Application Security: How to Prioritize, Evaluate and Strengthen Controls

Duration: 60 Minutes
Instructor: William Miaoulis
Webinar Id: 800197


One Attendee


The process of risk analysis starts with the simple principle that you must know you have an asset in order to protect it. This session will focus on methods to identify, prioritize, evaluate and strengthen controls within systems. In this session we will review tools and processes that allow organizations to quickly, but effectively review these systems.

With hundreds of systems that maintain Protected Health Information, how do you answer HIPAA questions, such as do you have audit trail of system activity? Do you have sufficient backup? Password controls? User will be able to use the processes immediately to assist them in creating processes to meet the HIPAA requirements.

It will be important to see what the FDA regulations and the ICH GCP recommendations are in this regard. The key is that the PI and all clinical staff know and follow the research plan (Protocol) exactly as it is written. To do this is ethical research. To not follow the protocol and document study conduct carelessly is folly.

Why should you attend:Data, Data everywhere, do you know where all of your data is? One of the first questions that is asked within the OCR audit protocol is "Determine if the covered entity has identified all systems that contain, process, or transmit ePHI. " Many organizations have 100's of systems that maintains electronic protected health information which meet the HIPAA standards.

However, the HIPAA rule allows organizations to determine what security to be implemented based upon their risk analysis. In this session we will be providing a mechanism for prioritizing your application systems, then analyzing the systems, documenting the controls and finally creating plans to strengthen controls. Organizations can benefit by prioritizing application systems into different levels. By using a mathematical approach that calculates a relative risk score for each application; organizations can determine which systems require stronger controls.

Organizations can rank all applications systems from 1 (highest priority system) to lowest priority system. This will allow an organization to answer questions about key controls from the HIPAA rule. Which systems should organizations spend the most time, effort and resource to control? This webinar will help you answer these important questions. This session will illustrate how to prioritize application systems, evaluate the controls and then strengthen the controls at the application system level.

Areas Covered in the Session:

  • Identifying all of your systems.
  • Creating a mathematical process to prioritize all the identified systems.
  • Create an effective mechanism to evaluate and document controls within the systems in a cost effective method.
  • Create cost effective plans to strengthen controls within application systems.

Who Will Benefit:
  • Health Information Manager
  • Healthcare Privacy Officer
  • Healthcare Security Officer
  • Chief Information Officer
  • Healthcare Counsel/lawyer
  • Chief Compliance Officer
  • CEO, CFO, HIPAA Officer

Educational Objectives(S)
Upon completion of this activity, participants will be able to:
  • Identify the methods to prioritize, evaluate and strengthen controls within systems.

CME Credit Statement
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of CFMC and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.

CFMC designates this educational activity for a maximum of 1.5 AMA PRA Category 1 Credits™. Physicians should only claim credit commensurate with the extent of their participation in the activity.

Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 1.5 hours.

Disclosure Statement
It is the policy of Colorado Foundation for Medical Care (CFMC) and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity. All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations.

Obtaining Certificate of Credit

Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC's online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.

Speaker Profile
William Miaoulis CISA, CISM, is a senior healthcare information system (IS) professional with more than 20 years of healthcare Information Security experience. Bill is the founder and primary consultant for HSP Associates. Prior to starting HSP Associates in January of 2013, Bill was the Chief Information Security Officer (CISO) and led the HIPAA security and privacy consulting efforts for Phoenix Health Systems for over 11 years and also was the HIPAA Consulting Manager for SAIC for 18 months. For seven years, Miaoulis was the University of Alabama Birmingham (UAB) Medical Center’s Information Security Officer, where he instituted the first security and privacy programs at UAB starting in October 1992.

Miaoulis contributes to the industry by frequently speaking at conferences on security matters, including recent sessions on Risk Analysis/Risk Management, Creating and Implementing Effective Security Policies, Understanding the HIPAA Security Rule, and Creating Effective Security Incident Response Procedures. Miaoulis has been interviewed and quoted by numerous publications including: SC Magazine, Health Data Management, Briefings on Healthcare Security, Computerworld; and Health Information Compliance Insider. Miaoulis has worked with AHIMA to produce the book “Preparing for a HIPAA Security Compliance Assessment” and also has worked on updating the AHIMA Security Practice Briefs.

You Recently Viewed