All events are in Eastern Time (ET) unless otherwise noted in the event description.

    • Staying One Step Ahead of OCR

    • Start: 08/24/2018 11:00am
    • End: 12:00pm
    • Event Type: AEHIS LIVE
    • Session Speaker(s):

      ​Brian Selfridge CISSP, HITRUST, ITRM Partner, Meditology Services                                                                                Kevin Henry MBA, CISSP, HCISPP, HITRUST, ITRM Manager, Meditology Services

    • Please login or become a member to register.

    Event Information


    OCR enforcement activity is up. The 2017 OCR-issued report revealed there is significant area for improvement in Risk Analysis, Risk Management and Privacy Controls and Communication. Join this Webinar to hear how peer health organizations are responding to the increased scrutiny by the OCR.

    • Learn how peer health organizations are responding to the increased scrutiny by the OCR as evidenced by increased enforcement activity.
    • Learn how peer health organizations are using Security Risk Registers and Business Associate Inventories to help healthcare entities in understanding security and privacy compliance gaps.
    • Other areas to address in OCR enforcement include Privacy Program and Breach Notification Improvements. Speakers will present specific examples of appropriate processes and sticking points often uncovered in OCR audits.
  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information


      This session will provide attendees with tactical and effective strategies related to cybersecurity incident response. Many organizations today, despite their best efforts, are dealing with cyber-attacks that are fast moving and overwhelm currently accepted incident response best practices.  During this session you will learn about: The difference between an incident response plan and platform. Violent and Fast Moving Attacks The Need For and Use of Protocols and Immediate Action Drills Myths and Fallacies Related to Incident Response Tips on the Integration of IR and Emergency Management Teams Pre-Planning Activities Critical to an Incident Outcome (Use of Partners, Law Enforcement, etc.) Network Architecture Impact on Incident Response  
  • Event Information


    A comprehensive overview of the Association for Executives in Healthcare Information Security (AEHIS) for new members and existing members alike. Membership Director Zach Donisch will cover AEHIS' mission and direction, the "who's who" of the AEHIS team, and the major membership benefits and ways to access them.

  • Event Information


    A new member benefit is coming your way! The Cooperative Member Services program, managed by CHIME Technologies, Inc., is expanding to be offered to AEHIS members. The Cooperative Member Services program helps members stretch budgets by providing access to exclusive packages and discounts from Foundation firms. Learn more about this exciting new benefit by joining the informational webinar!
  • Event Information


    This session looks into how a large Healthcare provider (Encompass Health) developed actionable tactics, techniques and procedures from their Information Technology Incident Response Plan to successfully operate a small internal response team 24/7 with the support of a managed security services provider.

     

    We will dive into details on how we applied an objective decision matrix to standardize response actions across the response team members and the MSSP. Then we will discuss some methods used to continually evaluate and improve the overall Incident Response process.

    Learning Objective:

    Develop an executable strategy within your Incident Response Plan

    IR process improvement and keeping pace with the threats

  • Event Information


     

    News articles and conference presentations around information security are typically focused on keeping outsiders outside the IT infrastructure. But what do you do once someone with malintent gets inside? What if the threat originated from an insider? And how would you mitigate insider risks beyond awareness and training? It turns out, these issues are on the minds of many healthcare providers according to a new SailPoint study.

    A new survey of health IT professionals indicate how how hospitals and health systems perceive and manage insider threats to cybersecurity. In this presentation, we discuss the results of the study and how to leverage identity governance to address this issue.

    Learning Objectives:

    Learn what concerns you peers and how are they preparing against insider threats.

    Understand why insider threats pose serious security risks

    Discover how identity technology is evolving to address insider threats

     
  • Event Information


    This webinar will provide an overview of Incident Response and Recovery practices and processes to prepare an attendee for the Fall Summit Incident Response Table Top Exercise. The webinar will review specifics of an IR Plan including required Policy and Procedures. Staff considerations to build an IR plan will be reviewed. Recommended leading practices including playbooks, processes and steps to take to secure an organization with an Incident Response Plan will be discussed.

    Learning Objectives: 1) Introduction into incident response and recovery including terminology. 2) Key items in an IR plan, including policy and procedures. 3) Information sharing and staffing considerations when building an IR plan. 4) Developing IR playbooks and processes and a sample template reviewed. 5) Four key steps to working through an incident (pre, ongoing, and post).

  • Event Information


    How are healthcare provider organizations addressing cybersecurity challenges. As SailPoint continues investing in and expanding on their healthcare practice, there is a need to better understand the evolving requirements and drivers of healthcare security and IT professionals.

     
    The following SailPoint objects are designed to help us:
    1) Understand level of concern around NIST guideline 800-63-1 (Identity proofing and multi-factor authentication requirements for e-prescription drugs)
    2) Learn how HITRUST certification gets factored into IT/security buying decision
    3) Discover the provider perspective on where identity fits into their overall cybersecurity program
  • Event Information


    How are healthcare provider organizations addressing cybersecurity challenges. As SailPoint continues investing in and expanding on their healthcare practice, there is a need to better understand the evolving requirements and drivers of healthcare security and IT professionals.

     
    The following SailPoint objects are designed to help us:
    1) Understand level of concern around NIST guideline 800-63-1 (Identity proofing and multi-factor authentication requirements for e-prescription drugs)
    2) Learn how HITRUST certification gets factored into IT/security buying decision
    3) Discover the provider perspective on where identity fits into their overall cybersecurity program
  • Event Information


    Every day, patients share Personal Health Information (PHI) that becomes permanent documentation in Electronic Health Records (EHRs) - yet how reliable are the controls in place to ensure continuous privacy?

    While budget and staffing are often recognized as the biggest issues in healthcare IT, security is actually at the forefront of building a successful practice. Fostering trust and confidence is essential to delivering on the promise of quality patient care. To meet these challenges, organizations must either increase budget and personnel or invest in agile automation.

    Learning Objectives:
    • The widening threat landscape for unmanaged medical devices and EHR breaches
    • How to secure EHRs containing PHI at scale
    • How to handle unmanaged medical devices operating on your network
    • The benefits of investing in crypto-agile automation tools aimed at enhancing patient experience
  • Event Information


  • Event Information


    This session would demonstrate the advanced security features of Office 365 Advanced Threat Protection and the use of Power Shell Commands.

     

    Learning Objective:

    • Understanding the how threats are created
    • Why your staff are one of your biggest vulnerabilities
    • Just because you can't see it - doesn't mean it's not happening
    • What is available in Office 365 for mitigating threats
    • Options in configuration of Office 365 ATP