Weren’t able to catch the live session? Not to worry, all AEHIS LIVE Sessions are archived for your convenience within a few business days of the original webcast.

  • Event Information


    Effective security monitoring is an essential component of managing cyber risk. Many organizations attempt to accomplish this in-house, but as security consultants, we frequently see healthcare organizations struggle to implement and sustain effective security monitoring capabilities internally. Join Principal Solutions Architect Aaron Sierra as he lays out the challenges and benefits (performance and financial) that are driving many hospitals and healthcare organizations to find a managed security partner to monitor their environment. Join this webinar and learn: - How to think differently about security monitoring - Why operating your own Security Operations Center (SOC) is an uphill battle - The upsides of hiring the right managed security partner
  • Event Information


    There are many reasons why data de-identification (i.e., the removal of personally identifiable information from data such that the individuals that the data describes can no longer be identified, but that the data retains its utility for research and/or commercial product development purposes) might be valuable. Data de-identification can improve data privacy and access control, and it can facilitate data availability for research and analytics. It can also be an important step in the workflow of sharing data sets with other teams and research partners. We are interested in understanding how CISOs think about data de-identification. We would like to understand what CISOs want and need when it comes to data de-identification, how they evaluate data de-identification offerings, and any gaps or needs in existing de-identification offerings. We would also like to discover what use cases data de-identification would enable and the relative importance of each. 3 Learning Objectives: 1. Understand how CISOs evaluate data de-identification solutions 2. Learn about CISO needs and use cases regarding de-identification 3. Discover gaps in existing de-identification offerings that CISOs are hoping tools may help them address Please note we are looking for participants with direct experience in data de-identification.
  • Event Information


    Many healthcare organizations want to use their data to be actionable while safeguarding sensitive data from unauthorized access. However, there are significant identity management challenges that healthcare organizations must master to effectively link health information to the correct, authorized individuals and care teams. With the accelerating volume of sensitive healthcare data being created in healthcare by both people and connected medical devices, traditional forms of identity management lack the agility to keep pace with health IT infrastructure and regulatory requirements. In this focus group session, we will discuss the state of identity management in the healthcare industry and what critical identity management challenges organizations are facing. Learning Objectives: 1. How identity management can simplify the challenges healthcare organizations are facing when it comes to meeting the regulatory requirements of identity management. 2. What technology options are available to establish, verify, authenticate and authorize access for clinicians, patients, care givers, and other stakeholders. 3. How traditional identity management and data governance technologies are converging to enable healthcare organizations with “true” enterprise identity governance.
  • Event Information


    Join as us as we dive into the myriad issues that must be considered by CIOs and others in the c-suite as healthcare data is increasingly exchanged both among and outside non-traditional healthcare settings, and as consumers become active managers of their health information. This presentation will dive into what this means for providers in an era of patient-directed data, a growing internet of things (IoT), the implications associated with artificial intelligence and machine learning, and of course the privacy and security implications associated with the new world order.  Learn what this means for compliance with the Office of the National Coordinator (ONC), the Office for Civil Rights (OCR), the Centers for Medicare & Medicaid Services (CMS), and the Federal Trade Commission (FTC) policies.

  • Event Information


    Incident response is changing dramatically. The approaches employed by most healthcare organizations are incredibly process-driven but not typically nimble or flexible enough to respond to the challenges presented by today’s cyberattacks. Further, the objectives and practices employed by traditional incident response do not take into account patient and life safety. New paradigm and approaches are required, and we believe that Cybersecurity Tactical Incident Response (CTIR) is the new generation of incident response. During this presentation, we will examine why traditional incident response approaches breakdown and become ineffective during fast-moving or prolonged incidents. Also, how approaches that employ protocols, immediate action drills (IAD), and minimalism are critical to not only protecting infrastructure but human life. We will also examine the core tenets of Cybersecurity Clinical Rapid Response and how this supports a CTIR program. Why integration between CTIR teams and OEM groups is vital and why FEMA certification of CTIR personnel is essential. During the presentation, we will also review case studies of incident response gone wrong and why, especially when it came to protecting patient safety. The program will also discuss the Left/Right of Bang planning cycle and how it applies to incident response.
  • Event Information


    Experts will discuss the current state of risks posed by medical devices and the challenges associated with getting an effective device management strategy in place. They will provide five key best practices to address the privacy, security, and patient safety issues posed by medical devices. Learning Objectives:
    1. Define the current security and patient safety risks posed by medical devices
    2. Analyze the operational challenges of managing medical device risks
    3. Identify best practices to incorporate medical devices into risk assessments and to implement a functional medical device governance structure
  • Event Information


      Cybersecurity policies establish expectations for the protection of information against deliberate and accidental threats and vulnerabilities. Many organizations struggle with embedding these expectations into day-to-day operations. What's more, board and senior leadership expectations regarding cybersecurity may not always translate into viable policies and procedures. During this session, we will discuss moving toward principle-based policy governance based on widely available cybersecurity control standards. Participants will be invited to share their current experience with governance and provide feedback on the value of a principle-based approach. . List the challenges associated with defining, implementing and managing cybersecurity policies and procedures 2. Describe the traditional approach to cybersecurity policy management and its limitations 3. Explain a framework to more effectively define, organize, implement and manage organizational cybersecurity policy expectations  
  • Event Information


    The critical nature of healthcare systems has made penetration testing difficult in the past due to uncertain outcomes. CISOs have begun to understand that traditional cybersecurity assessments do not provide the same insight a penetration test could. This has left a gap between a traditional penetration test, which is not optimized for healthcare information systems, and the need for a deeper technical dive into these systems, with a specialized care to avoid systems that could cause unnecessary system downtime or impact patient care. Organizations can have more confidence when performing a penetration test by carefully determining the scope of the assessment, planning for clear and open communication, and having an understanding of unique healthcare technologies and protocols. Learning Objectives:
    • Understand the difference between penetration testing and vulnerability assessments
    • Understand how penetration testing differs across industries
    • Learn how healthcare penetration tests can be tailored to the client
    • Understand the value proposition penetration testing can bring to healthcare
    • Learn about future considerations for penetration testing in healthcare
     
    • Cybersecurity Information Sharing in Healthcare: Deciphering A Widely Misunderstood Policy Landscape

    • Start: 10/23/2019 02:00pm
    • Event Type: AEHIS LIVE , Archived
    • Session Speaker(s):

      Speakers Errol S. Weiss, CSO, Health-ISAC (Health Information Sharing and Analysis Center) Greg Singleton, Director, Health Sector Cybersecurity Coordination Center (HC3), U.S. Department of Health & Human Services (HHS) Theresa Meadows, CIO, Cook Children’s Hospital, Vice Chair, HSCC’s JCWG (Moderator) Reactor Panel Will Long, CISO, Children’s Health in Dallas, AEHIS Chair Dan Bowden, CISO, Sentara Health Sri Bharadwaj, CISO, UC Irvine, Public Health Representative on HSCC JSWG

    • Please login or become a member to register.

    Event Information


    Join us as we lift the cloak of mystery enshrouding cybersecurity threat information sharing in healthcare in a webinar moderated by Theresa Meadows, CIO of Cook Children's Health Care System, vice chair of the HSCC JCWG and co-chair of the HCIC Task Force. Speaker Denise Anderson, president of H-ISAC, will offer a bird's eye view of information sharing in the industry, detailing where information is moving today, where the speed bumps are and the challenges that still must be overcome. She will debunk myths and set the record straight on permitted sharing uses.

    Our reactor panel comprised of leading CISOs in healthcare provider settings will offer a frontline perspective detailing where existing guidance is misunderstood, how information sharing is shaping their role in defending against cyberattacks and where improvements are needed. Attendees will have the opportunity to query our speakers and panel of reactor experts on burning questions they have over the widely misunderstood landscape of cybersecurity threat sharing in healthcare.

  • Event Information


    Implementation of a vendor management framework creates greater oversight early on in the vendor selection process in support of informed decision-making, determining an acceptable level risk, and reducing the likelihood of vulnerabilities being interjected into your environment.

    The key is to identify your business associates, implement a framework to assess the business relationship, define an acceptable level of risk, and develop strategies to reduce the likelihood and impact of a potential breach - before the regulators come knocking at your door.

  • Event Information


      Cybersecurity, data privacy and breach notification policy proposals have dominated headlines and Congressional agendas. From the drive to 5G, explosion of telehealth and continued push toward ubiquitous Interoperability has resulted in a flurry of policy proposals from lawmakers and the Administration. This webinar will cover promising policies that healthcare security professionals should keep an eye on as the end of the year approaches. Further, it will highlight opportunities for CISOs to engage in policymaking.  
  • Event Information


      We have been in a defensive asymmetrical battle with an increasingly more sophisticated threat landscape. For the most part our security approach has been a fundamentally reactive model over the past 20 years. Cost and complexity have continued to increase while applications are now layered in software and platform. Are there more effective ways to protect our modern applications when applications span multiple centers of data? What if we as an industry could reduce the attack surface while changing the dynamics of these threats to a proactive approach? In this session you will learn how new tools and methodologies can provide application knowledge, telemetry along AI and Machine Learning to fundamentally change the approach to protect and adapt to this ever-changing threat landscape.  
  • Event Information


    Jon Murchison will discuss how cyber attacks on healthcare facilities can happen, why they happen, and how organizations can prevent them in the future. Jon will also focus on how healthcare facilities are full of IP-connected devices that present a plethora of attack surfaces OT cyber attacks involving healthcare facilities, and IT-connected medical devices.

    Learning Objectives:  1) How a hacker will breach a medical facility 2) The effects a breach could have on a medical facility 3) Ways in which we can address this concern.

  • Event Information


    August 15 | Session 3 – Hosted by Cathie Brown • Module 5 – Developing an OCR-Proof Risk Management Plan | Jon Stone • Module 6 – Developing An Executable Plan of Action and Milestones | Blaine Hebert
  • Event Information


    August 8 | Session 2 – Hosted by Jon Moore • Module 3 - A Framework for Analyzing Cyber Risk | Cathie Brown • Module 4 - Common Risk Analysis Failures | Iliana Peters (TBD) & Jon Moore
  • Event Information


    August 1 | Session 1 – Hosted by Jon Moore • Module 1 - The Evolving Cyber Risk Landscape: True Stories from the Field | Bob Chaput • Module 2 - OCR Enforcement: Past, Present and Future | Jon Moore
  • Event Information


    Does executive leadership often ask the following questions: “Is our cybersecurity program mitigating risk effectively and to an acceptable level?” “Are we spending enough or are we over spending on cybersecurity” “What will be the ROI for implementing this new technology.” You are not alone if you answered yes to any of these questions. As CISOs and CIOs we are challenged to translate our cybersecurity risks and strategic security initiatives into ROIs and quantified financial risk. In this focus group, we will discuss how identified cybersecurity risks impact the bottom line and how to present those risks to executive leadership. Attendees will be encouraged to share challenges and solutions to present the ROI of their cybersecurity programs in a roundtable excise.

