All events are in Eastern Time (ET) unless otherwise noted in the event description.

    • AEHIS CISO Virtual Cybersecurity Symposium™ – HIPAA 101 (On-Demand)

    • Date: 05/16/2017
    • Start Time: On Demand
    • Event Type: Webinar
    • Session Speaker(s):

      Mary Chaput, MBA, HCISPP, CIPP/US, CIPM, Chief Financial & Compliance Officer – Clearwater Compliance
      Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US, CEO & Founder – Clearwater Compliance
      Jon Stone, MPA, PMP, HCISPP, VP, Product Innovation – Clearwater Compliance

    • Please login or become a member to register and view archived sessions.

    Event Information


    Designed for CISOs, the AEHIS CISO Virtual Cybersecurity Symposium™ is being offered exclusively to AEHIS members and was especially developed for our members. The curriculum focuses on the most pressing issues facing covered entities and business associates today as defined by the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) and responds to the intensifying focus on risk analysis and risk management.
    ---
    LEARN MORE
    On-Demand HIPAA 101 Session Learning Objectives:

    - Demonstrate a working knowledge of the fundamentals of the HIPAA regulations

    - Explain the history of HIPAA and HITECH and what motivated the creation of these regulations

    - Identify sources of liability other than HIPAA for CEs and BAs

    - Articulate the types of organizations which have experienced breaches and complaints

    - Explain to colleagues and management recent statistics related to breaches of PHI

    - Describe the relationships between the privacy, breach notification and security rules

  • Event Information


    Privacy and security for healthcare systems involves a coordination of product, process, and personnel. Many organizations are successfully tackling the acquisition of hardware and software products while evolving policies and procedures. Yet, beyond basic HIPAA compliance, awareness and education of personnel across the enterprise remains inadequate. Every member of the workforce has accountability when it comes to reducing cybersecurity risks, however few organizations are measuring employee behavior and using that information to reduce risk at a low cost. Building a repeatable approach to measurement and determining simple representations of those results to be consumed by the board, leadership and in some cases, the workforce at large, can act as a catalyst for improvement and personal level accountability for protection of PHI and ePHI.
  • Event Information


    For those who have managed security, capturing budget support for an investment in security is one of the most difficult challenges we have.  Security, while central to all of us, is often viewed as discretionary by other business managers, or mandated not-called-for by the business.  Competition for dollars is fierce in healthcare, and the justification for the expense needs to be strong, especially when associated with a non-revenue-producing line item.  That pressure for valuation of line items or expenditures is not likely to decrease in the uncertain times ahead with replacement of the Affordable Care Act.  There are successful strategies and techniques for engaging in this battle for funds.  This discussion will use several case studies provided by CHIME and AEHIS members to lay the foundation for a group discussion.  This is a virtual Town Hall meeting and we are counting on all of you who attend to make that happen.  

     

    Learning Objectives:

    1. Hear how to develop and present a viable business case for security expenditures

    2. Demonstrate how investing in security enhances the overall business strategy

    3. Review real world case study examples and lessons learned

     

  • Event Information


    The pressures faced by healthcare IT administrators are unique, since hospitals and related care centers often represent distributed and decentralized infrastructures with complex data paths. For example, what works for securing a centralized hospital data center might not work for a series of physician practices; what works on a hospital-owned and controlled smartphone or tablet might not translate well to a BYOD environment at a remote clinic. Healthcare IT and security leaders are faced with the daunting task of optimizing their security posture to minimize risks associated with new distributed models of care while simultaneously dealing with a whole new generation of cyber-crime. This session will explore the unique set of cybersecurity challenges in healthcare today, distinguishing true threats from simple noise. Recognizing the difference is crucial for IT leaders to provide hardened, yet flexible data protection measures to ensure the safety and usefulness of patient data without getting in the caregivers’ way.

     

    Learning Objectives

    • Describe security threats pummeling the healthcare industry, along with the financial and brand impact on healthcare providers
    • Identify how to align security to the business model by building a workable, sustainable security infrastructure that benefits all providers and staff
    • Discuss how one IT team was able to bring renewed confidence in protecting patient information to its large integrated healthcare delivery system
    • Describe emerging trends in holistic security practices to help protect healthcare organizations and thwart future attacks

     

    • AEHIS CISO Virtual Cybersecurity Symposium™ – Session 1

    • Date: 07/06/2017
    • Start Time: 12:00 pm
    • End Time: 02:00 pm
    • Event Type: Webinar
    • Session Speaker(s):

      Mary Chaput, MBA, HCISPP, CIPP/US, CIPM, Chief Financial & Compliance Officer – Clearwater Compliance
      Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US, CEO & Founder – Clearwater Compliance
      Jon Stone, MPA, PMP, HCISPP, VP, Product Innovation – Clearwater Compliance

    • Please login or become a member to register and view archived sessions.

