Description

Third-Party Risk Management (TPRM) helps healthcare organizations reduce cybersecurity, compliance, and privacy risks posed by vendors and service providers. This webinar explains key TPRM program elements—including risk assessment, due diligence, and governance—and how they address HIPAA, FDA, and other regulatory requirements.

Cyberattacks, ransomware, supply chain shortages, privacy breaches, and the resulting regulatory focus, fines, and penalties have all demonstrated the critical importance of a robust Third-Party Risk Management Program (TPMP) for healthcare entities of all sizes.

During this session, Lori Foley discussed the key elements and importance of an integrated Third-Party Risk Management (TPRM) program, with an emphasis on the regulatory and compliance landscape.

Specifically, attendees learned from these key points:

• Importance of TPRM in healthcare
• Brief overview of recent incidents or regulatory focus areas
• Definition and types of third parties (e.g., IT vendors, medical device manufacturers, outsourced service providers)
• Regulatory and compliance requirements pertaining to third-party vendors (e.g., BAAs, HIPAA, FDA)
• Core elements of a TPRM program lifecycle (inventory, risk assessment, due diligence, contracting, and ongoing monitoring)
• Coordination of parties in identification and mitigation of risks (e.g., internal audit, compliance, legal, quality, risk management, IT)
• Recommendations for appropriate governance oversight

This was presented on Wednesday, June 18, 2025 12:30 pm – 1:30 pm E.T.