Rochester Regional Health is the leading provider of comprehensive care for the Greater Rochester New York community. The healthcare network is supported by over 18,000 employees, including five hospitals, all-inclusive care for elderly and home health programs, outpatient laboratories, rehabilitation programs, and surgical centers, as well as independent and assisted living centers. From harnessing research and technology to helping patients redefine the odds—Rochester Regional Health is leading the evolution of healthcare today.
Due to the sensitive protected health information (PHI) they handle, Rochester Regional Health must validate their third parties are also properly handling this information with the same stringent security and privacy measures, as described by Marcelle Bicker, Senior Information Security Compliance Analyst at Rochester Regional Health
Screening new third-party risk management technologies
For several years, Rochester Regional Health supported third-party risk management through a legacy GRC solution. However, with a contract renewal approaching, the Information Security Compliance team began discussions to move to a more streamlined solution – and away from expensive legacy GRC technology that required too much customization, as well as heavy support.
“The driver for researching new third-party risk management technology solutions stemmed from the need to implement an agile, cloud-based solution that is not only cost-effective but highly flexible to support configurable vendor risk assessment questionnaires directly through the UI,” added Bicker.
Rochester Regional Health leveraged analyst firm Gartner to develop a rating scale and evaluated six technology solutions in the IT Vendor Risk Management Tools market. After extensive due diligence, the organization selected the OneTrust VendorpediaTM third-party risk management software.