Healthcare Audit for IT, Medical Devices & Data Protection Training Workshop

September 06-07, 2020, Hotel Tower Rotana, Dubai, UAE

Training Objectives

At the end of this programme, participants would understand key eHealth governance and management elements, the audit process, the IT life-cycle, delivery and support, eHealth infrastructures and information assets, data protection, how to conduct a professional audit and common methodologies, frameworks and techniques.

Register Now Download Brochure

Instructor of this course

Dr. Elena Beratarbide

PhD, MeHealth, IEng, BComp, BBA, CISA, DPO
National Information Governance and Security Lead for Health and Social Care, Scottish Government (eHealth)

IG Policy Advisor for the Scottish Government.  

Chair of BCS the Chartered Institute of IT – Health and Care Scotland branch.

More Detail

This course will provide comprehensive guidance for IT audit professionals, particularly those auditing within the healthcare sector. The course is a groupled, hands-on journey through the IT audit process, and typical approaches and techniques used in health care organisations or providers of systems and IT services to health care organisation, including software as a medical device.
This course provides valuable insights for those interested in obtaining the Certified Information Systems Auditor (CISA) certification or the BCS
This course presents the IT Audit function as a key resource for minimising the cybersecurity risk and improving the information security management system of any healthcare organisation, systems and medical devices

Delegates would have a better understanding of modern approaches to conduct IT and more specifically Information Assurance and eHealth audits, including governance and management of eHealth and related IT service, software and medical devices that may require accreditation and data protection.
Participants will be able to design efficient audit programmes according to a variety of purposes, focusing efforts on specific risk areas, including cybersecurity, core health information systems and medical devices.
Participants will also be able to produce deliverables for various purposes executive board assurance, certification of eHealth systems and medical devices, adequacy of security controls for data protection impact assessment and compliance reports including ISO 2700x, ISO 13485, GDPR etc..

The target audience for this programme are:

  • Information and related technologies professionals, including medical informatics and information security.
  • IT and Information Systems audit practitioners with an interest in specialisation or Lead Auditor roles in eHealth.
  • Auditors with an interest in specialisation in IT audits
  • Professionals interested in obtaining and IT Audit accreditation, particularly as Certified Information Systems Auditor (CISA)
  • Medical Devices accreditors
  • Data Protection Officers
  • Information Security Officers
  • Internal audit
  • All other professionals who are interested to learn about eHealth audit.
  • Presentations & Lectures
  • Group Discussions
  • Workshop, Exercises & Use Cases
  • Certificate of Achievement
  • Course Material & Handouts
  • Study Binder
  • International Buffet Lunch with Coffee/Tea Breaks

Course Fee $1,500/Participant

Book & pay on or before Aug. 10th, 2020 & get
10% discount USD 1,350/participant

3+1 Exclusive Offer
USD 4,500 for 4 Participants
*All prices are exclusive of any taxes (If applicable)

Healthcare Audit for IT, Medical Devices & Data Protection - Course Schedule

Day 1 - Sunday 06 September, 2020
Opening Session

Registration & Intro

Session One

Understanding eHealth services and the IT life-cycle, including medical devices and health information assets.

  • In this section we will explore the scope of audits targeting eHealth, IT, information assets and medical devices. Understanding the scope of and life cycle is crucial for the negotiation of audit targets and to design successful audit plans and approaches
  • IT, eHealth, medical devices and information assets are closely interlinked; a successful audit starts from understanding the differences, scope and life-cycle involved in these highly interlinked but distinct areas
 Morning Break & Networking
Session Two

Governance and management of eHealth, IT and Information.

  • This session will explore the key processes that typically would require to be audited in eHealth environments. These are processes whereby health care and related eHealth organisations steer and control their business functions, services and assets through targets, policies, processes, delegation of authority and monitoring
Lunch Break & Networking
Session Three

Understanding information assets and the associated risk position: cybersecurity, information, data protection, eHealth, IT, medical and business risks.

  • In this section we will discuss the health and social care cyber security and data governance setting. We will explore the top 10 threats for health care organisations and provide ideas, information and skills required to manage the risk related to the processing of information in complex H&SC data flows.  In particular, we will look at understanding health and social care data and information asset registers and data flows, risk assessment (e.g. information security and privacy) and optimal ways to keep the risk under control in dynamic ways


Evening Break & Networking
Session Four

The audit process. Conducting professional audits.

  • This session will focus in understanding types of audits, the audit process, factors that influence the approach (e.g. risk) and how to set the audit programme and plan. We will discuss the principles for performing an audit, assessing controls and making recommendations
Day 2 - Monday 07 September, 2020
Session One

Methodologies, frameworks and techniques.

  • In this session we will explore common methodologies and frameworks that can help with audit the audit approach, either for compliance or substantive, as well as to focus on the right processes and controls. It will include CSA (Control self-assessment), CobIT , Risk IT, Val IT, COSO, GTAG, GAIT, ISF, ISO/IEC27x, ITAF, ITIL
  • On this session we’ll also pin-point to and briefly discuss useful techniques for assessing risk and materiality, gathering evidence, sampling, CAATs (Computer Assisted Audit Techniques)
Morning Break & Networking
Session Two

Case studies/discussion sprints
In this session we will explore the following specific audit scenarios and we’ll discuss best approaches, examples of audit plans, suggested techniques and reporting for:
Auditing the governance and management of eHealth.

  • Focused on auditing governance and eHealth management controls, including ISO 27001/2, ITIL, controls Auditing the governance and management of eHealth.

Auditing the eHealth systems and infrastructures.

  • Focused on auditing eHealth systems operations, facilities and network infrastructure, including DRP (Disaster Recovery Plans)
Lunch Break & Networking
Session Three

Case studies/discussion sprints
In this session we will explore the following specific audit scenarios and we’ll discuss best approaches, examples of audit plans, suggested techniques and reporting for:

Auditing medical devices

  • Focused on compliance with the ISO-13485, and the medical device QMS Auditing medical devices

Data protection audits

  • Focused on auditing compliance with data protection and privacy regulations and, in particular, adherence to the accountability principle set up within GDPR. Explores audit approaches, plans and techniques to assess the management of the information risk and information assets, data and privacy policies, data access and the overall information and data governance practices
Evening Break & Networking
Session Four

Issuing board assurance, audit and compliance reports, including cyber essentials and ISO 27001 compliance reports.

  • This session will focus on delivering audit results to different audiences (e.g. executive board, audit committees and third parties), getting management acceptance of the findings and seeking their response to facts and recommendations
  • This session will also explore other potential deliverables and audit closure and follow up procedures

Closing Session: Certificate Ceremonial

Course Program
Time Topic
Day 1
08:00 to 08:30Registration & Introduction
Day 1-2
08:30 to 10:00Session One
10:00 to 10:15 Morning Break & Networking
10:15 to 12:15Session Two
12:15 to 13:15Lunch Break & Networking
13:15 to 14:45Session Three
14:45 to 15:00Evening Break & Networking
15:00 to 16:30Session Four