All events are in Eastern Time (ET) unless otherwise noted in the event description.

  • Event Information

    Medical device vulnerabilities are top of mind for many healthcare professionals. Whether your medical device security program is non-existent, emerging, or well underway, new approaches to connected asset management are emerging. This webinar will discuss a data driven approach that uses knowledge of an asset’s ability to generate, transmit, and/or store data to inform a classification system which drives a device management program throughout the asset’s total lifecycle. The webinar will cover device discovery, data classification, risk assessment, clinical workflow analysis, policy development, network architecture and ongoing malicious activity detection solutions to help you develop and deliver a more complete medical device program management program.



    Participants will learn how they can gather inventory and security information about the devices on their network without putting healthcare operations at risk.


    Participants will learn how to handle the organizational as well as technical issues associated with the implementation of a medical device security program.


    Participants will learn how to start, or enhance their medical device security and maintain it as an ongoing program for their facility.

  • Event Information


    In this webinar, attendees will hear directly from former OCR Leader and Investigator, Iliana Peters and Compliance and Cyber Risk Management expert, Bob Chaput. Insights will be provided into why so many healthcare organizations struggle to meet the HIPAA Security Rule, particularly Risk Analysis requirements.

    Complying with the HIPAA Security Final Rule involves many steps and considerations. Understanding the critical differences between the HIPAA Security Evaluation required at 45 CFR §164.308(a)(8) and the HIPAA Security Risk Analysis required at 45 CFR §164.308(a)(1) is essential. We will focus on these two evaluations that must completed by law.


    The requirements of the HIPAA Security Final Rule for conducting periodic security evaluations

    The difference between a compliance assessment and a risk assessment

    The HIPAA Security Final Rule civil and criminal penalties

    Practical, actionable steps to complete the evaluations required by law

  • Event Information

    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information

    Designed for Chief Information Security Officers (CISOs), the AEHIS CISO 2018 Virtual Cybersecurity Symposium™ curriculum covers the use and practical application of the NIST Cybersecurity Framework, the NIST process for managing information security risk (based on NIST SP 800-39) and adopting a maturity model to address today’s continuously evolving healthcare providers and their business partners.    A faculty of nationally-recognized, highly-credentialed experts guide attendees through information risk management fundamentals while sharing key insights, hard-won lessons learned and practical tools. Upon completion of the Symposium™, you will understand the fundamentals in cyber liability risk, risk analysis, risk management, business associate management, adoption of the NIST Cybersecurity Framework and much more. These five (5) informative 2-hour sessions will assist you in establishing, implementing and maturing your cyber risk management program.

    Instructional Modules:           

    HIPAA 101 (prerequisite)
    1. How to Establish an Effective Cyber Risk Management Program
    2. How to Calculate the Cost of a Data Breach and Secure The Budget For Your Information Risk Management Program
    3. The Critical Difference: HIPAA Security Evaluation vs. HIPAA Security Risk Analysis
    4. How to Frame Your NIST-based IRM Program
    5. How to Conduct NIST-based Risk Assessment to Comply with Federal Regulations
    6. How to Conduct NIST-based Risk Management to Comply with Federal Regulations
    7. How to Implement a Strong, Proactive Business Associate Risk Management Program
    8. How to Monitor Your NIST-based Risk Management Program to Comply with Federal Regulations
    9. How to Mature your IRM Program
    10. Now what? – Program Summary and Action Planning
    • All registrants will receive:
      • Access to recorded versions of each session
      • Copies of all Presentation Materials
      • A full set of information risk management supplemental materials
      • 30 days of free expert mentorship for ongoing support
    • Staying One Step Ahead of OCR

    • Start: 08/24/2018 11:00am
    • End: 12:00pm
    • Event Type: AEHIS LIVE
    • Session Speaker(s):

      ​Brian Selfridge CISSP, HITRUST, ITRM Partner, Meditology Services                                                                                Kevin Henry MBA, CISSP, HCISPP, HITRUST, ITRM Manager, Meditology Services

    • Please login or become a member to register.

    Event Information

    OCR enforcement activity is up. The 2017 OCR-issued report revealed there is significant area for improvement in Risk Analysis, Risk Management and Privacy Controls and Communication. Join this Webinar to hear how peer health organizations are responding to the increased scrutiny by the OCR.

    • Learn how peer health organizations are responding to the increased scrutiny by the OCR as evidenced by increased enforcement activity.
    • Learn how peer health organizations are using Security Risk Registers and Business Associate Inventories to help healthcare entities in understanding security and privacy compliance gaps.
    • Other areas to address in OCR enforcement include Privacy Program and Breach Notification Improvements. Speakers will present specific examples of appropriate processes and sticking points often uncovered in OCR audits.
  • Event Information


    This session will provide attendees with tactical and effective strategies related to cybersecurity incident response. Many organizations today, despite their best efforts, are dealing with cyber-attacks that are fast moving and overwhelm currently accepted incident response best practices. 

    During this session you will learn about:
    The difference between an incident response plan and platform.
    Violent and Fast Moving Attacks
    The Need For and Use of Protocols and Immediate Action Drills
    Myths and Fallacies Related to Incident Response
    Tips on the Integration of IR and Emergency Management Teams
    Pre-Planning Activities Critical to an Incident Outcome (Use of Partners, Law Enforcement, etc.)
    Network Architecture Impact on Incident Response

  • Event Information