Having proper internal systems and procedures in place to manage data security is essential for organizations storing personal information in any industry. But health care organizations that rely on external vendors to process, store, or otherwise use such information must take extra steps to ensure those vendors take proper security measures, because a failure on