Protected Health Information (PHI) mapping refers to identifying where PHI resides, how it is used and how it is protected. When PHI mapping technologies and techniques are used to detect where PHI resides, the organization can develop policies, priorities and strategies for protecting the information. PHI may change during the data life cycle. PHI mapping, if conducted appropriately and on a regular basis, will help to identify and implement effective compliance and risk mitigation strategies for managing risks associated with protecting PHI and data leakage.
This one and a half day workshop conference on PHI mapping will:
- Explain PHI concepts and why PHI mapping is important for the organization’s security and privacy programs.
- Explore the data life cycle of PHI and define the risks associated with each cycle.
- Discuss key factors that are important in selecting and implementing PHI mapping strategies, from governance to developing program goals to vendor selection, metrics, program evaluation and ongoing enhancements.
- Describe how to apply risk analysis and risk management techniques to PHI mapping.
- Present PHI mapping methods and tools, including qualitative tools and quantitative tools, outsourcing PHI mapping, and related issues.
- Explain how to develop and implement an effective and ongoing PHI mapping strategy.
- Present processes for vendor selection, including what to include in a Request for Proposal (RFP) or Request for Information (RFI), and how to evaluate vendors for your organization.
- Discuss how PHI mapping can be used for managing risks and facilitating compliance strategies.
Upon completing this course on managing risk through PHI mapping participants will:
- Understand the basic concepts associated with PHI mapping and the importance to the organization’s risk strategy.
- Understand the data life cycle and why it is important for PHI mapping strategies.
- Learn how data analytics are affecting healthcare organizations and why PHI mapping is more important than ever in protecting the organization’s information assets.
- Be able to describe the benefits of PHI mapping for the organization’s mission and goals.
- Be able to describe why and how PHI mapping is an integral part of the organization’s risk analysis and risk management processes.
- Be able to describe the primary methods of PHI mapping, including quantitative and qualitative methods, technologies available to assist in the process, and other methods.
- Learn how to identify and research PHI mapping technologies and methods.
- Understand the key components of selecting and implementing effective strategies for PHI mapping in different types of organizations.
- Learn how to determine the best PHI mapping approach for their organization based on mission, goals, threats and vulnerabilities, uses of PHI, and priorities.
- Be able to develop a RFP/RFI for selecting a PHI mapping vendor and implementing an outsourcing arrangement.
- Understand how to measure PHI mapping program results, including measurement techniques and development of program metrics.
- Be able to describe how effective PHI mapping affects the organization’s security and privacy programs.
Who Will Benefit:
This course is designed for information security and privacy professionals in healthcare or professionals in other fields who aspire to become officers in healthcare organizations. Information technology professionals will benefit by learning why and how PHI mapping is critical to information security programs and how to measure and support effective programs. Business associates, vendors and contractors who work with healthcare organizations will learn what is important in protecting PHI assets in healthcare and how their organizations can best meet the needs of their clients for protecting patient information.
The following personnel will benefit from the course:
- Information Security Officers
- Privacy Officers
- Information Technology Professionals
- Chief Information Officers and Chief Technology Officers
- Vendors and Contractors that Work with Healthcare Organizations
- Safety Officers
- Compliance Professionals
- Health Information Management Professionals
- Legal Affairs
- Internal Auditors
- Risk Managers
- Companies that provide automated data loss detection and data loss prevention products and methods.