Manual Processes Prove Inefficient for Managing Vendor Risk in Today's Regulatory Environment
Like most in the healthcare industry, a major health insurer complies with the Health Insurance Portability and Accountability Act (HIPAA), as well as many other regulations and requirements. A primary HIPAA compliance requirement is assessing vendors regularly, as well as assessing vendors’ third parties. Compliance failures can lead to stiff fines.
Previously, the health insurer relied on manual processes for vendor risk management activities like issuing assessments. A manual approach can be suitable for a small business with a handful of vendors, but for a health insurer with HIPAA requirements, it can be risky and error prone. The need for efficiency and accuracy turned the major health insurer into an early adopter of governance, risk management and compliance (GRC) platforms. However, the GRC platform the company chose was overly rigid and required technical expertise to configure. The process of managing vendor risk assessments was so complicated that the risk management team reverted to using manual processes.
With the challenge still present, the health insurer conducted a search for a more advanced GRC platform that offered the functionality to comply with healthcare regulations, required little or no IT assistance and a high degree of user adoption.
Download the case study to learn more.
About NAVEX Global, Inc.
NAVEX Global is the worldwide leader in integrated risk and compliance management software and services. Our solutions help organizations manage risk, address complex regulatory requirements and foster an ethical, productive workplace culture.