What is the Health 3rd Party Trust (Health3PT) Initiative?
Recognizing that overlapping customer and vendor relationships are common throughout the healthcare industry, Health3PT membership is an expansion of the Provider Third-Party Risk Management initiative established in 2018 to include a broader spectrum of organizations in the healthcare industry along with TPRM thought leaders such as HITRUST and CORL.
Founding members include Allegheny Health Network, Cleveland Clinic, University of Pittsburgh Medical Center, University of Rochester Medical Center, Tufts Medical Center, Wellforce, and Vanderbilt University Medical Center.
HITRUST was founded in 2007 focused on healthcare information risk management and compliance. Today, more than 80% of U.S. hospitals and health insurers leverage HITRUST assessments as part of their information security and compliance methodologies, and as a key component of their third-party risk management programs.
CORL is a service-centered solution for vendor risk management, compliance, and governance that is 100% focused on the healthcare space. By delivering ongoing monitoring and reporting on vendor portfolio, assessment, and remediation activities, CORL leads the industry in tech-enabled managed services for vendor risk management and compliance.
Healthcare Third-Party Risk Management (TPRM) is broken
The enormous and diverse vendor population throughout the healthcare ecosystem has created a staggering challenge for risk management and security teams. Requests for due diligence assessments are coming in faster than ever, which creates constant backlogs along every phase of vetting, managing, and monitoring third parties.
Current Healthcare TPRM Issues:
- Insufficient coverage to scale TPRM programs across the full vendor portfolio.
- Timing of vendor assessments are not keeping pace with expectations from the business.
- Dysfunction, lack of congruence, and inconsistent adoption in TPRM solution sets and models.
- Vendors overwhelmed with questionnaires and high variance of customer expectations.
- Limited follow through and tracking of vendor remediation of identified risks and control gaps.
- Inadequately evaluating partners can pose enormous information privacy and system security risks to organizations.