The objective of the course is to provide a detailed understanding of UK Healthcare Industry Security requirement and criticality of Healthcare data. It is designed to provide the delegates with necessary information and skills to implement and manage a secure working environment within the Healthcare organisations.
At the end of this course, delegates would have detailed understanding of security and compliance requirement for healthcare data, regulatory environment, operational security, governance and risk management, incident management and continuity & recovery process.
Information security manager, ICT Security Manager, Data Protection Officer, Information Governance Manager, Patient Records Manager, Records Manager, Internal IT Auditors, Risk Managers, Risk Analysts, ICT Managers, ICT Security Consultants, System Managers, Practice manager, Healthcare Professionals, SIRO, Information Asset Owners, Individuals looking for a career in Healthcare IS domain.
2 years’ work experience in Healthcare sector or Information Security roles.
The three day Cyber Security for the Healthcare Professional course delivers individual modules, as described below, tailored for the healthcare industry and delivered by an experienced healthcare security practitioner.
- Information Governance and Risk Management
- Regulatory Environment for Healthcare Organisations
- Healthcare Data Security
- Third-Party and Supply chain Risk Management
- Operational Security
- Incident Response Management
Information Governance and Risk Management:
Policy, Procedures and Guidelines, Roles and Responsibilities, Risk Management Methodology: Qualitative & Quantitative, Information Risk Management Life Cycle, Risk Management Activities: Risk Assessment, Business Impact Analysis, and Risk Registers.
Regulatory Environment for Healthcare Organisations:
Identify Applicable regulations: Information Commissioner’s Office (ICO), Data Protection Act 1998/GDPR, Common Law Duty of Confidentiality, Freedom of Information Act 2000, Health and Social Care Act 2012, Access to Health Records 1990, Access to Medical Record Act 1988, Public Records Act 1958, Criminal Justice and Immigration Act 2008, Data Handling Review, Annual IG Toolkit, NHS Operating Framework, IG Assurance Framework, Human Rights Act 1998, Computer Misuse Act 1990, Privacy and Electronic Communication Regulations, PCI/DSS.
Healthcare Data Security:
Confidentiality, Integrity, Availability, Authentication and Accountability, Change Management, Access control, Password Management, Audit and Monitoring, Cyber Threat Identification and Management, Privacy Impact Assessment, Information Security Standard: ISO 27001, Asset Security: Asset Register, Information and asset classification, Ownership, Retention, Data security controls, Handling requirements (i.e. markings, labels, storage).
Third-Party and Supply chain Risk Management:
Definition of Third-Parties in Healthcare Context: Managed Service, Cloud Services, Suppliers, Third-Party Assessments and Audits, Third-Party Requirements, Remediation Efforts, Due Diligence and Due Care, Compliance.
Change Management, Business Continuity and Disaster Recovery Plan, Defence-in-depth, Network Security, Vulnerability and Patch Management, Training and Awareness.
Incident Response Management:
Understand the Cyber Threat, Prepare for the Cyber threat, Prepare Response Plan, Responding to a Cyber Incident, Incident Response Process, Evidence Collection and Preservation, Incident Investigation, Incident Reporting, and Root Cause Analysis.