Healthcare Cybersecurity Certificate

This course presents the student with foundational concepts and processes to achieve optimal information security in a modern healthcare environment. The course covers the organization, financing, and delivery of healthcare and discusses technology, terminology, and data management principles. The topic coverage continues across all aspects of information security and privacy, with a special emphasis on real-life scenarios in clinical practices and business operations in healthcare. The course addresses best practices for healthcare information security and privacy with detailed coverage of essential topics such as information governance, roles and occupations, risk assessment and management, incident response, patient rights, and cybersecurity. Finally, the course addresses U.S. laws and regulations as well as a summary of those laws and regulations within the European Union, the United Kingdom, and Canada. 3 credits. No prerequisites.

This course provides broad coverage of network security. The courses addresses threats, attacks, and vulnerabilities; technologies and tools for combating network attacks; network security architecture, and design; identity and access management; risk management and mitigation; and cryptography. It also includes coverage of embedded device security, attacks and defenses, and the latest developments and trends in information security, including new software tools to assess network security. 3 credits. No prerequisites.

This course presents the student with foundational concepts and understanding relating to the Enterprise Health Cloud applications, data storage and services.

Most modern IT infrastructures today operate in cloud environments or are rapidly moving to cloud-based services. This move to the cloud for Healthcare includes standard IT functions, patient record repositories, realtime data posted from IoT devices and cloud storage that is needed to support large data requirements and specific applications. These environments are aptly named Enterprise Health Clouds. Enterprise Health Clouds are purported to provide healthcare providers, pharmaceutical companies, insurers, and manufacturers of integrated medical devices a secure cloud-based experience to caregivers and patients. 3 credits. No prerequisites.

This course presents the student with foundational concepts and understanding relating to the application and impacts of IoT devices within the healthcare environment. IoT devices already exist in many aspects of healthcare today, from complex CT Scan and MRI systems to simple blood pressure and temperature recording devices that communicate and record measurements directly into the patient chart. Increasingly medical devices such as heart monitors are being placed on patients for extended periods of time to monitor and report fluctuations in real-time to healthcare environments for immediate evaluation and triage. The security and safety of these devices are vital and require detailed validation and constant monitoring. Critical questions regarding the life-cycle of these devices from the development, supply-chain, device updates, and the integration with information systems will be covered in this course. 3 credits. No prerequisites.

While most people think of a security breach when computer incidents are mentioned, there are many types of cyber incidents. Each incident has the potential to cause data loss or service outage. Healthcare organizations need to be aware of how best to protect themselves through the development of an effective incident response and recovery plan as well as operational procedures regarding how to handle and analyze these incidents. At the top level is the incident response and recovery policy and understanding how to develop and maintain such a policy is critical. Incident response team development and management, evidence handling, and the technical skills necessary to locate appropriate evidence are covered. 3 credits. No prerequisites.

This course presents a comprehensive approach to administering the Health Insurance Portability and Accountability Act (HIPAA) from an information security and cybersecurity approach. The course places an emphasis on protecting electronic protected health information (ePHI) applying HIPAA privacy rules, security rules, and safeguards. The course discusses methodologies for conducting risk assessments specific to the organization when applying HIPAA requirements to protecting ePHI. The topic coverage continues with an in-depth overview of the Health Information Technology for Economic and Clinical Health (HITECH), the Health Insurance Trust Alliance (HITRUST), and the common security framework (CSF) designed to integrate with the NIST cybersecurity framework to perform assessments, manage remediation, and track compliance for HIPAA-related activities. Finally, the course addresses the laws and regulations of other countries pertaining to healthcare privacy, including the European Union’s General Data Protection Regulation (GDPR) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). 3 credits. No prerequisites.