Healthcare Providers

Streamline 3rd party risk management and vendor assessment

The Standard Security Questionnaire

OpenVRA provides a standardized vendor risk assessment that health providers can use to evaluate and manage security and compliance across vendors. Organizations can use OpenVRA to manage and lower vendor risk.


Starting Point For Vendor Evaluation

OpenVRA gives healthcare organizations a great starting point for measuring and mitigating vendor risk.

Purpose Built Questions

OpenVRA assessments are built around a base set of security questions that measure administrative and technical concerns.

The Standard Security Questionnaire

Vendor Breaches Lead To Big Consequences

LabCorp vendor-based data breach affected nearly 8 million patients

Quest Diagnostics vendor-based data breach affected nearly 12 million patients.

Virtua Medical Group vendor-based data breach resulted in a $418,000 settlement.

Reduce Security & Compliance Risk

Reduce Security & Compliance Risk

The OpenVRA framework is mapped to HIPAA security requirements and security best practices, so your team can see red flags from vendors.


Measure Vendor Security Efforts

Organizations can utilize OpenVRA to calculate score a security score for each individual vendor.

Continuous Compliance

Compliance is not a one-time step. Use the framework to check in and assess vendors on a yearly basis.

Improve Your 3rd Party Risk Management With OpenVRA

Lower Your Vendor Risk Profile With OpenVRA

The OpenVRA is a security standard that allows healthcare organizations to evaluate vendor security and compliance risk. We have worked together with healthcare stakeholders to create a standard set of security questions and a process for streamlining the vendor assessment process. Health providers can use this process to rapidly assess vendors and gain better insight into the overall security of vendor relationships within the organization.

We believe providing a standard framework for vendor assessment will empower healthcare organizations to better manage 3rd party risk and allow vendors to follow a familiar process have when working with different healthcare organizations. Learn more about how you can improve your vendor security program and vendor risk assessments.

dash hipaa aws

Administrative Policies

Evaluate vendor administrative policies for security and compliance.

Technical Safeguards

Evaluate vendor technical safeguards such as encryption, backup, and intrusion detection.

Security Management

Evaluate vendor processes for managing security issues and security programs.

Incident Response

Evaluate vendor response to potential breaches or security events.