Censinet offers new products to advance third-party risk management in healthcare
Censinet, the leading collaborative risk network for healthcare organizations (HCOs), announced new products and capabilities across three strategic areas – Continuous Monitoring, Controls Validation, and Vendor Lifecycle Workflows.
These innovations advance Censinet’s mission to reduce risk to patient data and safety, and accelerate compliance across an HCO’s supply chain of third-party vendors.
“Healthcare organizations demand faster, higher-quality and more complete risk assessments across their supply chain. It drives our vision of ‘taking the risk out of healthcare’ and delivering unique capabilities such as One-Click Assessments™,” said Ed Gaudet, CEO and founder of Censinet.
“This announcement builds on our mission to be the trusted network for risk management in healthcare, helping CIOs and CISOs eliminate risks to patient data, safety, and quality care delivery.”
Third-party risk management innovations
With this announcement, Censinet continues to challenge the status quo, enabling HCOs to move beyond traditional approaches to data risk awareness. Censinet saves HCOs significant time and costs, and increases productivity of IT, security, and risk teams, all while enabling clinicians and business leaders to rapidly adopt new technologies.
By dramatically streamlining the assessment process, the need for HCOs to prioritize risk evaluations and leave some areas unexamined becomes obsolete.
New continuous monitoring capabilities
Continuous monitoring delivers security ratings of a third-party vendor’s organizational risk posture with a comprehensive ‘outside-in view of an organization’s security risk. Censinet Continuous Monitoring complements its industry-leading vendor and product risk assessments through comprehensive questionnaires and critical supporting evidence.
The new capabilities gather data from a variety of public and private sources, analyze it, and deliver a risk rating across 10 categories: digital footprint, patch management, DNS health, email security, IP/domain reputation, compromised credentials, fraudulent domains, web security, information disclosure, and web ranking.
Censinet rates third-party risks and assigns a letter grade to each vendor, correlates findings with industry standards to inform compliance requirements, and quantifies probable financial impact to communicate risks in business terms.
New risk assessments and curated content automation
Censinet vendor risk assessments provide 100% compliance to NIST CSF 1.1. However, rapid adoption by clinicians of emerging technologies, such as new cloud-based and mobile applications, medical devices, and other innovations such as blockchain, artificial intelligence (AI) and machine learning, is a key challenge today for HCOs.
Censinet automatically monitors and curates risk from changes to the technology landscape, threat environments, regulatory updates, and standard industry frameworks such as NIST. This unique Censinet risk curation expertise provides updates to risk every quarter or on-demand as needed.
All Censinet questionnaires are versioned with full history and audit trails. Standard risk questionnaires cover thousands of clinical, business, and operational applications whether in the cloud, on-premises, or hybrid, plus hardware devices and appliances, and other connected internet of things (IoT) devices.
With this announcement, Censinet introduces the following new risk assessment types:
- MDS2 2019: The Medical Imaging & Technology Alliance (MITA) published NEMA/MITA HN 1-2019, Manufacturer Disclosure Statement for Medical Device Security (MDS2), which provides standardized information on security control features integrated within medical devices. To support security risk management through voluntary standard, Censinet now allows medical device vendors to upload their MDS2 2019 with guidance or continue to share their MDS2 2013.
- Mobile applications: A recently proposed rule by the Office of the National Coordinator for Health IT (ONC) requires healthcare providers to adopt standardized APIs to help application developers give individuals easier and more secure access to their electronic health information via smartphones and other mobile devices. Censinet now provides risk assessment questionnaires that cover these types of applications and technologies.
- Healthcare-specific use cases: Censinet provides risk assessments unique to healthcare providers. These risk assessments include information exchanged between Covered Entities, affiliated physicians, ambulatory or other practices, and the secure software development lifecycle (SSDLC) for internally-developed clinical and business applications.
“Most industry frameworks take a year or longer to update risk content,” said Steve McGee, Chief Information Security Officer at Censinet.
“Censinet is committed to fast and complete risk assessments based on current technologies, changes to regulations and real-time threat monitoring intelligence. Censinet Curation Services enhance healthcare provider’s clarity around risk introduced by their supply chain, as well as reduce compliance burdens.”