  • Event Information


    CHIME 2019 Advocacy Summit

    Hyatt Regency on Capitol Hill 400 New Jersey Avenue NW Washington, DC Our 2nd annual CHIME Advocacy Summit will feature leading policy makers in Washington, D.C., members who help put policy into practice, and other thought leaders who drive health IT innovation at the federal level. Presenters will discuss the latest policy developments and topics, including patient privacy, value-based care, telehealth, burgeoning cyber threats and how to manage them, and navigating the new CMS and ONC interoperability rules and the implications for providers. Learn what’s on the horizon in health IT policy and how you can advocate for change. Learn More & Register
  • Event Information


      The problem of out of date legacy hardware, operating systems and applications across the healthcare industry is endemic. This is especially so at small hospitals and clinics where tiny IT and security staffs and highly constrained budgets, prevent the upgrading of end-of-life and often vulnerable technologies. Aggressive sun-setting of Windows versions by Microsoft and near constant patching requirements compound the pressure on small IT staffs to support and secure their health IT infrastructure. Poor coordination between HIT vendors and Microsoft causes healthcare applications to break if patched or remain vulnerable if unpatched. This situation introduces risk into the healthcare delivery environment as IT systems continue to operate with unpatched CVEs and unsupported hardware and software. With limited budgets and no panaceas on the horizon, how can CIOs and CISOs of small or critical access facilities get away from having to support dangerous legacy hardware and software? This session looks at the complexity of problems and explores options to reduce risk and solve the legacy hardware and OS problem for good.  
  • Event Information


    Coming to Washington, DC for the 2nd Annual Advocacy Summit? This session is a must-watch. Learn the tips and tricks from CHIME’s Policy Team to make the most of your upcoming visit to the Nation’s Capital.

    Health IT has remained a topic of interest for the Administration and lawmakers alike and it is vital that the voice of the health IT professional be represented. Meaningful Use is a thing of the past, reducing regulatory burden is a top priority and Congress has narrowed-in on how technology can transform healthcare. Join CHIME’s Public Policy team to gain valuable insight into the current policy landscape, get a glimpse into ongoing advocacy initiatives and learn how you can get engaged. The team will give you an orientation on what you need to do to be successful in Washington, DC and share additional references so you can stay current on health IT policies.  

    Learning Objective #1 Identify the key decision makers on health IT policy

    Learning Objective #2 Gain insight on what to expect in health IT policy for the remainder of 2019

    Learning Objective #3 Learn ways to interact with policymakers in Washington and at home

    Learning Objective #4 Understand the best ways to engage in CHIME’s public policy efforts

  • Event Information


    The Office of the National Coordinator for Health Information Technology (ONC) is hosting a webinar for CHIME to discuss the Trusted Exchange Framework and Common Agreement (TEFCA) draft 2.

    The framework outlines a common set of principles and terms and conditions to support to enable nationwide exchange of electronic health information (EHI) across disparate health information networks (HINs). The TEFCA is designed to scale EHI exchange nationwide and help ensure stakeholders have secure access to their electronic health information when and where it is needed.

    Don’t know what TEFCA is?  You need to. Congress required ONC to develop a voluntary framework for data exchange – a network of networks.  While voluntary now, participation could be mandated in the future.

    Here are ONC fact sheets for providers, patients and developers among other stakeholders.

  • Event Information


    The Office of the National Coordinator for Health Information Technology (ONC) is hosting a webinar for CHIME to discuss the Trusted Exchange Framework and Common Agreement (TEFCA) draft 2.

    The framework outlines a common set of principles and terms and conditions to support to enable nationwide exchange of electronic health information (EHI) across disparate health information networks (HINs). The TEFCA is designed to scale EHI exchange nationwide and help ensure stakeholders have secure access to their electronic health information when and where it is needed. 

    Don’t know what TEFCA is?  You need to. Congress required ONC to develop a voluntary framework for data exchange – a network of networks.  While voluntary now, participation could be mandated in the future.

    Here are ONC fact sheets for providers, patients and developers among other stakeholders.

  • Event Information


    Boot Camp Grads – San Diego 2018

    The Healthcare CIO Boot Camp™ is an intensive three and one-half day education program offered by the College of Healthcare Information Management Executives (CHIME) taught by a faculty of healthcare CIO thought leaders. Combining presentations, small group discussions, case studies and interactive problem solving, participants learn the real-world skills necessary to become a successful healthcare CIO. Participation in the Boot Camp is currently limited to members of CHIME, AEHIS, AEHIT, and AEHIA, and their direct reports (including Affiliates).  Visit the webpage to read more.
  • Event Information


    Join Kevin McDonald (Mayo Clinic) and Rob Suarez (BD), Task Group Co-Chairs of the recently released Joint Security Plan (JSP) in highlighting this critical public and private sector collaboration. The JSP utilizes "security by design" principles throughout the product lifecycle or medical devices and health IT solutions while identifying the shared responsibility between industry stakeholders to align standards, risk assessment methodologies and vulnerability reporting to improve information sharing between manufacturers and healthcare organizations.

  • Event Information


      The June 2017 Cyber Task Force upped the pressure on manufacturers and developers to be more transparent regarding the components delivered in new or updated devices. The Bill of Materials (BOM) movement is getting more traction with the FDA and the recently published Joint Security Plan (JSP) on Medical Devices. This webinar will break down the latest on BOM, how HDO's will benefit and approaches to how your organization can incorporate this information into managing the lifecycle of medical devices Learning Objectives:
    1. Defining BOM
    2. Benefits to providers
    3. Effective management of BOM infomation
    4. Medical Device Lifecycle Impacts
     
  • Event Information


    Location: Westin BWI 1110 Old Elkridge Landing Rd Linthicum Heights, MD 21090 Dates: March 6, 8:00am - March 7, 5:00pm, EST The IT executive role in today’s healthcare organization has never been more challenging. To better equip our leaders filling this important position, Maryland HIMSS has partnered with CHIME to host a one-of-a-kind Leadership Academy with specialized tracks:  Leadership Academy  - March 6th  8AM-5PM CMIO/CHIO Leadership Academy - March 7th  8AM-5PM Cybersecurity Academy - March 7th  8AM-5PM Designed for leaders currently in senior management or emerging leaders seeking to take their role to the next level, this curriculum is modeled on the highly successful CHIME Healthcare CIO Boot Camp™. This program’s leadership content is specifically tailored for individuals to gain the real-world skills necessary for today’s environment. Taught by a faculty of healthcare CIOs and CMIOs, this one-day program features a collaborative teaching methodology combining presentations, small group discussions, case study analysis, progressive problem solving, and personal mentoring. CHIME Members will receive 7 continuing education credits per track attended toward Certified Healthcare CIO certification. REGISTER 
  • Event Information


    A CISO led discussion and interactive sharing forum on addressing unique and effective approached to improving security and privacy awareness throughout your organization. 

    Learning Objectives

    1. Awareness basics and compliance
    2. Awareness strategy and sharing
  • Event Information


     

    According to ECRI, there are 14-17 connected medical devices for every hospital bed.

    However, Ponemon reports only 51% of device makers say they follow guidance from the FDA to mitigate or reduce inherent security risks in medical devices, which creates additional security blind spots and increases the cyberattack surface for hospitals and healthcare systems.

    This webinar will define the security and operational challenges associated with connected endpoints, including IoT and medical devices, and will discuss how hospitals and healthcare delivery organizations (HDOs) can adopt IoT devices in order to achieve operational efficiencies, provide a better patient care experience and reduce the overall risk to patient safety.

    We will discuss:

    ·Emerging issues and trends that are risky to healthcare IT systems and can directly affect patient safety, violate their trust and impact revenue

    ·How to take a holistic approach to cybersecurity management that includes clinicians,

    Risk management and IT professionals

    ·Best practices for shoring up network security blind spots and mitigating the risk of IoT and

    medical devices

    ·Why real-time endpoint visibility and intelligence is the key to achieving an effective and

    proactive cybersecurity strategy

     
  • Event Information


      Proficio is a managed security service provider with a range of services that included 24/7 security monitoring, threat detection, incident response and managed SIEM, NGFW, and endpoint services. 
    We want to explore the cybersecurity priorities that are facing CISOs, such as shortage of cyber professionals, cyber risks to patient health, detecting and responding to attacks.
    Objective: 
    1. Get Feedback on the cybersecurity challenges facing CSIOs
    2. Understand where different challenges rank in priority
    3. Determine if there are significant challenges where a service provider like Proficio can add value through a managed or co-managed services model.
     
    • Public Policy 101

    • Start: 01/01/2019 01:00pm
    • Event Type: AEHIS LIVE , Archived
    • Session Speaker(s):

      Jake Glancy, Public Policy Coordinator, CHIME Zach Donisch, Membership Director, CHIME      

    • Please login or become a member to register.

    Event Information


    Curious about public policy but don't know where to begin? Join Jake Glancy, CHIME Public Policy Coordinator, and Zach Donisch, Director of Membership for AEHIS, AEHIT and AEHIA, as they provide an introductory look at public policy people, events and activities taking place in Washington D.C.

    Jake and Zach will provide a monthly update on public policy for those who are interested in healthcare IT advocacy work. You won't have to google acronyms during this webinar - expect a thorough look at the core concepts that go in to the important work our members and D.C. staff grapple with daily. Jake and Zach will be joined monthly by a CHIME member who will help translate legislation and regulation into the real effect it will have on the day-to-day work of healthcare IT leaders.

    Learning Objective 1: How to meaningfully engage in CHIME Public Policy efforts

    Learning Objective 2: Healthcare IT Public Policy Updates

    Learning Objective 3: Networking Opportunities through engagement

  • Event Information


    As small, rural, and critical access organizations face ever tightening budgets, the burden of protecting your patients, infrastructure and assets grows.  First’s Guardian Services Team are healthcare security experts in mitigation, support and governance of entities with limited resources, offering a comprehensive retained service. 

    Our focus group will explore First's specialized programs and approach, electing reactions on urgent security initiatives, executive security services and infrastructure services tailored to small organizations. 

  • Event Information


    Whether partial or entire, gradual or expedited, on-premise or off-premise, the shift to the cloud is changing the way healthcare organizations and technology partners operate.  As they transition, each hospital and health system will have a unique, dynamic, and often hybrid hosting environment.  At all stages of this digital transformation, hospital IT and security leaders are facing new questions, challenges and opportunities.  What does cloud mean for Identity and Access Management solutions and the data and systems they safeguard?

  • Event Information


    Join the Joint Commission for an interactive discussion to gain perspective on technology growth and usage as it applies to patient quality and safety. Nyansa, a foundation partner, will moderate the discussion with Gerry Castro, Director of Patient Safety for the Joint Commission. In addition to hearing Gerry's thoughts and considerations for future standards, we will seek your input and experiences.

  • Event Information


    As Healthcare organizations plan and prepare their security strategies for 2019, there are insights that can be learned from the numerous breaches that have occurred in 2018.  

    Join this discussion to learn about and share your insights on the following topics:

    • What have we learned from 2018 breaches and insights are specific to Healthcare?
    • What is Incident Response and how should you plan for it?
    • What are the most difficult challenges Healthcare organizations are facing when it comes to improving security posture?
    • What are the top 3 recommendations you would share with your peers?
  • Event Information


    How are healthcare provider organizations addressing cybersecurity challenges. As SailPoint continues investing in and expanding on their healthcare practice, there is a need to better understand the evolving requirements and drivers of healthcare security and IT professionals.

