Healthcare Information Governance & Cyber Security Training Workshop


Training Objectives

At the end of this programme, participants would understand key elements of cyber security, information governance and compliance requirements within health and social care. Delegates would have understanding of the strategic approaches at national and local level, risk management, incident management and resilience mechanisms.

Register Now Download Brochure

Instructor of this course

Dr. Elena Beratarbide

PhD, MeHealth, IEng, BComp, BBA, CISA, DPO
National Information Governance and Security Lead for Health and Social Care, Scottish Government (eHealth)

More Detail

This programme will present an overview of the health and social care cyber security and data governance setting. It will provide ideas, information and skills required to manage the risk related to the processing of information in complex health and social care data flows

Delegates would have a better understanding of modern approaches to fighting cyber crime and to provide information assurance through a managed framework (ISMS).

Participants will have the know-how to:

  • Develop information security strategies,
  • Value information as a health and social care asset,
  • Understand and manage the associated risks,
  • Recognize typical cyber security controls and threats,
  • Define continual improvement plans for a healthcare ISMS
  • Understand the regulatory environment
  • Appreciate the human factor in the cyber security safety chain, and identify effective training and awareness campaigns.
  • Appreciate the role of internal audit in providing independent information assurance whilst helping to improve ISMS efficiency.
  • Effectively monitor ISMS progress and demonstrate the ISMS benefits to the healthcare organization and the public.
  • C-Level Healthcare Executives:
    • CEO, CIO, CMIO, COO, CMO, CSO, CNO etc
  • Heads, Managers, Officers & co-ordinators of:
    • Data Governance
    • Data Security
    • Data Analytics
    • Data Information
    • Information & Communication Technology
    • Information Technology(IT)
    • Medical Informatics
    • All other professionals who are interested to learn about Healthcare data governance & security
  • Health Ministries
  • Health Authorities
  • Medical Cities
  • Private Hospitals
  • Medical Centers
  • Presentations & Lectures
  • Group Discussions
  • Workshop, Exercises & use cases
  • Certificate of Achievement
  • Course material & Handouts
  • USB device with all material
  • Study binder
  • International buffet Lunch with coffee/tea breaks

Course Fee $1,600/Participant

Book & pay on or before March 14th, 2019 & get
10% discount USD 1,440/participant

3+1 Exclusive Offer
USD 4,800 for 4 Participants

*All prices are excluding of any tax (If applicable)

Healthcare Information Governance & Cyber Security - Course Schedule

Day 1 - Tuesday 09 April, 2019
Opening Session

Registration and Intro.

Session One

Information Governance and Cyber Security in the real world - Cyber security as a strategic risk.

  • Understanding your data – The value of healthcare information. Information Asset Registers. Data flows.
  • Understanding your risk: Information Asset Risk Assessments and Privacy Risk Assessments.
  • Managing cyber risks nationally and locally.
  • Demo of tools for managing threats and risks in digital healthcare environments.
Morning Break & Networking
Session Two

Information Governance and Cyber Security in the real world -Understanding the 3rd parties risk.

  • Trusting you supplier.
  • 3rd party security assessments.
  • Managing the risk.
  • Contractual matters.
  • Information Sharing Agreements and Data Processor Agreements

Case studies/discussion sprints:

  • Health Service risk registers
  • National cyber security risk alerts
  • Health care information and cyber security incidents
Lunch Break & Networking
Session Three

Responding to cyber security incidents and data breaches. Challenges and guidance for healthcare organisations: preparing for threats, Incident Response Process, Disaster Recovery Plans, Evidence Collection and Preservation, Incident Investigation, Root Cause Analysis and Incident Reporting.

  • Understanding and categorizing your cyber security incidents.
  • The “Cyber incident” obsession Vs. holistic information security incident approaches
  • Signification disruption of Healthcare as an essential service. NIS Directive.
  • Security incidents vs. data breaches
  • Is confidentiality really a big headache for HCOs? Taxonomy and trends of reported information security incidents within healthcare.
  • Top 10 threats for health care organisations.
  • Capabilities and motivations of HCOs adversaries.
  • The healthcare attach model
  • Typical response approaches: Tier 1 incidents, major incidents and National or Global incidents. Threat intelligence sharing.

