Every vendor should have cybersecurity in place and be committed to protecting patients and their information. For example, at Marathon Health, we have implemented a comprehensive cybersecurity program that includes: policies, procedures, standards, processes, and controls to protect the confidentiality, integrity, and availability of our information assets. Our cybersecurity program is structured around the principles of the National Institute of Standards and Technology (NIST) Cybersecurity framework and guides our cybersecurity program’s regulatory and security compliance.
When evaluating employer-sponsored healthcare vendors, it is essential to understand how they safeguard their digital systems, including the processes to monitor for unauthorized access and data leaks and the procedures should a breach occur.