     
    The following SailPoint objects are designed to help us:
    1) Understand level of concern around NIST guideline 800-63-1 (Identity proofing and multi-factor authentication requirements for e-prescription drugs)
    2) Learn how HITRUST certification gets factored into IT/security buying decision
    3) Discover the provider perspective on where identity fits into their overall cybersecurity program
  • Event Information


    Confronted with seemingly insurmountable challenges in harsh environments, the mission to secure highly-sensitive patient data can seem like a reality survival exercise.   The information security workforce in healthcare is responsible for supporting the well-being of the organization and the individual patients that rely on its life-critical services and information. To survive in a hostile environment; much like wilderness survival; people must have access to the right training and tools.

    This Webinar will examine the most common survival strategies for healthcare leaders to overcome challenges in recruiting, retaining and allocating resources for mission-critical information security programs. Common Survival Challenges include:

    • Recruiting the right skills
    • Retaining the cybersecurity workforce
    • Attracting and retaining diverse worker groups
    • Staffing issues during mergers & acquisitions
    • Meeting demand and deadlines during staffing shortfalls

    A well-designed cybersecurity staffing strategy can help organizations to not only survive, but also thrive in harsh conditions.

  • Event Information


    Understanding the components of an effective medical device cybersecurity policy is essential to developing the foundation of an effective medical cybersecurity program. This will dissect a medical device cybersecurity policy, as well as provide key recommendations related to governance and medical device cybersecurity practices.

    Learning Objectives:

    Dissect medical device cybersecurity
    Recommendations of governance of medical device cybersecurity
    Critical best practices for securing medical devices

  • Event Information


    This session would demonstrate the advanced security features of Office 365 Advanced Threat Protection and the use of Power Shell Commands.

     

    Learning Objective:

    • Understanding the how threats are created
    • Why your staff are one of your biggest vulnerabilities
    • Just because you can't see it - doesn't mean it's not happening
    • What is available in Office 365 for mitigating threats
    • Options in configuration of Office 365 ATP
  • Event Information


    This focus group’s purpose is to survey and dialogue with AEHIS members and Healthcare Information Security managers about the strategic priorities they have for 2019.

     
    Learning Objective 1: Ask participants to reveal which data security initiatives will have priority for 2019.

    Learning Objective 2: Poll participants to discuss how their staffing (internal resources) line up with the projected workflows for data security projects in 2019.

    Learning Objective 3: Gain an understanding of participants’ key constraints in managing data security in a healthcare organization
  • Event Information


    The WannaCry attack of 2017 demonstrated that hospitals around the world could easily be victimized by ransomware. More disturbingly, however, WannaCry clearly demonstrated that medical devices and not just information systems could be compromised by ransomware. This creates a whole new and wholly unacceptable meaning for the term Denial of Service and demonstrates the patient safety issues that underlie insecure medical device deployments. This presentation will cover the established industry standards for the secure deployment of medical devices laid out by OWASP and the Cloud Security Alliance in the OWASP Secure Medical Device Deployment Standard v2.

  • Event Information


  • Event Information


    Every day, patients share Personal Health Information (PHI) that becomes permanent documentation in Electronic Health Records (EHRs) - yet how reliable are the controls in place to ensure continuous privacy?

    While budget and staffing are often recognized as the biggest issues in healthcare IT, security is actually at the forefront of building a successful practice. Fostering trust and confidence is essential to delivering on the promise of quality patient care. To meet these challenges, organizations must either increase budget and personnel or invest in agile automation.

    Learning Objectives:
    • The widening threat landscape for unmanaged medical devices and EHR breaches
    • How to secure EHRs containing PHI at scale
    • How to handle unmanaged medical devices operating on your network
    • The benefits of investing in crypto-agile automation tools aimed at enhancing patient experience
  • Event Information


    This webinar will provide an overview of Incident Response and Recovery practices and processes to prepare an attendee for the Fall Summit Incident Response Table Top Exercise. The webinar will review specifics of an IR Plan including required Policy and Procedures. Staff considerations to build an IR plan will be reviewed. Recommended leading practices including playbooks, processes and steps to take to secure an organization with an Incident Response Plan will be discussed.

    Learning Objectives: 1) Introduction into incident response and recovery including terminology. 2) Key items in an IR plan, including policy and procedures. 3) Information sharing and staffing considerations when building an IR plan. 4) Developing IR playbooks and processes and a sample template reviewed. 5) Four key steps to working through an incident (pre, ongoing, and post).

  • Event Information


     

    News articles and conference presentations around information security are typically focused on keeping outsiders outside the IT infrastructure. But what do you do once someone with malintent gets inside? What if the threat originated from an insider? And how would you mitigate insider risks beyond awareness and training? It turns out, these issues are on the minds of many healthcare providers according to a new SailPoint study.

    A new survey of health IT professionals indicate how how hospitals and health systems perceive and manage insider threats to cybersecurity. In this presentation, we discuss the results of the study and how to leverage identity governance to address this issue.

    Learning Objectives:

    Learn what concerns you peers and how are they preparing against insider threats.

    Understand why insider threats pose serious security risks

    Discover how identity technology is evolving to address insider threats

     
  • Event Information


    This session looks into how a large Healthcare provider (Encompass Health) developed actionable tactics, techniques and procedures from their Information Technology Incident Response Plan to successfully operate a small internal response team 24/7 with the support of a managed security services provider.

     

    We will dive into details on how we applied an objective decision matrix to standardize response actions across the response team members and the MSSP. Then we will discuss some methods used to continually evaluate and improve the overall Incident Response process.

    Learning Objective:

    Develop an executable strategy within your Incident Response Plan

    IR process improvement and keeping pace with the threats

  • Event Information


    A new member benefit is coming your way! The Cooperative Member Services program, managed by CHIME Technologies, Inc., is expanding to be offered to AEHIS members. The Cooperative Member Services program helps members stretch budgets by providing access to exclusive packages and discounts from Foundation firms. Learn more about this exciting new benefit by joining the informational webinar!
  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information


    With the vision of the eHealth Exchange and digitization of healthcare, we anticipate great advances in patient engagement, health care outcomes and quality of care. At the same time, healthcare’s advancements in assuring privacy and security of sensitive information and biomedical devices through better risk management are not keeping pace. In fact, the promises of digitization carry unintended consequences and concerns about patient safety and new potential forms of medical professional liability. It’s not about HIPAA compliance and it’s not just an “IT problem”. Attend and learn about critical steps we must all take to identify and mitigate these new, emerging enterprise risks.

     

    Learning Objectives: 

     

    ​1. Describe the explosive growth in information technology deployment and digitized data in the healthcare industry

    ​2. Explain why the attack surfaces in healthcare and, therefore, the purview of the Office for Civil Rights has expanded greatly over the last ten years

    ​3. Differentiate between traditional IT assets, biomedical devices and other IoT devices and explain why all asset types must be included in an enterprise risk analysis

    4. Describe the evolution from compliance-based to security-based to patient experience-based to enterprise risk-based focus

    5. Undertake strategic, tactical and operational actions to establish a mature cyber risk management program

  • Event Information


      This session will provide attendees with tactical and effective strategies related to cybersecurity incident response. Many organizations today, despite their best efforts, are dealing with cyber-attacks that are fast moving and overwhelm currently accepted incident response best practices.  During this session you will learn about: The difference between an incident response plan and platform. Violent and Fast Moving Attacks The Need For and Use of Protocols and Immediate Action Drills Myths and Fallacies Related to Incident Response Tips on the Integration of IR and Emergency Management Teams Pre-Planning Activities Critical to an Incident Outcome (Use of Partners, Law Enforcement, etc.) Network Architecture Impact on Incident Response  
  • Event Information


      A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.  
    • Staying One Step Ahead of OCR

    • Start: 08/24/2018 11:00am
    • Event Type: AEHIS LIVE , Archived
    • Session Speaker(s):

      ​Brian Selfridge CISSP, HITRUST, ITRM Partner, Meditology Services                                                                                Kevin Henry MBA, CISSP, HCISPP, HITRUST, ITRM Manager, Meditology Services

    • Please login or become a member to register.

    Event Information


     

    OCR enforcement activity is up. The 2017 OCR-issued report revealed there is significant area for improvement in Risk Analysis, Risk Management and Privacy Controls and Communication. Join this Webinar to hear how peer health organizations are responding to the increased scrutiny by the OCR.

    • Learn how peer health organizations are responding to the increased scrutiny by the OCR as evidenced by increased enforcement activity.
    • Learn how peer health organizations are using Security Risk Registers and Business Associate Inventories to help healthcare entities in understanding security and privacy compliance gaps.
    • Other areas to address in OCR enforcement include Privacy Program and Breach Notification Improvements. Speakers will present specific examples of appropriate processes and sticking points often uncovered in OCR audits.
     
  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information


    Designed for Chief Information Security Officers (CISOs), the AEHIS CISO 2018 Virtual Cybersecurity Symposium™ curriculum covers the use and practical application of the NIST Cybersecurity Framework, the NIST process for managing information security risk (based on NIST SP 800-39) and adopting a maturity model to address today’s continuously evolving healthcare providers and their business partners.    A faculty of nationally-recognized, highly-credentialed experts guide attendees through information risk management fundamentals while sharing key insights, hard-won lessons learned and practical tools. Upon completion of the Symposium™, you will understand the fundamentals in cyber liability risk, risk analysis, risk management, business associate management, adoption of the NIST Cybersecurity Framework and much more. These five (5) informative 2-hour sessions will assist you in establishing, implementing and maturing your cyber risk management program.

    Instructional Modules:           

    HIPAA 101 (prerequisite)
    1. How to Establish an Effective Cyber Risk Management Program
    2. How to Calculate the Cost of a Data Breach and Secure The Budget For Your Information Risk Management Program
    3. The Critical Difference: HIPAA Security Evaluation vs. HIPAA Security Risk Analysis
    4. How to Frame Your NIST-based IRM Program
    5. How to Conduct NIST-based Risk Assessment to Comply with Federal Regulations
    6. How to Conduct NIST-based Risk Management to Comply with Federal Regulations
    7. How to Implement a Strong, Proactive Business Associate Risk Management Program
    8. How to Monitor Your NIST-based Risk Management Program to Comply with Federal Regulations
    9. How to Mature your IRM Program
    10. Now what? – Program Summary and Action Planning
    ADDITIONAL BENEFITS
    • All registrants will receive:
      • Access to recorded versions of each session
      • Copies of all Presentation Materials
      • A full set of information risk management supplemental materials
      • 30 days of free expert mentorship for ongoing support
  • Event Information


     
    In this webinar, attendees will hear directly from former OCR Leader and Investigator, Iliana Peters and Compliance and Cyber Risk Management expert, Bob Chaput. Insights will be provided into why so many healthcare organizations struggle to meet the HIPAA Security Rule, particularly Risk Analysis requirements. Complying with the HIPAA Security Final Rule involves many steps and considerations. Understanding the critical differences between the HIPAA Security Evaluation required at 45 CFR §164.308(a)(8) and the HIPAA Security Risk Analysis required at 45 CFR §164.308(a)(1) is essential. We will focus on these two evaluations that must completed by law. Objectives: The requirements of the HIPAA Security Final Rule for conducting periodic security evaluations The difference between a compliance assessment and a risk assessment The HIPAA Security Final Rule civil and criminal penalties Practical, actionable steps to complete the evaluations required by law
     
  • Event Information


      A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.  
  • Event Information


     

    Medical device vulnerabilities are top of mind for many healthcare professionals. Whether your medical device security program is non-existent, emerging, or well underway, new approaches to connected asset management are emerging. This webinar will discuss a data driven approach that uses knowledge of an asset’s ability to generate, transmit, and/or store data to inform a classification system which drives a device management program throughout the asset’s total lifecycle. The webinar will cover device discovery, data classification, risk assessment, clinical workflow analysis, policy development, network architecture and ongoing malicious activity detection solutions to help you develop and deliver a more complete medical device program management program.