Case studies/discussion sprints:

  • Learning for incidents. Adjusting your risk.
  • Building skilled resources to speeding up response capabilities, recovery and resilience.
Evening Break & Networking
Session Four

National resilience units and healthcare. Notification to supervisory authorities, fines and corporate embarrassment.
Case studies/discussion sprints:

  • Dosimetry Monitoring System incident: data processor cyber attack.
  • Wannacry incident.
  • Data disclosure incidents in health care organisations: email, social media, Patient Administration System
Day 2 - Wednesday 10 April, 2019
Session One

Improving cyber readiness and resilience in health care settings.

  • Effective use of Cyber security and information governance standards in the real world.
  • Gap analysis tools.
  • Choosing the right standards, frameworks and toolkits to work with in healthcare settings.
  • Tools to manage multiple frameworks and standards compliance.
  • Planning your ISMS for the future.
  • Monitoring effectiveness and national and local level.
Morning Break & Networking
Session Two

Improving cyber readiness and resilience in health care settings.

  • Architectural controls
  • Data controls
  • Hardware controls
  • Network controls
Lunch Break & Networking
Session Three

Improving cyber readiness and resilience in health care settings.

  • Software controls
  • User controls
  • ISO27001 controls
Evening Break & Networking
Session Four

Case studies/discussion sprints:

  • IG Toolkit
  • ISMS gap analysis tools.
  • National Information Security Policy Framework.
  • National resilience monitoring
Day 3 - Thursday 11 April, 2019
Session One

Legislation, policies, code of practice and guidelines.
Supervisory Authorities regulations, Data Protection (GDPR), Duty of Confidentiality, Freedom of Information, Integrated Health and Social Care, Access to Health Records, Public Records, Criminal Justice and Immigration, Data Handling, Health Service Operating Frameworks, IG Assurance Frameworks, Human Rights, Computer Misuse, Privacy and Electronic Communication Regulations, PCI/DSS, Records management.

Case studies/discussion sprints: 

  • Data Protection Law in Qatar. Scope and requirements 
  • IG and security in the health care  sector in the Middle East 
  • The impact of GDPR on health care organisations in the Middle East. Use of data privacy shields.  
  • Pragmatic approaches: establishing a reasonable scope for “appropriate” safeguards for health data.
Morning Break & Networking
Session Two

Effective structures for decision making and managing information security.

  • Common governance structures and models
  • Key information assurance roles in healthcare organisations
  • The human factor in the cyber security safety chain. Training and awareness.

Case studies/discussion sprints:

  • IG model for health and social care (UK)
  • IG model in the Middle East health care setting (participants)
Lunch Break & Networking
Session Three

Taking a holistic & pragmatic approach 

  • Strategy or strategies: cyber security, information security and information governance.
  • Elements of and Information Assurance strategy
  • Demonstrating value
  • Road maps and continual improvement
Evening Break & Networking
Session Four

Information Security Management Systems

  • ISMS vs. Value models
  • Implementing your ISMS
  • How and ISMS looks like in a healthcare organisation
  • Benefits of ISO/IEC 27001 in HCOs
  • Making your ISMS better. Monitoring progress. Using internal audit to improve your ISMS.

Case studies/discussion sprints:

  • ISMS continual improvement plans and approaches in various HCOs.

Summary of the course

  • Closing remarks and Certificate distribution
Course Program
Time Topic
Day 1
08:00 to 08:30Registration & Introduction
Day 1-3
08:30 to 10:00Session One
10:00 to 10:15Morning Break & Networking
10:15 to 12:15Session Two
12:15 to 13:15Lunch Break & Networking
13:15 to 14:45Session Three
14:45 to 15:00Evening Break & Networking
15:00 to 16:30Session Four