Case Study: Rochester Regional Health achieves streamlined, automated third-party risk management to protect patient PHI with OneTrust Vendorpedia

Rochester Regional Health Puts Patients First with OneTrust Vendorpedia

Rochester Regional Health, a healthcare network serving Greater Rochester with over 18,000 employees, needed to ensure its vendors properly protect sensitive PHI and replace an expensive, heavily customized legacy GRC system. Facing a contract renewal, the organization used Gartner to evaluate six IT vendor risk management tools and selected OneTrust Vendorpedia as an agile, cloud-based, cost-effective solution that supports configurable vendor risk assessment questionnaires.

OneTrust implemented Vendorpedia to provide vendor research via the Cyber Risk Exchange, automate workflows, and enable a self-service portal for project managers while rolling the platform out across subsidiaries for brand-level assessments and top-level visibility. As a result, Rochester Regional Health reports increased third-party risk awareness, faster assessments thanks to Vendorpedia’s scoring methodology, improved vendor engagement and information quality, and a more streamlined, automated approach to securing patients’ PHI.

Rochester Regional Health

Marcelle Bicker

Senior Information Security Compliance Analyst