    Objectives

    Participants will learn how they can gather inventory and security information about the devices on their network without putting healthcare operations at risk.

    Participants will learn how to handle the organizational as well as technical issues associated with the implementation of a medical device security program.

    Participants will learn how to start, or enhance their medical device security and maintain it as an ongoing program for their facility.

     
  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information


    Artificial intelligence is being proclaimed as the next big thing to transform the future of healthcare. But is it real or just a fad? Come listen to Tanuj Gupta, Physician Executive of Clinical Intelligence at Cerner, as he describes practical ways of using intelligence, big data, and workflow applications to create continuous improvement in the clinical, operational, and financial outcomes of populations.

    ​Objective:

    Definition of what AI / machine learning / virtual assistant is from a EMR perspective…examples and current use case

    Explore areas of potential patient safety, revenue generation, provider efficient that these technologies

    How to keep educated on the future technologies and where to explore pilot / full deployment projects

    Explore AI in clinical integration and performance measurement

  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

    • The Geisinger Opioid Prescription Reduction Initiative

    • Start: 04/25/2018 12:00pm
    • Event Type: AEHIS LIVE , Archived
    • Session Speaker(s):

      John M. Kravitz, Senior Vice President and CIO, Geisinger Health System Richard Taylor, M.D., CMIO, Geisinger Health System Michael Evans, Vice President of Enterprise Pharmacy Innovation and Chief Pharmacy Officer, Geisinger Health System

    • Please login or become a member to register.

    Event Information


     

    According to the Centers for Disease Control and Prevention, deaths from drug overdoses in the U.S. totaled more than 63,600 in 2016, with 42,249 of those deaths attributed to opioids. In 2016, Pennsylvania had the fourth highest opioid overdose death rate in the nation. Within the state, many of counties with the highest death rates were served by Geisinger Health System. Geisinger, recognized as an innovator in the use of EHRs and care delivery models, determined that the health system had an opportunity to reverse these trends. Geisinger developed and initiated several approaches that focused on changing physician practice patterns to reduce the prescribing of opioids. In addition, the health system encouraged physicians to follow pain management strategies that minimized or eliminated to use of opioids. They also enabled electronic prescribing for controlled substances. After launching these initiatives, Geisinger reduced prescriptions for opioids by about half. They also reported e-prescribing for controlled substances created $1 million in savings within five months due to greater efficiencies.

    Learning Objectives:

    1. Learn how to use your EHR and clinical order entry systems to identify current practice patterns among providers and track changes over time. (Geisinger uses a provider dashboard which is produced by their analytics platform.)

    2. Develop pain management strategies that encourage approaches other than potentially addictive opioids

    3. Discuss the benefits and challenges of rolling out electronic prescribing for controlled substances across a health system

     
    • The Geisinger Opioid Prescription Reduction Initiative

    • Start: 04/25/2018 12:00pm
    • Event Type: AEHIS LIVE , Archived
    • Session Speaker(s):

      John M. Kravitz, Senior Vice President and CIO, Geisinger Health System Richard Taylor, M.D., CMIO, Geisinger Health System Michael Evans, Vice President of Enterprise Pharmacy Innovation and Chief Pharmacy Officer, Geisinger Health System

    • Please login or become a member to register.

    Event Information


     

    According to the Centers for Disease Control and Prevention, deaths from drug overdoses in the U.S. totaled more than 63,600 in 2016, with 42,249 of those deaths attributed to opioids. In 2016, Pennsylvania had the fourth highest opioid overdose death rate in the nation. Within the state, many of counties with the highest death rates were served by Geisinger Health System. Geisinger, recognized as an innovator in the use of EHRs and care delivery models, determined that the health system had an opportunity to reverse these trends. Geisinger developed and initiated several approaches that focused on changing physician practice patterns to reduce the prescribing of opioids. In addition, the health system encouraged physicians to follow pain management strategies that minimized or eliminated to use of opioids. They also enabled electronic prescribing for controlled substances. After launching these initiatives, Geisinger reduced prescriptions for opioids by about half. They also reported e-prescribing for controlled substances created $1 million in savings within five months due to greater efficiencies.

    Learning Objectives:

    ·         Learn how to use your EHR and clinical order entry systems to identify current practice patterns among providers and track changes over time. (Geisinger uses a provider dashboard which is produced by their analytics platform.)

    ·         Develop pain management strategies that encourage approaches other than potentially addictive opioids

    ·         Discuss the benefits and challenges of rolling out electronic prescribing for controlled substances across a health system

  • Event Information


     

    C-level executives must consider cyber risk as a core tenant of their responsibilities, as well as their mission to drive sustainable healthcare services. In this talk, we’ll explore attack trends and share best practices and preventative measures to help you reduce risk and avoid investigations.

     

    Learning Objectives:

    The importance of incorporating cybersecurity into your business strategy

    Office of Civil Rights (OCR) enforcements and key components of an OCR Correct Action Plan (CAP)

    A real-life example of one healthcare organization’s CAP

    Trends, best practices and proactive measures to help you mitigate risk and avoid regulatory investigations

     
  • Event Information


    The European Union (EU) has enacted global sweeping security regulations in the form of the Global Data Protection Act (GDPR), which becomes effective in May 2018. Healthcare entities in the U.S. are scrambling to answer some key questions about how GDPR may or may not impact their own information security and privacy compliance posture.

    Join us for this informative session which will address pressing questions facing healthcare organizations as they size up the new GDPR requirements. Specifically, we will speak to the following considerations:

    ·         What is the scope of GDPR and how does it apply to U.S.-based healthcare entities?

    ·         What data types and categories of information are covered by GDPR?

    ·         Do compliance obligations vary depending on whether I am a provider, payer, or vendor (Business Associate) servicing the healthcare industry?

    ·         What are the security controls required for GDPR and how do they align with HIPAA, NIST, HITRUST, and other U.S.- based regulations and standards?

    ·         How is GDPR enforced and what are the potential penalties for noncompliance?

    ·         Do I need to allocate resources and FTEs to GDPR compliance?

    ·         What should I do next?

  • Event Information


      A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.  
  • Event Information


      Medical Device security continues to be an area of confusion and extreme concern for healthcare organizations. It is estimated that the average vulnerability rate per medical device is 6.2 and that as many as 60% of medical devices in a single hospital are running end of life operating systems. Learning Objectives 1. Gain insight into the key findings related to medical device security and the associated strategic recommendations. 2. Develop a tactical and strategic foundation for medical device security ​3. Understand the 5 Key Critical Safeguards for Medical Device Security.  
  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information


  • Event Information


      A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.  
  • Event Information


    With constantly evolving cyber threats against the security, safety and privacy of the healthcare system, stakeholders including providers, device manufacturers, pharma, health IT, insurance plans and payers are mobilizing more aggressively and collaboratively to get ahead of these threats.  This webinar will provide an overview of the two major public-private partnerships – the National Health Information Sharing and Analysis Center and the Healthcare Sector Coordinating Council – that address cyber preparedness with both operational and strategic approaches.  Learn what they do, how they work together and with the government, and how you can and must get involved.

     

  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information


    With a bigger target on their backs than ever, healthcare organizations are continually looking for the best ways to secure their critical applications and the sensitive data that reside there. In recent years, this has led to myriad security solutions being bolted on and dropped into already complex environments. As the rate of data breaches continues to rise despite an annual increase in spending on IT security, it’s time for a new approach; one that injects security directly into the existing infrastructure on which applications and data live. Join Interfaith Medical Center’s Chris Frenz as he talks about the increasingly challenging task of securing Healthcare organizations and the role virtualization can play in strengthening the security posture.

     

    Learning objectives:

    1. Why is securing healthcare environments difficult today?
    2. What is microsegementation?
    3. How does virtualization help overcome the challenges of securing healthcare environments today?
  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information


    As patient responsibility continues to grow, consumers are using their credit cards at hospitals more than ever. PwC estimates that 5% of healthcare provider revenue today comes through credit card transactions, a percentage that likely will double by 2020. As a result, card associations are paying more attention to PCI compliance at healthcare providers. For Epic users, meeting the lowest PCI scope requires security measures to prevent the transmission of card data to your network. This needs to cover both staff-entered payments through Resolute (payments in person / over the phone) and patient-entered through MyChart (payments online). With the right methodology, providers are able to decrease the risk of card data theft and reduce PCI scope.

    Learning Objectives:

    • Recognize potential security threats and vulnerabilities of MyChart
    • Identify how to mitigate financial risk when selecting a secure payment solution
    • Differentiate PCI-validated solutions from non-validated solution, and recognize why it is important. 
    • Evaluate the practical application of a PCI-validated P2PE and secure iframe solution
  • Event Information


      A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.  
    • Group Security Readiness Workshop

    • Start: 11/09/2017 12:00pm
    • Event Type: AEHIS LIVE , Archived
    • Session Speaker(s):

      David Kovarik, Cerner, Director of Regulatory Compliance and Security Practice
      David Houlding, Intel Health and Life Sciences, Director, Healthcare Privacy and Security

    • Please login or become a member to register.

    Event Information


    How does your security compare with the rest of the healthcare industry? Join us for a security readiness workshop to analyze your current security posture and level of maturity. Receive a report that identifies gaps, opportunities for improvements and summarizes recommendation. 

  • Event Information


    Health IT security leaders are challenged daily with an onslaught of cyber attacks such as malware, ransomware, phishing campaigns, threats to medical devices, and even DDoS attacks. Increasingly complex governmental security regulations further complicate the healthcare CISO’s overall objective of safeguarding the network and protecting patient information. As the threats grow and oversight becomes more necessary, your security practices must align with overall organizational strategies, leveraging the technology and services that will help expand security boundaries. Despite these daunting demands and complex solutions, you have a valuable resource at your fingertips. That resource is, of course, your colleagues! To learn from others in the industry, AEHIS is pleased to announce our inaugural Fall Summit, open exclusively to AEHIS members. The 2017 AEHIS Fall Summit will feature IT security speakers and presentations, and create a collaborative environment to enable you and your team keep your organizations secure and become better leaders in the transformation of healthcare IT. We invite you to take part in this exciting event.   LEARN MORE
  • Event Information


      Looking to take the plunge and adopt the NIST Cybersecurity Framework (CSF)? Interested but not sure where to start? Already adopted it but looking to take your cyber strategy to the next level? We have your covered.   Join Matt Barrett, one of the NIST architects of the CSF for and in depth overview  and discussion of what it is designed to do and how organizations are using it.  Matt will also share NISTs plans for updating the CSF and how its use dovetails with the Administration’s – including the U.S. Department of Health & Human Services’ (HHS) other work around cybersecurity.​  
  • Event Information


    The massive fines and multimillion-dollar settlements associated with data breaches have made hospitals and health systems fully aware of their obligations to protect patients’ personal health information (PHI). But those same organizations often overlook similar obligations related to their legal status as merchants—entities that are able to process credit cards. With higher deductibles and higher copayments forcing patients to use credit to pay for their health care, hospitals and health systems must take steps to protect that data. In particular, it’s critical that decision makers learn how the payment solution they select can change their organizations’ internal security and compliance obligations.