    Event Information


    Designed for CISOs, the AEHIS CISO Virtual Cybersecurity Symposium™ is being offered exclusively to AEHIS members and was especially developed for our members. The curriculum focuses on the most pressing issues facing covered entities and business associates today as defined by the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) and responds to the intensifying focus on risk analysis and risk management.
    ---
    LEARN MORE
    Session 1 Learning Objectives:

    Overview of the NIST Cybersecurity Framwork (CSF) and NIST Process

    - Develop basic knowledge of the NIST CSF

    - Describe the four-step NIST information risk management (IRM) process

    - Access NIST and other resources to assist CEs, BAs and subcontractors in information risk management

    - Explain the essential steps of establishing, operationalizing and maturing an IRM program

    - Engage with customers and business partners directly on IRM requirements

    How to Calculate the Cost of A Data Breach and Get the Budge for your Information Risk Management Program

    - Gain insights on statistics for assessing the likelihood of a breach or an OCR investigation

    - Understand how to present a compelling return on investment (“ROI”) calculation

    - Learn the potential repercussions of a data breach

    - Determine how to choose cost factors relevant to your organization

    - Prepare to calculate the cost of a date breach specific for your organization

    - Turn the breach cost into a compelling business plan to strengthen your security program

    • AEHIS CISO Virtual Cybersecurity Symposium™ – Session 2

    • Date: 07/13/2017
    • Start Time: 12:00 pm
    • End Time: 02:00 pm
    • Event Type: Webinar
    • Session Speaker(s):

      Mary Chaput, MBA, HCISPP, CIPP/US, CIPM, Chief Financial & Compliance Officer – Clearwater Compliance
      Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US, CEO & Founder – Clearwater Compliance
      Jon Stone, MPA, PMP, HCISPP, VP, Product Innovation – Clearwater Compliance

    • Please login or become a member to register and view archived sessions.

    Event Information


    Designed for CISOs, the AEHIS CISO Virtual Cybersecurity Symposium™ is being offered exclusively to AEHIS members and was especially developed for our members. The curriculum focuses on the most pressing issues facing covered entities and business associates today as defined by the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) and responds to the intensifying focus on risk analysis and risk management.
    ---
    LEARN MORE
    Session 2 Learning Objectives:

    The Critical Difference: HIPAA Security Evaluation vs. HIPAA Security Risk Analysis 

    - Describe three distinct HIPAA security rule evaluation requirements

    - Explain the difference between a compliance assessment and a risk analysis

    - Learn proven approaches to completing these evaluations

    - Utilize step-by-step instructions for compliance assessments and risk analysis

    How to Establish Your NIST-based Risk Management Program 

    - Categorize and describe examples of risk types

    - Learn how to measure risk using risk likelihood and risk impact

    - Learn how to use a process for building a business case for strengthening information security

    - Use Excel template provided to calculate the cost of a breach for your organization

    - Use Word templates to create a charter and standing agenda for your governance, risk and compliance council

    - Use Clearwater “Business and Information Privacy, Security and Compliance Program” AlignmentCheck™ to assess the alignment of your organization’s business strategy with compliance

    • AEHIS CISO Virtual Cybersecurity Symposium™ – Session 3

    • Date: 07/20/2017
    • Start Time: 12:00 pm
    • End Time: 02:00 pm
    • Event Type: Webinar
    • Session Speaker(s):

      Mary Chaput, MBA, HCISPP, CIPP/US, CIPM, Chief Financial & Compliance Officer – Clearwater Compliance
      Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US, CEO & Founder – Clearwater Compliance
      Jon Stone, MPA, PMP, HCISPP, VP, Product Innovation – Clearwater Compliance

    • Please login or become a member to register and view archived sessions.

    Event Information


    Designed for CISOs, the AEHIS CISO Virtual Cybersecurity Symposium™ is being offered exclusively to AEHIS members and was especially developed for our members. The curriculum focuses on the most pressing issues facing covered entities and business associates today as defined by the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) and responds to the intensifying focus on risk analysis and risk management.
    ---
    LEARN MORE
    Session 3 Learning Objectives:

    How to Conduct an OCR-Quality Risk Analysis

    - Understand general regulatory requirements for ongoing risk assessments

    - Explain the difference between compliance and security

    - Cite the specific regulatory requirements for risk assessment

    - Define fundamental risk terminology

    - Explain why risk assessment is a core foundational step

    - Describe the fundamentals of information risk assessment

    - Describe the fundamentals of information risk management

    How to Conduct OCR-Quality Risk Management

    - Understand the regulatory requirements and most effective standards for responding to risk

    - Know the four essential options for effective risk response

    - Evaluate alternatives to reduce risks in terms of effectiveness and feasibility

    - Learn how to make sure risk responses get implemented through tracking new or improved controls and safeguards

    • AEHIS CISO Virtual Cybersecurity Symposium™ – Session 4

    • Date: 07/27/2017
    • Start Time: 12:00 pm
    • End Time: 02:00 pm
    • Event Type: Webinar
    • Session Speaker(s):

      Mary Chaput, MBA, HCISPP, CIPP/US, CIPM, Chief Financial & Compliance Officer – Clearwater Compliance
      Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US, CEO & Founder – Clearwater Compliance
      Jon Stone, MPA, PMP, HCISPP, VP, Product Innovation – Clearwater Compliance

    • Please login or become a member to register and view archived sessions.

