Who doesn’t love a list with steps to get a project done? I, for one, love them and in The Help Me With HIPAA podcast episode 317, 6 steps for Vendor Management, Donna and David do just that! They give us a list of steps to help businesses with the big picture of managing vendors. But, before we get to the list you know we need to start with the “HIPAA say WHAT??” (Did you hear David’s voice as you read that?)
To put it in a nutshell, you can’t believe everything you hear on TV, or read in newspapers, on the Internet or on social media platforms. Did we really need to say that? Unfortunately, yes we
do. One would think that people know to keep quiet about things that they don’t know about, but yet go ahead and say things that are wrong. Then, because the narrative meets a group of some people’s beliefs, it gets told and retold so many times that it becomes a “fact” or “it must be true because so and so said it.” The HIPAA privacy and security rules interpretation is not immune to this. Before you take something at face value, please do your research. Reach out to trusted individuals and companies that really know the laws.
Now, for the 6 steps for vendor management. Why would it be important to ensure your vendors are securing their products or information? Think of it like this, would you just hand your accountant all of your money and just trust them with it and let them do whatever they want to with it? If you said yes, well you probably won’t be in business long. Vetting your vendors is crucial to make sure they are protecting and securing your valuable assets and information.
So, how do you start your vendor management program? First, identify what would happen if your vendor could not supply their product to you. Would it be an operational risk, a competitive risk, a reputational risk, etc. Second, identify who is responsible for these things in your business. Then, make a list of all of your suppliers, service providers, consultants, and so one. Look at your accounts payable list. This is a great place to identify your vendor list. The fourth step is….. did you really think I was going to list them all out here? No, you have to listen to Episode 317 to hear the rest. Plus, you’ll get to hear why David says, P-Y-S-A, as letters and not phonetically.