     

    One way to meet these security challenges is to follow the data security standards set by the Payment Card Industry (PCI) Security Standards Council, the body dedicated to protecting credit card data internationally. The council assigns organizations to different classifications, each of which carries a requirement for the completion of a specific audit. These audits are of various lengths, ranging from about 20 questions to well over 300. Most hospitals today are simply not complying or protecting the data. If they are complying, it is typically at an unnecessarily high level of PCI audit scope (the 300+-question audit) due to the transmission of card data to their network

     

    Learning Objectives

     

    1. Gather information on the interest/commitment level of hospital decision makers to protect patient card data


    2. Determine the role of PCI compliance in their overall security strategy, and what steps (hire consultants, self-assess, other?) do they take on a annual basis to ensure compliance?


    3. Identify who in the organization is responsible for making decisions regarding payment security and compliance

     

  • Event Information


    The massive fines and multimillion-dollar settlements associated with data breaches have made hospitals and health systems fully aware of their obligations to protect patients’ personal health information (PHI). But those same organizations often overlook similar obligations related to their legal status as merchants—entities that are able to process credit cards. With higher deductibles and higher copayments forcing patients to use credit to pay for their health care, hospitals and health systems must take steps to protect that data. In particular, it’s critical that decision makers learn how the payment solution they select can change their organizations’ internal security and compliance obligations.

     

    One way to meet these security challenges is to follow the data security standards set by the Payment Card Industry (PCI) Security Standards Council, the body dedicated to protecting credit card data internationally. The council assigns organizations to different classifications, each of which carries a requirement for the completion of a specific audit. These audits are of various lengths, ranging from about 20 questions to well over 300. Most hospitals today are simply not complying or protecting the data. If they are complying, it is typically at an unnecessarily high level of PCI audit scope (the 300+-question audit) due to the transmission of card data to their network

     

    Learning Objectives

     

    1. Gather information on the interest/commitment level of hospital decision makers to protect patient card data


    2. Determine the role of PCI compliance in their overall security strategy, and what steps (hire consultants, self-assess, other?) do they take on a annual basis to ensure compliance?


    3. Identify who in the organization is responsible for making decisions regarding payment security and compliance

     

  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them. Don't worry - if you can't make this session, AEHIS will host a Membership Orientation every two weeks.

    • CISA 405d Workgroup

    • Start: 09/26/2017 03:00pm
    • Event Type: AEHIS LIVE , Archived
    • Session Speaker(s):

      Erik Decker, CISO, University of Chicago School of Medicine & AEHIS Public Policy Chair
      Julie Chua, Manager, HHS Risk Management at U.S. Dept. of Health and Human Services  

    • Please login or become a member to register.

    Event Information


    AEHIS member and Public Policy Chair Erik Decker, CISO at the University of Chicago School of Medicine along with Julie Chua, Manager, HHS Risk Management at U.S. Dept. of Health and Human Services, offer you an insider’s look into an important initiative underway at the U.S. Department of Health & Human Services (HHS) that could have important implications for you and your role as a security official.  HHS has stood up a working group with the private sector to develop an implementation guide to help healthcare providers adopt and apply the NIST cybersecurity framework to a healthcare setting.  During this webex you will learn:

    • Why HHS decided to do this.

    • How AEHIS is helping shaping the outcome of this deliverable.

    • What this new guide will mean to CISOs and CIOs across the nation.

    • What this could mean for healthcare audits moving forward.

    • When you can expect to see the guide finalized.

    • CHIME & AEHIS Cybersecurity Advocacy

    • Start: 09/21/2017 02:00pm
    • Event Type: AEHIS LIVE , Archived
    • Session Speaker(s):

      Mari Savickis, CHIME & AEHIS VP of Federal Affairs​
      Leslie Krigstein, CHIME & AEHIS VP of Congressional Affairs​
      Erik Decker, CISO, University of Chicago School of Medicine & AEHIS Public Policy Chair​
      Karl West, CISO & AVP of Information Systems, Intermountain Healthcare  

    • Please login or become a member to register.

    Event Information


    Join CHIME and AEHIS' team of public policy experts for an insider’s look into the activity in Washington DC around cybersecurity policy.  During this webex you will hear from CHIME & AEHIS’ Leslie Krigstein, VP of Congressional Affairs and Mari Savickis, VP, Federal Affairs.  Joining them will be Erik Decker, CISO, University of Chicago School of Medicine & the AEHIS’ Public Policy Chair and Karl West, CISO at Intermountain Healthcare. Together they will offer you a bird’s eye view of:

     

    • Who in Congress has cybersecurity in their crosshairs
    • How medical device policy is taking center stage
    • The U.S. Department of Health & Human Services role in driving a stronger focus in the healthcare sector
    • The Office for Civil Rights (OCR) as an engaged partner
    • NIST’s role in driving more attention to the use of their Framework
    • And importantly, how CHIME & AEHIS are leveraging the role of CIOs and CISOs to impact change

     

  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them. Don't worry - if you can't make this session, AEHIS will host a Membership Orientation every two weeks.

  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them. Don't worry - if you can't make this session, AEHIS will host a Membership Orientation every two weeks.

  • Event Information


      Nebraska Medicine is the most esteemed academic health system in the region, consisting of 665 licensed beds at its two hospitals, more than 1,000 physicians and 40 specialty and primary care clinics in Omaha and surrounding areas. As part of an ongoing program to be a leader in providing Epic Community Connect in the region, Nebraska Medicine were challenged to offer a platform that would be stable, automated, agile and secure.
    ---
    Learning Objectives:
    • Microsegmentation reduced the attack surface of Epic by decreasing the number of open ports they had by 95% (from close to 3 million open ports to less than 500)
    • The ROI associated with this implementation is estimated at more than $30M.
     
  • Event Information


      In 2016, there were 980 data breaches that compromised more than 35 million U.S. consumers—and 355 of those breaches were in healthcare. What is your organization doing to protect itself from hackers? Join Munson Healthcare and OnPlan Health, a recognized leader in patient payment security, as they talk about:
    • The rising threats to healthcare payment security
    • How malware operates to steal card data
    • The best approach to securing your payment channels (EMV, Tokenization, and P2PE)
    • How non-PCI-validated P2PE solutions can unnecessarily drain your business resources
    • How PCI-validated P2PE and Secure Checkout solutions mitigate security risks
    Munson Healthcare will also discuss practical considerations, best practices, and early results of their PCI-validated P2PE implementation.
    ---
    Learning Objectives:
    • Recognize potential security threats and vulnerabilities of your current patient payment system
    • Identify how to mitigate financial risk when selecting a secure payment solution
    • Differentiate PCI-validated solutions from non-validated solution, and recognize why it is important
    • Evaluate the practical application of a PCI-validated P2PE solution across a large hospital system
     
  • Event Information


     

    The CISO position in a healthcare organization is typically created with a great deal of responsibility, without providing an appropriate level of authority. To be effective, the CISO must over time, acquire a power base to effectively exert influence over the organization and build an adaptive cybersecurity program that reduces risk to acceptable levels while operating within a reasonable annual budget. This presentation will discuss various forms of organizational and personal power that a CISO can seek out to build a base of power from which to draw upon to influence the people, process and initiatives required for an effective cybersecurity program.

    Learning Objectives: 1. Describe ways in which power can be garnered to advance the CISO’s ability to influence others in the organization 2. Implement activities that can increase power where little formal authority is given by the organization. 3. Employ politics to advance cybersecurity agendas while supporting their organizational mission.    
  • Event Information


      At last the US Department of Health & Human Services’ (HHS) has released the Health Care Industry Cybersecurity Task Force report. Hear from the Task Force’s co-chairs, who were directly involved with shaping the recommendations to Congress.  The Task Force was created under the Cybersecurity Act passed in late 2015.  Learn about how the Task Force arrived at their recommendations and understand how the co-chairs see the report impacting the industry. Our program will begin with insight from two Task Force members, Theresa Meadows, Senior Vice President and Chief Information Officer with Cook Children’s Health Care System, co-chair of the Task Force and David Ting, Co-Founder and Chief Technology Officer at Imprivata, Inc. to present the report findings. Following an overview of the report, Andrew Coyne, Chief Information Security Officer from the Mayo Clinic and Brian Streud, Chief Information Officer, Faith Regional Health Services will provide reactions to the report and explain how they plan to take action on the Task Force’s recommendations.  
  • Event Information


      Educational webinar for members of AEHIS on the functionality and future of AEHIS Interact, a membership email discussion list. Attendees will learn how to use Interact and additional features and functionality of Interact.  
  • Event Information


     

    The pressures faced by healthcare IT administrators are unique, since hospitals and related care centers often represent distributed and decentralized infrastructures with complex data paths. For example, what works for securing a centralized hospital data center might not work for a series of physician practices; what works on a hospital-owned and controlled smartphone or tablet might not translate well to a BYOD environment at a remote clinic. Healthcare IT and security leaders are faced with the daunting task of optimizing their security posture to minimize risks associated with new distributed models of care while simultaneously dealing with a whole new generation of cyber-crime. This session will explore the unique set of cybersecurity challenges in healthcare today, distinguishing true threats from simple noise. Recognizing the difference is crucial for IT leaders to provide hardened, yet flexible data protection measures to ensure the safety and usefulness of patient data without getting in the caregivers’ way.

     

    Learning Objectives

    • Describe security threats pummeling the healthcare industry, along with the financial and brand impact on healthcare providers
    • Identify how to align security to the business model by building a workable, sustainable security infrastructure that benefits all providers and staff
    • Discuss how one IT team was able to bring renewed confidence in protecting patient information to its large integrated healthcare delivery system
    • Describe emerging trends in holistic security practices to help protect healthcare organizations and thwart future attacks

     

     
  • Event Information


     

    For those who have managed security, capturing budget support for an investment in security is one of the most difficult challenges we have.  Security, while central to all of us, is often viewed as discretionary by other business managers, or mandated not-called-for by the business.  Competition for dollars is fierce in healthcare, and the justification for the expense needs to be strong, especially when associated with a non-revenue-producing line item.  That pressure for valuation of line items or expenditures is not likely to decrease in the uncertain times ahead with replacement of the Affordable Care Act.  There are successful strategies and techniques for engaging in this battle for funds.  This discussion will use several case studies provided by CHIME and AEHIS members to lay the foundation for a group discussion.  This is a virtual Town Hall meeting and we are counting on all of you who attend to make that happen.  