    Event Information


    Designed for CISOs, the AEHIS CISO Virtual Cybersecurity Symposium™ is being offered exclusively to AEHIS members and was especially developed for our members. The curriculum focuses on the most pressing issues facing covered entities and business associates today as defined by the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) and responds to the intensifying focus on risk analysis and risk management.
    ---
    LEARN MORE
    Session 4 Learning Objectives:

    How to Implement a Strong, Proactive Business Associate Risk Management Program 

    - Describe who is a business associate and who isn’t

    - Explain why managing business associates is important

    - Explain the expansion of the ‘Chain of Trust’ in healthcare

    - Cite and explain the HIPAA Privacy and Security Rule contractual requirements for business associates

    - Explain the risk rating concept and process for business associates

    - Develop a business associate management program checklist

    - Describe the benefits of a business associate management program

    How to Monitor Your NIST-based Risk Management Program to Comply with Federal Regulations & Industry Standards

    - Learn where monitoring fits into the System Development Lifecycle

    - Know the essential steps of Information System Continuous Monitoring

    - Learn what types of changes are included in continuous monitoring

    - Know the importance of effectiveness monitoring

    • AEHIS CISO Virtual Cybersecurity Symposium™ – Session 5

    • Date: 08/03/2017
    • Start Time: 12:00 pm
    • End Time: 02:00 pm
    • Event Type: Webinar
    • Session Speaker(s):

      Mary Chaput, MBA, HCISPP, CIPP/US, CIPM, Chief Financial & Compliance Officer – Clearwater Compliance
      Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US, CEO & Founder – Clearwater Compliance
      Jon Stone, MPA, PMP, HCISPP, VP, Product Innovation – Clearwater Compliance

    • Please login or become a member to register and view archived sessions.

    Event Information


    Designed for CISOs, the AEHIS CISO Virtual Cybersecurity Symposium™ is being offered exclusively to AEHIS members and was especially developed for our members. The curriculum focuses on the most pressing issues facing covered entities and business associates today as defined by the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) and responds to the intensifying focus on risk analysis and risk management.
    ---
    LEARN MORE
    Session 5 Learning Objectives:

    How to Mature your IRM Program

    - Explain the importance of a mature IRM program and framework

    - Describe the IRM Maturity Model

    - Determine your organization’s current IRM level of maturity

    - Develop a dashboard to highlight unacceptable risk and show progress on mitigating risk

    Now What? Summary & Action Planning

    - Identify immediate next actions for your organization

    - Build your cybersecurity business case

    - Access resources and information provided during the Symposium

     
    • AEHIS CISO Virtual Cybersecurity Symposium™ – Post-Symposium Meet Up

    • Date: 08/16/2017
    • Start Time: 12:00 pm
    • End Time: 01:30 pm
    • Event Type: Webinar
    • Session Speaker(s):

      Mary Chaput, MBA, HCISPP, CIPP/US, CIPM, Chief Financial & Compliance Officer – Clearwater Compliance
      Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US, CEO & Founder – Clearwater Compliance
      Jon Stone, MPA, PMP, HCISPP, VP, Product Innovation – Clearwater Compliance

    • Please login or become a member to register and view archived sessions.

    Event Information


    Designed for CISOs, the AEHIS CISO Virtual Cybersecurity Symposium™ is being offered exclusively to AEHIS members and was especially developed for our members. The curriculum focuses on the most pressing issues facing covered entities and business associates today as defined by the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) and responds to the intensifying focus on risk analysis and risk management.
    ---
    LEARN MORE
    Post-Symposium Meet Up Objectives:

    Address any questions/comments/concerns following the previous sessions

  • Event Information


    The Healthcare CIO Boot Camp™ is an intensive three and one-half day education program offered by the College of Healthcare Information Management Executives (CHIME) taught by a faculty of healthcare CIO thought leaders. Combining presentations, small group discussions, case studies and interactive problem solving, participants learn the real-world skills necessary to become a successful healthcare CIO.
    ---
    Learn more
  • Event Information


    Health IT security leaders are challenged daily with an onslaught of cyber attacks such as malware, ransomware, phishing campaigns, threats to medical devices, and even DDoS attacks. Increasingly complex governmental security regulations further complicate the healthcare CISO’s overall objective of safeguarding the network and protecting patient information. As the threats grow and oversight becomes more necessary, your security practices must align with overall organizational strategies, leveraging the technology and services that will help expand security boundaries. Despite these daunting demands and complex solutions, you have a valuable resource at your fingertips. That resource is, of course, your colleagues! To learn from others in the industry, AEHIS is pleased to announce our inaugural Fall Summit, open exclusively to AEHIS members. The 2017 AEHIS Fall Summit will feature IT security speakers and presentations, and create a collaborative environment to enable you and your team keep your organizations secure and become better leaders in the transformation of healthcare IT. We invite you to take part in this exciting event.   More details coming soon.