|
Thursday, May 22, 2025
1:00 pm - 2:15 pm ET
(Noon - 1:00 pm CT/11:00 am - Noon MT/10:00 am - 11:00 am PT)
Epic Tech Talk: Epic Security Considerations & Risks
Speakers
Ryan Altschuler, Epic-Certified in Health Information Management & Identity, Director, Cyber Risk & Regulatory Health Industries
Ryan Altschuler is a Director in PwC's Cyber Risk and Regulatory Health Industries practice. He has spent the majority of his 14-year career leading EHR system implementations, first as a project manager & implementation specialist with Epic Systems Corporation, and later in the consulting space where he implemented both inpatient and clinic-based EHR systems from a program and project management perspective. Many of those years were spent designing, implementing, and overseeing Community Outreach programs in the Epic space leveraging Epic’s Community Connect model. At PwC, Ryan assists providers and payers in the Health Industries vertical to identify and plan for risk, and implement controls to reduce operational, strategic, and compliance impact in many areas of business, with a particular expertise in Electronic Health Records. He has experience in most major EHRs, with a focus in Epic where he holds multiple certifications and has a deep knowledge of more than 16 Epic applications.
Zoe McCandler, Senior Associate, Cyber Risk & Regulatory Health Industries, PwC
Zoe McCandler is a Senior Associate in PwC’s Cyber Risk and Regulatory Health Industries practice. She has over 6 years of experience in data and technology, with a strong focus on Epic security assessments. Her work centers on the enhancement of the security assessment tool and leveraging Power BI to create dynamic dashboards and reports that provide clear insights into potential risks, such as excessive sensitive access and segregation of duties conflicts. Her background in data and technology supports a methodical and insight-driven approach, enabling delivery of practical recommendations aligned with client goals and industry standards to help healthcare organizations identify gaps, reduce risk exposure, and enhance their overall security posture.
Moderator
Johan Lidros, CISA, CISM, CGEIT, CDPSE, CRISC, HITRUST CCSFP, ITIL-F, President, Eminere Group
Johan Lidros, President of Eminere Group has a significant amount of experience working with healthcare organizations, assessing, and auditing their IT Risks. He has led numerous Cybersecurity engagements at health systems during the past 20 years and has a very comprehensive understanding of current IT governance and security standards such as: COBIT, HITRUST, NIST, CIS, HICP, and IS027002. Johan has performed many speaking engagements over the past two decades on various IT/Cyber Security and risk management topics at conferences including ACUA, AHIA, EDUCAUSE, FHIMA, HCCA, and ISACA. Johan is an accredited ISACA instructor for CISA, CRISC, CISM, CGEIT.
Webinar Description:
Join us for an in-depth look at the risks tied to Epic security and access configurations. This session will explore how Epic security is structured, with a focus on access provisioning processes and how they can impact overall risk posture. We'll walk through common access that may lead to segregation of duties (SoD) conflicts and highlight areas where users may be granted excessive access to sensitive functionality or data. These situations can expose organizations to financial, operational, or regulatory risk if not properly managed. Through examples and practical insights, attendees will gain a better understanding of how to identify, assess, and mitigate these risks within their Epic environments. This session is ideal for healthcare IT, compliance, and security professionals looking to strengthen access controls and enhance the security of their Epic environments.
Learning Objectives:
- Understand the structure of Epic security and how access is provisioned across clinical and administrative functions.
-
Gain knowledge of common segregation of duties (SoD) conflicts and examples of excessive access that can increase risk exposure.
- Apply practical strategies to assess and mitigate Epic security risks using real-world examples and industry standard best practices.
Cost:
Members - COMPLIMENTARY (You MUST be a current member to take advantage of this benefit.)
Program Level: All
Field of Study: Specialized Knowledge
Prerequisites: None
Delivery Method: Group Internet Based
CPE Credits: 1.5 CPE credit
Please Note: If you wish to receive continuing professional education credits for participating in the discussion, you are required to register and pay the registration fees (if applicable). You will also be required to answer 4 of the 5 questions asked online during the discussion to qualify for CPE credit.
|