    Learning Objectives: 1. Hear how to develop and present a viable business case for security expenditures 2. Demonstrate how investing in security enhances the overall business strategy 3. Review real world case study examples and lessons learned    
  • Event Information


    Privacy and security for healthcare systems involves a coordination of product, process, and personnel. Many organizations are successfully tackling the acquisition of hardware and software products while evolving policies and procedures. Yet, beyond basic HIPAA compliance, awareness and education of personnel across the enterprise remains inadequate. Every member of the workforce has accountability when it comes to reducing cybersecurity risks, however few organizations are measuring employee behavior and using that information to reduce risk at a low cost. Building a repeatable approach to measurement and determining simple representations of those results to be consumed by the board, leadership and in some cases, the workforce at large, can act as a catalyst for improvement and personal level accountability for protection of PHI and ePHI.
  • Event Information


    Join this webinar to learn about the compelling cybersecurity research KLAS is gathering from healthcare providers. KLAS recently interviewed nearly 200 organizations about their security programs (speaking primarily with CISOs, CIOs, CTOs, and other security professionals) and published the findings in its Cybersecurity 2017 Report. The report focuses on the most impactful technologies—specifically DLP, IAM, MDM, and SIEM—and the services provider organizations use most frequently to meet security needs. For benchmarking purposes, interviewed organizations also shared best practices from and insights regarding their current security programs since security in healthcare has changed so rapidly over the past two years. This is a can’t-miss session for any healthcare IT executive!

     

     
  • Event Information


    The 21st century has brought with it advances in technology and efficiencies, however, it has also brought new exposures as well.  A customized Network Security and Privacy Liability Insurance Policy is one tool to mitigate the financial impact of a cyber loss to your organization.  Please join us as we discuss: a) potential exposures; b) what can be covered by the insurance marketplace; and, c) best practices in placing a policy.
  • Event Information


    Looking back over 2016, health IT continued to be a hot topic in Congress and with the Administration. CHIME was front and center bringing the CIO’s voice to Washington and growing our role with policymakers. From cybersecurity to MACRA, 2016 has been an exceptionally busy year in Washington, D.C.  for the CHIME public policy team. Join the CHIME Public Policy staff and leadership of the Policy Steering Committee for a recap of health IT policy activity and get a forecast of what we should expect to happen in 2017.
    ---
    Learning Objectives:

    - Outline key public policy developments that occurred in 2016

    - Explain the existing health IT regulatory landscape and what items could be revisited in 2017

    - Discuss CHIME’s likely 2017 advocacy agenda and priorities

    - Explore ways to engage with CHIME public policy in 2017

  • Event Information


    Looking back over 2016, health IT continued to be a hot topic in Congress and with the Administration. CHIME was front and center bringing the CIO’s voice to Washington and growing our role with policymakers. From cybersecurity to MACRA, 2016 has been an exceptionally busy year in Washington, D.C.  for the CHIME public policy team. Join the CHIME Public Policy staff and leadership of the Policy Steering Committee for a recap of health IT policy activity and get a forecast of what we should expect to happen in 2017.
    ---
    Learning Objectives:  
    • Outline key public policy developments that occurred in 2016
    • Explain the existing health IT regulatory landscape and what items could be revisited in 2017
    • Discuss CHIME’s likely 2017 advocacy agenda and priorities
    • Explore ways to engage with CHIME public policy in 2017
  • Event Information


       

    Every healthcare organization and its executives are fully aware of the impact cybersecurity threats can have on their business. The approach that many take to address security is: hire people and spend money. While resources are required to address security, this leads to an approach where organizations are broadly doing good things but are not focused on the activities that have an impact enterprise-wide. One of the root causes of this problem is that security executives do not have proper visibility into the organization in order to provide executives with an understanding of the overall state of security. The root cause of this lack of focus is minimal leverage of metrics-driven, simple-to-absorb information. Creating a dashboard with proper metrics that accurately show the true state of security across entire healthcare organization is a critical communication tool. This presentation will not only identify what the key indicators of compromise are for healthcare organizations and how to address them, but more importantly it will provide details on what metrics should be tracked and how to create executive-level real-time monitoring of security issues. By evolving from reactive to proactive security measures, organizations can properly prevent, detect and respond to cyber attacks.

    Learning Objectives:

    ·         Identify key indicators of compromise in hospitals ·         Explain how to track and monitor key metrics ·         Describe how to create an effective real time security dashboard ·         Discuss how to encourage executive visibility into the overall security of an organization ·         Explain how to communicate key security objectives to the BoD    
    • Employee Engagement: The Journey to Service Excellence

    • Start: 10/05/2016 12:00pm
    • Event Type: AEHIS LIVE , Archived
    • Session Speaker(s):

      Sheree McFarland, CIO, West Florida Division, Hospital Corporation of America (HCA)
      David Goodman, Director of IT&S Operations & Project Management, West Florida Division IT&S, Hospital Corporation of America (HCA)

    • Please login or become a member to register.

    Event Information


      At HCA, Sheree McFarland and David Goodman are reimagining how health IT looks, and they're not doing it alone. Taking advantage of the breadth and depth of a large hospital system and highly engaged employees - new initiatives, devices, applications and big data are driving change and outcomes. Employee engagement matters more today than ever before, and it’s at an all-time high for their West Florida IT team. Sheree and David, who are on the frontline of health IT and employee engagement strategies for one of the largest healthcare systems, will bring a unique perspective to this session which will discuss their approach to engaging, motivating and coaching healthcare professionals. Learning Objectives:
    • Discuss specific use cases on leveraging employee engagement for business success
    • Outline touchpoints on employee engagement initiatives and trends
    • Identify what’s next on the employee engagement horizon
     
  • Event Information


     

    Ransomware has become top of mind in healthcare as recent attacks are plastered across the news. Ransomware is a significant threat to healthcare organizations, but it's far from the only insidious threat out there. This session will discuss these new and evolving threats facing healthcare organizations and how health IT and security executives can combat them through integrating security solutions deployed across all attack vectors. This presentation will highlight new and expanding vectors of attack in healthcare networks and how conventional security methods are becoming all but ineffectual against these attacks.

     Learning Objectives:

    • Discuss the top threats stalking healthcare environments from one of the largest and most effective threat research organizations in the world

    • Identify threats targeting your medical devices, your virtual infrastructure, and even patient wearables

    • Explain how hackers and cyber-extortionists are obfuscating their tools and sneaking them into your networks

     
  • Event Information


    Join HHS officials from the Office for Civil Rights (OCR) and the Office of the National Coordinator for Health IT (ONC) for a compliance and cyber threat sharing update in this era of growing ransomware and other cybersecurity threats. Health system victims of ransomware dominate national headlines. Cyber criminals are ratchetting-up their focus on healthcare, only needing to find one weakness; meanwhile CIOs and CISOs work to prevent their institutions from making the next headline. Federal scrutiny of cybersecurity continues to grow as healthcare organizations face increased threats from those intent of infiltrating and disrupting care through cybersecurity attacks. Following presentations by ONC and OCR, you will hear directly from CHIME and AEHIS members concerning their efforts to leverage federal guidance to combat cyber threats.
    ---
    Learning Objectives:
    • Explain the recent OCR ransomware guidance
    • Identify when is a breach is actually a breach
    • Describe federal efforts to spur greater cybersecurity threat sharing information
    • Discuss recent updates from the HHS cybersecurity taskforce
  • Event Information


    Still trying to make heads or tails of Medicare Access and CHIP Reauthorization Act of 2015 (MACRA)? Not sure where to begin with the proposed rule recently published by CMS? MACRA sunsets the existing PQRS, Meaningful Use and Value Modifier programs and wraps them up into a single new program with their own set of requirements, incentives and penalties. This webinar will outline what CIOs and their staff need to know about the new physician payment system, the technology needed to support the new program and an overview of the proposed rule. CMS staff will explain the nuts and bolts of the new program and detail the proposal they have laid out under “Advancing Care Information”, the piece of the program intended to replace Meaningful Use for clinicians. In addition, hear from our reactor panel on what this means for hospitals and how CIOs can navigate this new world. Got questions on MACRA? Send them in to our new public policy email. We’ll do our best to get these answered on the webinar.
  • Event Information


    This session will present threat research and dive into the unique set of challenges for health IT executives. In addition, the speakers will outline an advanced threat protection framework – a simplified security approach designed to ensure a continuous cycle of improved protection, detection and mitigation against sophisticated healthcare cyber threats from datacenter to endpoint.
    ---
    Learning Objectives:
    • Identify why the healthcare industry was pummeled by data breaches in 2015
    • Discuss why conventional firewall protection is no longer enough
    • Identify operational counter measures being used today and their relative effectiveness
    • Examine emerging trends and technologies that can be deployed to help protect your network and thwart future attacks
     
  • Event Information


    There’s a lot of discussion and buzz around building a “Software Defined Data Center” (SDDC) these days. But, what does it REALLY mean to be “Software Defined?” And, why are more and more of the leading healthcare organizations across the nation taking this approach? Join Michael Feld, Interim CTO of Baystate Health, to hear how he pioneered the “Software Defined” concept within his organization. He’ll share how Baystate Health was able to achieve greater security, agility and ability to control costs.
    ---
    Learning Objectives:
    • Discuss what a “Software Defined Data Center” truly means, and specifically for healthcare IT organizations
    • Explain Baystate Health's SDDC approach
    • Analyze the results of the model, which includes enhanced user experience while controlling costs and streamlining administration
    • Describe what micro-segmentation is and how it can simplify and improve your network security
    • Discuss the notion that improved security doesn’t need to impact convenience and availability
     
  • Event Information


    Engaging patients and their families is a major goal of every provider. This will only continue with changing payment models, Meaningful Use, movement toward the medical home and increased consumer involvement in care delivery. The ability to provide effective patient engagement requires tight integration of technology, security and software services spearheaded by senior IT Leaders.  Today and in the future, patient engagement must be a key component of the organization’s business plan and IT strategic and tactical plans.  This session explores effective ways to support patient engagement and ways to identify innovation opportunities.
    ---
    Learning Objectives:
    • Discuss IT perspectives and lessons learned in providing effective support for patient engagement initiatives
    • Identify ways that senior IT Leaders can collaborate to ensure the organization’s patient engagement strategies meet the needs of the end users and the community
    • Discuss the future of patient engagement and ways senior IT Leaders can prepare today to support this evolving and dynamic industry initiative
  • Event Information


    Health Care has traditionally lagged behind other sectors when it comes to cybersecurity. How do we assess our security programs, plot a course to greater maturity, and rapidly implement necessary changes to effectively safeguard the data?
    ---
    Learning Objectives:
    • Identify the best process for assessing the maturity of your organization’s cybersecurity program
    • Describe a prioritized roadmap, based on risk, to close the gaps identified through the maturity assessment
    • Explain how using the roadmap can lead to rapid transformation of your organization’s cybersecurity program
       
