Matt Fisher of Carium writes:
An important part of establishing strong security for an organization rests with how it interacts with its vendors. The creation of a chain of entities creating, interacting with, storing, or otherwise handling sensitive patient information starts at the top, but can easily and frequently go down many layers. Given the layered approach, every time an organization introduces a new sublayer that organization must keep security as a forefront consideration. The risks associated with vendors not appropriately deploying security measures can be seen with the increasing number of data breaches resulting from an issue at the vendor level. Given that reality, what should or should not happen at each vendor level?
Read some of his down-to-earth advice at The Pulse