Skip to content.


Image for major-health-insurer-solution-spotlight.pdf
Case Study
Major Health Insurer Manages Vendor Risk with NAVEX’s GRC Platform

About this Case Study

A major health insurer relies on Lockpath to ensure vendors have the proper security controls in place. These controls help protect the insurer’s information and meet HIPAA requirements. The process works so well that visibility into vendors also positively impacts risk decisions.

  1. Industry:
    Major Health Insurer
  2. Challenge:
    Comply with HIPAA data security requirements and other regulations and frameworks
  3. Solution:
    Third Party Risk Management
  4. Results:
    Insight into vendor operations, lower risk of HIPAA fines and monthly metric reporting for CISO
  5. Read the Case Study

    Manual Processes Prove Inefficient for Managing Vendor Risk in Today’s Regulatory Environment ——————————————————————————————— Like most in the healthcare industry, a major health insurer complies with the Health Insurance Portability and Accountability Act (HIPAA), as well as many other regulations and requirements. A primary HIPAA compliance requirement is assessing vendors regularly, as well as assessing vendors’ third parties. Compliance failures can lead to stiff fines. Previously, the health insurer relied on manual processes for vendor risk management activities like issuing assessments. A manual approach can be suitable for a small business with a handful of vendors, but for a health insurer with HIPAA requirements, it can be risky and error prone. The need for efficiency and accuracy turned the major health insurer into an early adopter of governance, risk management and compliance (GRC) platforms. However, the GRC platform the company chose was overly rigid and required technical expertise to configure. The process of managing vendor risk assessments was so complicated that the risk management team reverted to using manual processes. With the challenge still present, the health insurer conducted a search for a more advanced GRC platform that offered the functionality to comply with healthcare regulations, required little or no IT assistance and a high degree of user adoption. Download the case study to learn more.

    About NAVEX

    NAVEX’s GRC software and compliance management solutions support the integrated risk, ESG and compliance management programs at more than 13,000 organizations worldwide.

Want to learn more about Integrated Risk Management?