Inventory Third-Party Relationships
Perform a comprehensive inventory of all your existing third-party relationships.
No matter the size of your health care organization, third parties pose one of the greatest security threats to your data. In fact, according to the Ponemon Institute, 65 percent of organizations that reported sharing data with a partner also reported a subsequent breach through that partner. The simplest way to protect your health care data from third parties is by knowing who's handling your data. Start by making a list of all the third parties that come into contact with your data (because if it's not immediately clear who's handling your data, how on earth can you protect it?). Your list should also include any external software engineers or IT consultants, and/or your data backup company. It should also include your data center, cloud hosting provider and/or phone provider. Make sure this list is continually kept up to date and made accessible to all authorized personnel in your organization.