CHIME AGENDA - Toronto | September 20, 2016

This program qualifies for 5.5 Continuing Education Units (CEU) towards the CHIME Certified Healthcare CIO (CHCIO) Program. CHIME recognizes 1 hour of participation as equivalent to 1 CEU.
 
CHIME members and Affiliates may claim CEUs for the LEAD forum by entering them into the CHIME Continuing Education Credits form on the CHIME website.
 
Program Overview and Learning Objectives 
 
A top priority for every CIO today is protecting their organization from cybersecurity threats and breaches.  Attend this day long Forum to learn about the key components of an effective cybersecurity strategy and approaches any organization can take to gain employee-support and engagement.  Cybersecurity begins with awareness which can be the first step in prevention of attacks.  Learn approaches to incorporate awareness into a winning organizational cybersecurity and risk management plan.  Identify key components of an effective plan that includes prevention, response and recovery.  Explore the compliance and legal requirements that can facilitate your organization’s cybersecurity activities as well as learn about approaches in dealing with compliance issues.  Gain insights from industry experts on developing, implementing and using cybersecurity plans in time of breaches as well as tips on engaging the organization so cybersecurity becomes a part of everyone’s job.   Learn ways to shift your organization into a cybersecurity learning organization in order to protect the valuable data and physical assets.
 
Learning Objectives:
 
  • Identify key steps in preparing an organization against cybersecurity threats and breaches including security frameworks and control measures
  • Define key components of an effective cybersecurity plan including prevention, response and recovery approaches for successful implementation and staff adoption
  • Examine the latest compliance and legal requirements around cybersecurity and ways they can be leveraged by organizations with an effective ongoing risk management program
  • Discuss opportunities to incorporate cybersecurity awareness and risk management into the fabric of an organization and the employee mindset
 
Program Agenda
 
08:00 - 09:00am
Registration and Continental Breakfast
09:00 - 09:15am
Welcome and Opening Remarks/Review Overall Goals of the Meeting
Keith Fraidenburg, MBA, Executive Vice President and Chief Strategy Officer, CHIME
09:15 - 10:15am
What Healthcare Executives Need to Know about Information Security
 
From ransomware to data breaches, healthcare has become another target for cyber criminals. The threats are coming at our organizations at a furious pace and growing more sophisticated by the day. As we continue to digitize nearly every aspect of the delivery system and expand information sharing across the continuum, new vulnerabilities arise. Effective cybersecurity must be a part of the leadership team’s mandate and integrated into broader strategic planning. This session will address the current state of information technology security in healthcare and identify barriers, priorities and actions to take now. This is a must-hear session for all healthcare executives!
 
Learning Objectives:
  • Describe the healthcare information security threat landscape
  • Discuss the value of cybersecurity insurance
  • Identify the barriers to successful data security implementation
  • Review the priorities for healthcare and what you can do today
Moderator:  Keith Fraidenburg, MBA, Executive Vice President and Chief Strategy Officer, CHIME
Speaker:  Russ Branzell, FCHIME, CHCIO, President & CEO, CHIME
10:15 - 10:30am
Networking Break
10:30 - 11:15am
 
Be Safe with Cybersecurity – A Lean Organization’s Journey
 
The University of Virginia Health System has adopted Lean Management for a number of years and used it extensively to improve its clinical and service quality, in particular, around patient and team member safety.  It is now using the tenets of Lean to also improve its safety with respect to cybersecurity.  Root cause problem solving, A3 thinking, and the elimination of waste (which cybersecurity really is) are just as important for defending against cyber-attacks as they are for defending against hospital acquired infections. Gain key insights from the journey at UVHS to help bolster your own organization’s cybersecurity strategy.
 
Learning Objectives:
  • Explain the value of a problem solving approach (Lean) for cybersecurity
  • Discuss the learnings of an academic medical center about cybersecurity and how they might apply to your organization
  • Describe a multi-year security enhancement program for a health system, its successes and failures
Speaker: Rick Skinner, LCHIME, FCHIME, CIO, University of Virginia Health System
11:15 - 12:15pm
Networking Lunch
12:15 - 1:00pm
Essential Factors for Cybersecurity Preparedness
 
A good defense is the best offense!  Organizations must always take a proactive stance of preparedness and integration of effective cybersecurity into the organization ranging from strategic planning, operations, process, workflow to security controls.  This session discusses the key components to effectively prepare for a breach, including IT and non-IT functions.
 