  • Event Information


    Today, senior IT Leaders are be expected to be expert change agents focusing on workflow and processes in addition to technology and systems.  Deployment and managing of technology and systems can only be effective with focused attention on the intersections of people, and process and technology. This includes understanding the impact that technology has on operational processes, clinical practice and staff roles. This session explores integrated change management principles and stakeholder involvement with technology deployment.
    ------
    Learning Objectives:
    • Describe the characteristics of an effective change agent and key principles for success with technology and systems deployment
    • Identify key challenges and pitfalls that can occur when change management is not effectively used and discuss proactive ways to minimize these issues
    • Discuss case study scenarios of effective change management approaches that resulted in successful systems and technology deployment with satisfied end users
     
  • Event Information


    Cyber security is a multi-faceted issue that changes almost daily. To be successful, one must consider the path to success a journey where obstacles can pose the greatest learning opportunity. This session will take you along on one organization’s “security journey”. Specifically, the presenter will address the organization’s progression of change to enhance security, its current committee structure and the challenges they still face. Finally, the plans for adding a CISO role will be discussed along with how the organization plans to enhance their security program in the future.
    ---
    Learning Objectives:
    • Identify the “layers” that have been added to strengthen the organization’s security program
    • List essential key elements to include in your security program including knowing your PHI and regulatory hot button issues
    • Discuss the integration of a CISO role into the existing IT staff
     
  • Event Information


    It is hard to defend your healthcare systems if you do not understand the threats, vulnerabilities, and adversaries. Simply subscribing to vulnerability and threat intelligence feeds often result in huge amounts of data without useable or actionable information to help mitigate attacks against our assets. This session will describe the methods used by Seattle Children’s Hospital and show how carefully correlated and contextual threat intelligence can provide understanding about what controls to implement to help mitigate the risk of unauthorized use, access, or disclosure.
    ---
    Learning Objectives:
    • Discuss new threat spectrum and abilities of our adversaries
    • Identify what information security practices sets can reduce the risk of a breach
    • Explain the importance of board level involvement and review of information security risks
  • Event Information


    In a recent study, analysts put healthcare security under the microscope and identified that insider snooping jumped from 15% in 2014 to 20% in 2015. In addition, the HIMSS Report: Security of Patient Data, reveals that 91% of healthcare organizations review audit logs, but 84% do it manually.  The primary reason for the increase in data breaches is that we fail to accurately assess the risk of the insider threat to protect patient trust. This loss of patient trust has major impacts. In addition to the financial penalties, a recent study by Harris Interactive found that 2 out of 3 US adults would not return to a hospital if their information were stolen. This session discusses the key elements to protect patient trust and your bottom line by learning a new approach for battling the insider threat of data breaches. Key elements of a successful patient privacy compliance program will be discussed, including policies, procedures, technology, and culture.
    ---
    Learning Objectives:
    • Analyze four elements that reduce the risk of a data breach and provide a solid foundation for securing patient privacy and preventing insider breaches
    • Identify the insider threats in your patient privacy program
  • Event Information


    The Centers for Medicare & Medicaid Services (CMS) released of the Final Rules pertaining to participation in the EHR Incentive Program for 2015 through 2017 and Stage 3. Elisabeth Myers, Policy Lead for Health Information Technology at the Centers for Medicare & Medicaid Services (CMS), will discuss the requirements set forth by the Meaningful Use Modifications Final Rule. Also, learn what must be in place for the 2015 program year and other key provisions that take effect in 2016. Further, CMS will outline how the Merit-based Incentive Payment System (MIPS) will impact hospitals when it goes live for physician payment in 2017. CHIME leaders will also discuss reactions and share recommendations for the successful compliance with the rule that must be in place for the 90-days of 2015.
    ---
    Learning Objectives:
    • Explain the Meaningful Use Program requirements for 2015 through 2017
    • Differentiate between previous requirements and final mandates for 2015
    • Discuss how the Merit-based Incentive Payment System (MIPS) will impact hospital participation in Meaningful Use
  • Event Information


    As the Office for Civil Rights (OCR) readies itself for the go-forward HIPAA audit program, recent updates from OCR Director, Jocelyn Samuels, and Iliana Peters, OCR Senior Advisor for Compliance and Enforcement, provide new information about the OCR HIPAA Audit Program. In this session, we will cover these important Audit Program updates and offer guidance as to how to integrate the updates into your HIPAA program efforts. How do you prepare for an audit? What might the new OCR audit protocol address? How do you integrate critical audit readiness activities with the ever-emerging new requirements of your data protection programs generally?
    The time has come to kick your HIPAA compliance programs into a higher gear and initiate formal audit readiness activities. We anticipate that the OCR will make up for lost time and move quickly to get the audits underway.
     ---
     Learning Objectives:
    • Discuss learnings from the HIPAA Compliance Audit Program update
    • Explain the absolute “latest and greatest” on the OCR HIPAA Audit Program and how your organization can prepare and maintain a posture of audit readiness
    • Identify a step-by-step approach into the OCR HIPAA Audit Program and how to mitigate compliance gaps
    • Describe risk measurement and evolutionary process improvement to support continuous audit readiness
    • Discuss  the content and structure of the OCR HIPAA Audit Entity Questionnaire
  • Event Information


    Simply meeting the current requirements to safeguard sensitive information is taxing most organizations and especially healthcare entities.  As more and more data is coming online with new applications storing it on new geographically dispersed media and large numbers of distributed access / end points, privacy, security and compliance teams are being heavily taxed to safeguard this information.  The two key challenges for organizations, then, are to bridge two gaps: 1) the communication gap between privacy, security, compliance and information risk management teams and the board and executives so that informed resource discussions can take place; and, 2) the gap between the current state of tactical, technical spot-welding and establishing and maturing a more strategic, business-oriented and architectural approach. This session is designed to help CEs and BAs understand and act on the importance of maturing an information risk management program.
    ---
    Learning Objectives:
    • Discuss practical, tangible actions that your organization can take to establish, implement and mature its information risk management program
    • Explain the concepts of maturity models in general and an information risk management maturity model in particular
    • Analyze your current level of information risk management maturity through an online self-assessment
  • Event Information


    Compliance assessment? Security Evaluation? Risk Assessment? Risk Analysis? Compliance Analysis? Just what does the HIPAA Security Final Rule and/or The HITECH Act and/or Meaningful Use Final Rule require? Numerous experts have advisedthat the best way to get started with your compliance program is to take stock of where you are today.  Unfortunately, the advice includes many terms used interchangeably, such as:  Compliance Assessment, Security Evaluation, Risk Assessment, Risk Analysis and Compliance Analysis.  This webinar ends the confusion, identifies the types of evaluations required by the HIPAA Security Final Rule (and Meaningful Use Stage I and Stage 2 Requirements) and explains the differences.
    ---
    Learning Objectives:
    • Explain the difference between these two Security Rule Evaluation requirements
    • Identify proven approaches to completing these evaluations
    • Discuss step-by-step instructions for compliance assessments and risk analysis
  • Event Information


    Healthcare organizations, and the industry in general, are learning systems that are constantly evolving and improving based on new information and insight. Data are the building blocks of information and insight. Today’s healthcare reform initiatives, and our increasingly analytics driven requirements, practically require that every health system have a tailored data governance approach to align its data strategy with its organizational structure, culture, mission and strategic plan. In this session, the presenters will introduce key data governance principles, the fundamentals of a data governance program, and offer practical guidance on how to begin and/or advance the conversation about data governance with fellow stakeholders. A data governance program roadmap and maturity model will be addressed as well.
     ---
    Learning Objectives:
    • Discuss the dimensions of strategic information management and how they inform data governance
    • Identify the fundamental elements of a data governance program
    • Explain data governance principles that serve as a prerequisite to information governance
    • Describe a step-process for developing a data governance roadmap
    • BPI Showcase – Now CPI Showcase Webinar

    • Start: 08/12/2015 11:00 am
    • Event Type: Archived , CXO Forum
    • Session Speaker(s):

      Kevin ClearyVice President, Foundation & Education Foundation
      Jessica HadleyDirector, Foundation
      Alaina GullettSpecialist, Foundation Membership

    • Please login or become a member to register.

    Event Information


    CHIME is most proud to offer our Foundation firms and healthcare CIOs the opportunity to display their successful collaborative efforts at the upcoming CHIME Performance Institute (CPI) Showcase (formerly known as the Best Practices Institute (BPI) Showcase). The CPI showcase will be taking place at the Fall CIO Forum this October in Orlando.--- Premier and Standard members can secure a CPI Showcase table at no cost, with Associate members and Affiliate Subscribers supporting the showcase with a nominal sponsorship fee.--- It’s an opportunity for additional exposure at the year’s largest healthcare CIO event, and it’s easy:
    1. Reserve your Showcase table with a title/summary of your white paper, and a signed CPI Showcase agreement by 8/21/15
    2. Submit your collaborative white paper by (date)
    3. Ship any materials that you’d like to have on your showcase table
    --- That’s it! Foundation staff wants to make certain our Foundation representatives are informed and taking advantage of this tremendous opportunity, which is why we strongly recommend all of our Foundation representatives attend a brief webinar review. Jessica, Alaina, and I (Kevin) will be covering all the details regarding this year’s CPI Showcase and answering any questions you may have.
  • Event Information


    The inaugural AEHIX Fall Forum, exclusively for members of the AEHIA, AEHIS and AEHIT associations, provides a unique opportunity for IT leaders to network and collaborate with industry colleagues from the ever-growing applications, technology and security sectors of healthcare. AEHIX15 will address tools and concepts for tackling challenges in each of these three areas, as well as emerging trends and success stories. Attendees will engage with fellow IT professionals on topics including change management, patient engagement, analytics and cybersecurity. Exploration of key senior leadership skills will also be a primary focus of the program to help attendees develop professionally in their individual roles as well as for overall success within their organizations in providing quality patient care services. --- Attend this special one-time webinar to learn about the history of these associations, the value you will gain from association membership and ways to maximize your membership benefits. Learn more about the AEHIx Fall Event, October 8 and 9 in Orlando, FL., so you can be a part of this inaugural event with your peers and colleagues.
  • Event Information


    Given the plethora of breaches that target the healthcare industry, and with BAs accounting for a disproportionately large percentage of all HIPAA breaches involving 500 or more individuals, it is a necessity that CEs appropriately manage their business associate risks.  Simultaneous with BAs becoming statutorily obligated to comply with the Privacy, Security and Breach Notification Rule, the rules themselves strengthened the language around managing downstream BAs, sub-BAs, etc.  Given these changes, CEs, BAs, sub-BAs, sub-sub-BAs, etc now must all have both compliance risks and actual breach risks to address. This session is designed to help CEs and BAs understand and act on the importance of managing business associate risks.
    ---

    Learning Objectives:

    • Review the specific regulatory requirements for BA management
    • Create an outline of strict requirements for Business Associates and their BAAs
    • Develop a Vendor/Business Associate Management Program Plan
                         
  • Event Information


    This presentation will examine the history of security focuses, from physical, to technical, to administrative, and how a once compartmentalized approach is giving way to more organizational-centric tactics. Areas of discussion will include an evaluation and comparison of historical security trends versus modern-day considerations, security specifications as evaluated by internal Covered Entities versus third-parties versus OCR audits, and recommendations for improving or supplementing existing security programs.
    --
    Learning Objectives:
    • Discuss the differing perceptions of security from executives through team members
    • Identify the individuals, departments, and levels of responsibility for security within an organization
    • Describe strategies to promote a culture of security to develop a change in the organizational mindset
  • Event Information


    With HIPAA Final Omnibus Rule in full effect, Covered Entities and Business Associates and their subcontractors—effectively all entities that create, receive, maintain or transmit electronic Protected Health Information—are statutorily obligated to comply with the HIPAA Security Rule requirement to complete a formal, periodic HIPAA Security Rule compliance evaluation.  This session will present strategies to help organizations from the largest CEs and BAs (e.g., hospitals, insurers, care management firms, etc) to the smallest BAs and subcontractors (e.g., small medical practices, clinics, dental offices, medical billing companies, IT companies, etc.).  You will receive practical, actionable advice and approaches to assessing your security compliance program as well as the actual security it provides your data. ---  Learning Objectives:
    • Examine the OCR audit protocols which describe what the OCR would be looking for
    •   Discover how to evaluate your compliance with the law
    •   Identify practical, actionable steps to take today to mitigate risk and help assure compliance
    • Meaningful Use Stage 3 Proposed Rule Requirements

    • Start: 04/29/2015 12:00 pm
    • Event Type: Archived , College LIVE
    • Session Speaker(s):

      Elisabeth Myers, Policy & Outreach Lead, Division of Health Information, Technology, Centers for Medicare & Medicaid Services
      Pam McNutt, FCHIME, LCHIME, Sr. Vice President & CIO, Methodist Health System
      Albert Oriol, MBA, CIO, Rady Children's Hospital-San Diego
      Howard Landa, MD, CMIO, Alameda Health System

    • Please login or become a member to register.

