Vendor needs to provide third–party risk management tool. • Third–party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties (sometimes referred to as vendors, suppliers, partners, contractors, or service providers. • The program includes assessment, analysis, and management of risk –in conjunction with HIPAA Security Rule compliance efforts include privacy and security assurances. • Conducting regular risk assessments and continual monitoring enables to evaluate vendor readiness to comply with these security expectations and protect patient ePH.