Learning Objectives:
  • Identify healthcare and non-healthcare strategic security frameworks and ways to leverage these both today and in the future
  • Define IT and non-IT security assessments and best practices for overall management and controls including working with third party trading partners
  • Outline strategies for building and retaining security staff talent and expertise
  • Identify approaches to securing adequate funding to support your organization’s security strategies and activities plan
Moderator:  Keith Fraidenburg, MBA, Executive Vice President and Chief Strategy Officer, CHIME
Speakers:
Lydia Lee, SVP and CIO, University Health Network, Toronto
Patricia Lavely, VP and Chief Information Officer, Gwinnett Medical Center
Jeff Wilson, Director of Information Services, Assurance and IT Security, Information Systems Security Officer, Albany Medical Center
01:00 – 01:45pm
Dealing with a Real Life Data Breach
 
Healthcare providers are key targets for today’s security breaches.  Demonstration of effective preparedness and prevention occurs with an organization’s detection, response and recovery to intrusions and breaches.  This goes beyond technology to include how an organization deals with the community, patients, medical staff, payers, other trading partners as well as internal staff.  This session walks through a real-life breach response model.  In an open discussion format, participants will identify how their organizations have responded to each phase of breach response and what safeguards they implemented to prevent further attacks.
 
Learning Objectives:
 
  • Explain the key aspects and timeline of a data breach
  • Identify the steps of a data breach using the Partners HealthCare framework: compromise, discovery activation and containment, mitigation, monitoring, closure and investigation
  • Discuss lessons learned and effective strategies establishing response and recovery management
 
Moderators:  Keith Fraidenburg, MBA, Executive Vice President and Chief Strategy Officer, CHIME;
Russ Branzell, FCHIME, CHCIO, President & CEO, CHIME
01:45 – 02:00pm
Networking Break
02:00 - 02:45pm
Developing and Managing an Ongoing Risk Management Program
 
Managing cybersecurity is an ongoing process and requires an organization to have a continuous learning environment in order to be effective dealing with threats and breaches.  Organizations must have ongoing risk management programs that involve processes and workflow as well as technology.  This involves reaching outside the healthcare industry for insights, best practices and approaches to address cybersecurity. In this session, discover how to stay vigilant by equipping yourself with the latest trends and strategies, and ways to encourage open knowledge sharing between peers focused on effective risk management programs.
 
Learning Objectives:
 
  • Identify strategies that fosters an organizational culture of continuous learning and process improvement for effective risk management programs including  prevention and awareness
  • Discuss strategies and approaches to maintain current working knowledge of cybersecurity  and effective risk management programs along with  ways to leverage industry knowledge to support effective organizational protections
  • Evaluate the experience from those outside of healthcare and learn how non-healthcare industry experience can be leveraged in your organization
Speaker: Mac McMillan, FHIMSS, CISM, Co-founder and CEO, CynergisTek
02:45- 03:00pm
Networking Break
03:00 - 03:30pm
KLAS Cybersecurity Survey Update: Insights from the Field
 
CHIME and KLAS are partnering on a cybersecurity project to discover where the energy exists around cyber security in healthcare and provide insights into technologies and measures providers are taking to enhance their security program and better manage risk.  The survey will review the effectiveness of technology vendors and consulting firms and identify how well EHR vendors support providers’ security goals. This session will provide insights from the field base on early results from the survey and dialogue with healthcare IT executives and security experts.
 
Speaker: Garrett Hall, Research Director – Cyber Security, Implementation Services, KLAS Enterprises
03:30 - 03:55pm
Program Insights & Final Q&A
Speaker:  Russ Branzell, FCHIME, CHCIO, President & CEO, CHIME
03:55 - 04:00pm
Closing Remarks
Moderator:  Keith Fraidenburg, MBA, Executive Vice President and Chief Strategy Officer, CHIME