Session ID: 

Proactive and Preventative Vendor Security Management

4:00pm - 5:00pm Wednesday, February 13
Orlando - Orange County Convention Center


There is a lot of work that is being done to address medical device security and addressing the security of the devices themselves. However, the business factors that are required to address these for organizations are not being addressed, which leads to repeats of the existing issues. Several complicating factors are that Clinical Engineering and the other functions that support this equipment in a hospital environment do not normally communicate, outsourcing of departments like Clinical Engineering to third parties, lack of understanding of building security into contract management and managing the vendor relationships from concept to implementation to post-implementation support. Security needs to be integrated into the complete lifecycle, which requires a business-based approach to build this into the lifecycle. This also requires a change in relationship with your vendors. This session will discuss these concepts and how to apply them in your organization effectively.

Learning Objectives: 

  • Recognize the requirements for implementing an effective vendor management program for medical devices
  • Apply knowledge learned from this presentation to proactively improve vendor relations
  • Analyze existing vendor agreements and outsourcing contracts and be able to modify them to support information security initiatives
  • Develop effective requirements and goals for Clinical Engineering to accomplish either via statements of work or program management to support security requirements
  • Define and measure the effectiveness of an enterprise-wide preventive security program and demonstrate metrics to senior management


Executive Director, Information Security and Compliance,
Indiana University Health


Information Management Professional