Healthcare providers and payers rely on vendors to deliver services and at the same time take necessary measures to protect the PHI and PII. Unfortunately, a majority of the data breaches in recent years can be attributed to vendor negligence. It is evident that timely monitoring and education of the vendors significantly reduces risks. Compliance officers are entrusted with monitoring vendor compliance, not just with regard to HIPAA privacy and security, but in many other risk prone areas. Jennifer Mardosz, chief compliance officer for Optum, will share how she helped multiple Optum business units and their vendor partners identify potential privacy and security compliance gaps and implement corrective measures.