A HIMSS Event | SANTA CLARA, CA | SEPT. 16-18, 2019

September 16-18, 2019 | Santa Clara, CA

Third-Party Rules of Engagement in Cybersecurity


By Heather Munro, freelance writer focusing on emerging technology.

It’s hardly surprising that as the healthcare industry connects more devices, adopts more wearable tech, and moves towards universal electronic health records that the threat of cyberattacks lurks as an ever-present danger.

Most healthcare organizations’ cybersecurity programs, however, have room for improvement—particularly in remediating and mitigating security risks—according to the 2018 HIMSS Cybersecurity Survey. The survey also revealed that risk assessments vary widely from organization to organization.

Across the industry, managing the risk of third-party relationships with vendors, contractors and other outside organizations is a particular area of concern. HIMSS.TV asked Jane Harper, Director Privacy & Security Risk Management at Henry Ford Health System, to share her organization’s unique approach to third-party risk management.

Her analogy is simple yet powerful: Managing levels of risk with a third-party is much like the stages of a romantic relationship. To learn more about her best practices for third-party risk management, watch Build security best practices like a marriage.

Get Updates

Sign up for the latest event announcements!