The Security Supermarket: Best Practices for Vendor Contracting and 3rd Party Compliance

September 8, 2015
1:15pm - 2:15pm
General Session

As outsourcing continues to gain steam in the healthcare, security and privacy officers must be more vigilant than ever that cloud vendors and other business associates who handle PHI comply with HIPAA and make privacy and security a high priority.  Your relationship with your vendors begins with a well-negotiated contract, which is vital to protecting your interests and limiting potential liability in the event of a breach, but it’s only half the battle.

Just because you have a contract in place, doesn’t mean you can be hands off about privacy and security issues.

In this session, Steven J. Fox, a leading healthcare IT attorney, outlines some of the key terms and conditions that make up the contractual foundation that covered entities need when working with HIT vendors and other business associates.  He'll also cover:

  • What due diligence should be performed prior to starting contract negotiations?
  • How vendors should share information about privacy & security breaches with your organization?
  • How often (if at all) should you audit or monitor a vendor’s privacy & security performance?
  • How to make sure a vendor returns, destroys, or appropriately safeguards your data at the end of the business relationship?

Fox will also moderate a panel discussion and examine what providers should expect from their vendor partners when it comes to protecting PHI and what vendors can realistically deliver. 


Partner-in-Charge, Information Assurance Services
Habif, Arogeti & Wynne (HA&W)
Post & Schell
Chief Information Privacy and Security Officer
Stony Brook Medicine

Learn more about the 2020 Event


Subscribe for updates