfilling the continuing education requirements of the Certified Professional in Healthcare Information & Management Systems (CPHIMS) and the Certified Associate in Healthcare Information & Management Systems (CAHIMS).
VP of Product Management
Rob started his career working for agencies focused on brand strategy for companies of all sizes. He then transitioned to product management for a start-up based in Austin, TX. Most recently he was working as a Consulting Director for Vista Consulting Group prior to joining SecureLink as the VP of Product Management in the Fall of 2017.