Healthcare Information Governance & Cyber Security

Course Schedule

Day 1 - Tuesday 09 April, 2019
Opening Session

Registration and Intro.

Session One

Information Governance and Cyber Security in the real world - Cyber security as a strategic risk.

  • Understanding your data – The value of healthcare information. Information Asset Registers. Data flows.
  • Understanding your risk: Information Asset Risk Assessments and Privacy Risk Assessments.
  • Managing cyber risks nationally and locally.
  • Demo of tools for managing threats and risks in digital healthcare environments.
Morning Break & Networking
Session Two

Information Governance and Cyber Security in the real world -Understanding the 3rd parties risk.

  • Trusting you supplier.
  • 3rd party security assessments.
  • Managing the risk.
  • Contractual matters.
  • Information Sharing Agreements and Data Processor Agreements

Case studies/discussion sprints:

  • Health Service risk registers
  • National cyber security risk alerts
  • Health care information and cyber security incidents
Lunch Break & Networking
Session Three

Responding to cyber security incidents and data breaches. Challenges and guidance for healthcare organisations: preparing for threats, Incident Response Process, Disaster Recovery Plans, Evidence Collection and Preservation, Incident Investigation, Root Cause Analysis and Incident Reporting.

  • Understanding and categorizing your cyber security incidents.
  • The “Cyber incident” obsession Vs. holistic information security incident approaches
  • Signification disruption of Healthcare as an essential service. NIS Directive.
  • Security incidents vs. data breaches
  • Is confidentiality really a big headache for HCOs? Taxonomy and trends of reported information security incidents within healthcare.
  • Top 10 threats for health care organisations.
  • Capabilities and motivations of HCOs adversaries.
  • The healthcare attach model
  • Typical response approaches: Tier 1 incidents, major incidents and National or Global incidents. Threat intelligence sharing.

Case studies/discussion sprints:

  • Learning for incidents. Adjusting your risk.
  • Building skilled resources to speeding up response capabilities, recovery and resilience.
Evening Break & Networking
Session Four

National resilience units and healthcare. Notification to supervisory authorities, fines and corporate embarrassment.
Case studies/discussion sprints:

  • Dosimetry Monitoring System incident: data processor cyber attack.
  • Wannacry incident.
  • Data disclosure incidents in health care organisations: email, social media, Patient Administration System
Day 2 - Wednesday 10 April, 2019
Session One

Improving cyber readiness and resilience in health care settings.

  • Effective use of Cyber security and information governance standards in the real world.
  • Gap analysis tools.
  • Choosing the right standards, frameworks and toolkits to work with in healthcare settings.
  • Tools to manage multiple frameworks and standards compliance.
  • Planning your ISMS for the future.
  • Monitoring effectiveness and national and local level.
Morning Break & Networking
Session Two

Improving cyber readiness and resilience in health care settings.

  • Architectural controls
  • Data controls
  • Hardware controls
  • Network controls
Lunch Break & Networking
Session Three

Improving cyber readiness and resilience in health care settings.

  • Software controls
  • User controls
  • ISO27001 controls
Evening Break & Networking
Session Four

Case studies/discussion sprints:

  • IG Toolkit
  • ISMS gap analysis tools.
  • National Information Security Policy Framework.
  • National resilience monitoring
Day 3 - Thursday 11 April, 2019
Session One

Legislation, policies, code of practice and guidelines.
Supervisory Authorities regulations, Data Protection (GDPR), Duty of Confidentiality, Freedom of Information, Integrated Health and Social Care, Access to Health Records, Public Records, Criminal Justice and Immigration, Data Handling, Health Service Operating Frameworks, IG Assurance Frameworks, Human Rights, Computer Misuse, Privacy and Electronic Communication Regulations, PCI/DSS, Records management.

Case studies/discussion sprints: 

  • Data Protection Law in Qatar. Scope and requirements 
  • IG and security in the health care  sector in the Middle East 
  • The impact of GDPR on health care organisations in the Middle East. Use of data privacy shields.  
  • Pragmatic approaches: establishing a reasonable scope for “appropriate” safeguards for health data.
Morning Break & Networking
Session Two

Effective structures for decision making and managing information security.

  • Common governance structures and models
  • Key information assurance roles in healthcare organisations
  • The human factor in the cyber security safety chain. Training and awareness.

Case studies/discussion sprints:

  • IG model for health and social care (UK)
  • IG model in the Middle East health care setting (participants)
Lunch Break & Networking
Session Three

Taking a holistic & pragmatic approach 

  • Strategy or strategies: cyber security, information security and information governance.
  • Elements of and Information Assurance strategy
  • Demonstrating value
  • Road maps and continual improvement
Evening Break & Networking
Session Four

Information Security Management Systems

  • ISMS vs. Value models
  • Implementing your ISMS
  • How and ISMS looks like in a healthcare organisation
  • Benefits of ISO/IEC 27001 in HCOs
  • Making your ISMS better. Monitoring progress. Using internal audit to improve your ISMS.

Case studies/discussion sprints:

  • ISMS continual improvement plans and approaches in various HCOs.

Summary of the course

  • Closing remarks and Certificate distribution
Course Program
Time Topic
Day 1
08:00 to 08:30Registration & Introduction
Day 1-3
08:30 to 10:00Session One
10:00 to 10:15Morning Break & Networking
10:15 to 12:15Session Two
12:15 to 13:15Lunch Break & Networking
13:15 to 14:45Session Three
14:45 to 15:00Evening Break & Networking
15:00 to 16:30Session Four