    Event Information


    During this session, The Centers for Medicare & Medicaid Services (CMS) will present on the Meaningful Use Stage 3 proposed rule for the EHR Incentive Programs. CMS subject matter experts will discuss proposed Stage 3 requirements that would take effect beginning in 2017.  CHIME and AMDIS leaders will also discuss reactions and share recommendations for the rule.
    Learning Objectives:
    •   Explain proposed Stage 3 program requirements
    •   Differentiate between previous requirements and proposed Stage 3

     
    • myChime: Creating a Strong Network

    • Start: 03/19/2015 12:00pm
    • Event Type: AEHIS LIVE , Archived , College LIVE
    • Session Speaker(s):

      Kristen Cooper, myCHIME Community Manager, Next Wave Connect
      Rob Cothron, Director, Associations Relationships & Product Development, Next Wave Connect
      Michelle Patterson, Interim Director of Membership, CHIME
      Pam Matthews, Vice President Education & Business Development, CHIME

    • Please login or become a member to register.

    Event Information


    Learn how to leverage myChime in this 30 minute webinar in connecting with colleagues, leveraging the community directory and engaging in communities. This session will include tips and guidelines in crafting a meaningful post to maximize your engagement.

    ---

    Learning Objectives:

    • Discuss ways to locate and connect with others to broaden your networking opportunities
    • Explore the Community Directory feature and tips on maximizing your engagement with communities
    • Review guidelines in writing meaningful posts
    • myChime: Your Online Presence and Experience

    • Start: 03/12/2015 12:00pm
    • Event Type: AEHIS LIVE , Archived , College LIVE
    • Session Speaker(s):

      Kristen Cooper, myCHIME Community Manager, Next Wave Connect
      Rob Cothron, Director, Associations Relationships & Product Development, Next Wave Connect
      Michelle Patterson, Interim Director of Membership, CHIME
      Pam Matthews, Vice President Education & Business Development, CHIME

    • Please login or become a member to register.

    Event Information


    Take the next step in using myChime! This 30 minute webinar will demonstrate how to update and maintain your profile, ways to protect your privacy, and where to check in on the site for the latest happenings and new information.

    ---

    Learning Objectives:

    • Discuss best practices with profile maintenance
    • Identify options to ensure privacy leveraging the tool’s privacy settings
    • Discuss ways to access and use new information through the notification center
    • Getting to Know the New myCHIME

    • Start: 03/05/2015 12:00pm
    • Event Type: AEHIS LIVE , Archived , College LIVE
    • Session Speaker(s):

      Kristen Cooper, myCHIME Community Manager, Next Wave Connect
      Rob Cothron, Director, Associations Relationships & Product Development, Next Wave Connect
      Keith Fraidenburg, EVP & Chief Strategy Officer, CHIME
      Michelle Patterson, Interim Director of Membership, CHIME
      Pam Matthews, Vice President Education & Business Development, CHIME

    • Please login or become a member to register.

    Event Information


    This introductory overview will answer the question "Who is Next Wave Connect? & Where did they come from?" A full demo of the new myCHIME will illustrate features and ways this tool can be used to support your networking and knowledge sharing activities. This session includes time for questions from you – the end user!

    ---

    Learning Objectives:

    • Review the general functionality of myCHIME including features and ways to leverage the tool
    • Discuss the partnership between Next Wave Connect and CHIME that drove the development of myCHIME.
  • Event Information


    With political swings in the Senate, new agency leadership at ONC / CMS and new Members of Congress, 2015 promises to be a big year for health IT policy. New cybersecurity policy, Meaningful Use uncertainty, ICD-10 and the role of the FDA in regulating EHRs are just a few of the current issues facing the healthcare industry. Bring your questions to CHIME’s first quarterly debrief from the Nation’s Capitol. Join CHIME’s Vice President for Public Policy Jeff Smith and CHIME’s Director for Congressional Affairs Leslie Krigstein for a look ahead to the issues that will be driving Washington in 2015.

    Learning Objectives:

    • Discuss updates on trending health IT policies in Congress and the Administration
    • Identify which policy priorities CHIME will be following in 2015
    • Discover opportunities to join CHIME’s Public Policy initiatives
  • Event Information


    Cyber attacks threaten private and sensitive data, contribute to financial losses and affect the reputation of the organization.  Staying ahead of the latest security threats and methods is a full time job requiring a robust strategy that includes not only the most secure hardware, but buy-in from all users and external partners with access to information.  In this webinar, two organizations will review the current landscape, share their cyber security best practices, including recent security threats and the response. --- Learning Objectives:
    • Review the areas of your organization that are affected by a breach and why a comprehensive strategy is crucial Identify the parties that have access to your organization’s data and how your strategy should consider the various ways information is accessed
    • Discuss how to safeguard hardware including workstations and internal and external servers
    • Discover how to foster a culture at your organization that encourages users to remain compliant with security policies
  • Event Information


    Hospitals need a comprehensive approach to security when contracting with IT vendors. This session will cover the five key areas to address in your contract negotiations with your vendors to mitigate the risk of cyber security attacks and other data security breaches. These 5 areas include: Security standards and certifications, security frameworks, information security officer certifications, cyber insurance requirements, and SOC audits.  If you missed this popular session at CHIME14, mark your calendar to join us! --- Learning Objectives:
    • Describe a holistic view and approach to cyber security
    • Identify key cyber security provisions to negotiate with your technology vendors
    • Discover negotiation tactics commonly used by vendors in their negotiations with customers
    • Learn best practices for managing outsourcing, hosting and "cloud computing" issues
  • Event Information


    A successful cyber security strategy is one that is embraced and supported throughout the organization- it’s not just about technology!  This session identifies the key components of a cyber security strategy including both operational and technical components as well as approaches for plan monitoring, security controls, metrics and breach practices.  If you missed one of the Cyber Security LEAD Forums this year, mark your calendar to join us for this webinar and hear two speakers from the New York event. --- Learning Objectives:
    • Discover the key components of a robust cyber security strategy, tactical plan and corresponding metrics
    • Discuss an organization’s role and responsibilities to ensure success of the plan and the intersection of policies and procedures with cyber security
    • Identify best practices for deployment and management of cyber security plans and ways to anticipate new and emerging threats
    • Learn approaches for breach preparation and breach management
  • Event Information


    Today’s system developers and implementers want to ensure their software applications comply with all applicable standards and specifications while being interoperable and functional with other software applications, technology environments  and systems supported within the provider environment.  While industry wide published standards are commonly used, organizational approaches to testing can vary greatly and impact many areas of a provider’s IT ecosystem.  All too often, system testing is done once and set aside, and does not address sustainable interoperability effectiveness. There is a real need to support multiple versions of specifications at the same time to ensure your organization’s systems are both backward compatible and future proof. This concept is a key pillar of "Continuous Interoperability."   In this webinar, hear from industry thought leaders on the importance of scaled interoperability, the challenges and issues with sustainable interoperability, effective testing practices and approaches as well as ways an open source solution can successfully support provider activities. --- Learning Objectives:
    • Discuss the Healtheway Compliance Testing Body (CTB) Certification process for the eHealth Exchange
    • Identify key factors that makes interoperability testing difficult, yet so essential
    •  Discover ways improved testing efforts supports overall success of HIT implementations and EHR optimization
  • Event Information


    This session is designed to equip participants with essential information risk management principles and tenets based on the NIST framework and – just as importantly – with a critical starter set of information to establish, implement and mature a strong, ongoing Information Risk Management program. Attendees will leave with actionable tools to advance their information risk management programs to the next level. --- Learning Objectives
    • Discover how and why healthcare is the next cyber security battleground
    • Describe the five key best practice areas of an information risk management program
    • Learn that your case for action is compelling – there is much to lose and great potential harm
    • Understand that you cannot “check-list” your way to information risk management success
    • Learn how to guide the organization to a path of continuing improvement in risk management processes, encouraging advancement in the maturity of their risk management practices
  • Event Information


    OCR has announced that Risk Analysis and Risk Management are now centerpiece concerns and their area of focus in the next rounds of enforcement action. This isn’t really a surprise…68 percent of audited organizations in Phase 1 Audits had adverse findings related to risk analysis. And, every single organization entering into a Resolution Agreement and Corrective Action Plan after an OCR investigation was cited for failing to properly analyze and manage key security risks as specifically required under HIPAA and HITECH regulations.  Is your Risk Management plan strong enough to withstand an OCR Audit?  This session is designed to equip participants to conduct a bona fide HIPAA Security Risk Analysis and Risk Management based on the NIST framework and – just as importantly – implement a strong, ongoing Risk Management program. Attendees will leave with actionable tools to advance their information risk management programs to the next level. --- Learning Objectives:
    • Identify what true Risk Analysis and Risk Management entails, based on the explicit guidelines in from HHS/OCR and the NIST Security Framework
    • Discuss how to conduct Risk Analysis and Risk Management
    • Discover how to help management make informed decisions about Risk Analysis and Risk Management
    • Learn how to guide the organization to a path of continuing improvement in Risk Management processes, encouraging advancement in the maturity of their Risk Management practices
  • Event Information


     

    A recent industry report found that on average healthcare only had an average 45% conformance with the NIST CSF controls. Join this Live event to hear David Finn of CynergisTek provide an overview of some of the trends from this groundbreaking report and what we can do to improve as an industry.

     

    Learning Objectives:

    Identify what types of healthcare organizations had the highest and lowest conformance ratings.

     

    Analyze the scores across all five Core Elements of NIST CST to identify which controls healthcare is most in conformance with and which ones need the most improvement.

     

    Strategize how we as an industry can improve our conformance with NIST CSF and improve our readiness to respond to a cyber event.