Vendor Risk Management: Conquering the Challenges

Mark Eggleston of Health Partners Plans Discusses Best Practices for Ensuring Security

Mark Eggleston, VP, CISO and Privacy Officer, Health Partners Plans

Organizations must carefully monitor that their business associates are adequately addressing data security to help guard against breaches, says Mark Eggleston, CISO at Health Partners Plans.

“For example … we ask for business continuity plans, but it’s also really more important to get the results of [testing] those plans,” he says in an interview with Information Security Media Group.

Eggleston will participate in a panel discussion on “Tackling Vendor Risk Management Challenges” at ISMG’s Healthcare Security Summit, to be held Nov. 13-14 in New York.

“You want to make sure that when you’re transferring your PHI [protected health information], that it’s going to reputable firms that are using world-class … frameworks to secure that data,” he says.

In this interview Eggleston also discusses:

  • The growing risks posed by business associates;
  • Examples of data breaches involving third parties;
  • The challenge of protecting patient data in the cloud.

Eggleston is vice president, CISO and privacy officer at Health Partners Plans, a Philadelphia-based health insurance company. He leads the maturation of various security technologies and privacy initiatives and manages a business continuity and disaster recovery program.