Johan Lidros is the founder and President of Eminere Group which provides IT Governance and Risk Management Services. Previously, Johan was the Florida and Caribbean Computer Risk Management practice leader at Andersen. He has specialized in providing IT governance, IT risk management, IT audit and information security assurance solutions for healthcare and higher education industries. Johan has a Bachelor of Science in Economics from the Stockholm University and has the following certifications: Certified in the Governance of Enterprise IT (CGEIT), Certified Information System Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), HITRUSCT Certified Common Security Framework Practitioner, and certified in IT Infrastructure Library (ITIL-F). Johan is an AHIA IT subject matter expert and member of the Tech Talk Committee. He is also a past President of the North and Central Florida HIMSS chapter and a 2012-2014 member of the ISACA CGEIT certification committee.
Health IT – The “New” Information Security Area
From mainly using IT in supporting processes, IT is now a primary tool in many core clinical processes. This has changed many processes and introduced new type of risks and opportunities related to patient safety and quality of care. The security aspect has been highlighted for many years with HIPAA and HITECH. Now we see a more intense focus on the data integrity, availability, and patient safety aspects of the electronic clinical information and medical records. Office of the National Coordinator for Health Information Technology (ONC) under the Department of Health and Human Services (HHS) issued in 2015 The Health IT Strategic Plan addresses the role of health IT within HHS’s commitment to patient safety and reduce cost through the use of information and technology. This strategy together with other development provide a critical need to enhance the risk management related to Health IT. Therefore, the role of IT and Security is critical to understand the organization’s risk management, plans and maturity in this core operational area.
Several studies been performed and new guidance are produced on a regular basis based on the analysis of reported patient safety incidents related to IT. This session will cover the risks and opportunities with Health IT, current regulatory guidance (HHS, ONC, TJC, FDA, etc.), common best practices (ISO, AHIMA, AAMI, etc.) common issues, critical success factors, and provide information of key security risk areas related to Health IT.