Healthcare_WG

健康医療情報管理ユーザーワーキンググループのページです。

CSA-JC 健康医療情報管理ユーザーワーキンググループは、CSAグローバルのHealth Information Management Working Groupの活動に準拠して、患者/生活者中心の視点から、健康医療分野のクラウド利用に係るセキュリティ/プライバシー保護を支援するための基本的な調査研究を提供し、エンドユーザー向けのクラウドセキュリティに関する啓発活動を推進することを目的とします。

活動要旨

CSA-JC 健康医療情報管理ユーザーワーキンググループの設置企画書は、こちらを参照してください。

公開情報

  • 「日印人材育成・交流イニシアティブ設立趣意書」をアップしました(2018年7月10日)
    こちらからダウンロードしてください。
  • 一般社団法人 日本医療ベンチャー協会記念シンポジウム「医療におけるビックデータの利活用」の資料をアップしました。(2018年6月11日)
    こちらからダウンロードしてください。
  • 勉強会資料「海外事例に学ぶクラウド利用とITリスク管理」をアップしました。
    こちらからダウンロードしてください。
  • 公開勉強会資料をアップしました(2017年7月6日)。資料は以下からダウンロードしてください。
  • ヘルスケアIT 2017 (2017年4月19日)
    医療分野のブロックチェーン利活用」と題する講演を行いました。
    資料はこちらからどうぞ。
  • ITmedia エンタープライズ勉強会(2016年8月5日)
    「コンプライアンス視点で理解する世界のデータ管理トレンドとこれから」と題する講演を行いました。」
    資料はこちらからどうぞ。
  • ヘルスケアIT 2016 (2016年4月20日)
    「医薬品イノベーションとITリスクマネジメント」と題する講演を行いました。
    資料はこちらからどうぞ。
  • 医療情報セキュリティセミナーin八王子(2015年2月16日)
    「健康医療分野の海外サイバーセキュリティ最新動向」と題する講演を行いました。
    資料はこちらからどうぞ。

活動内容

[ 2021年度活動計画(2021年6月1日~2022年5月31日)]
1. 活動方針

・国内活動

  • ライフサイエンス/医薬品/医療機器産業、医療機関/介護施設/健康増進サービス事業者、患者/消費者を含む健康医療情報バリューチェーン全体におけるCSAガイダンス、CCM、STAR認証、医療機器/遠隔医療セキュリティガイダンス、IoTセキュリティガイダンス、アプリケーションコンテナ/マイクロサービス/サーバーレス・ガイダンス等の有効活用の推進活動
  • CSAのワーキンググループが主導するCSAガイダンス、CCMおよびその他発行文書類(例.IoTセキュリティガイダンス)に関する、業界の視点に立ったピアレビューの実施およびフィードバックの提供
  • 健康医療情報に関わる国内外の主要なステークホルダーコミュニティ(例.フォーカスグループ、業界団体、研究機関、フォーラム、学術団体など)との積極的な協業活動
  • 上記に関する周知、認知、研究の機会を計画/実行するために、関西支部との連携を強化する

・グローバル活動

  • CSA HIM-WGのグローバル活動への積極的コミットメント
  • CSA海外チャプターとの連携活動強化(例:中国、東南アジア、インド、EMEA)

2. 関西支部との連携強化活動

~関西ヘルスケア業界&製造業界におけるクラウドセキュリティ啓発活動

[2021年10月]
1. 国内活動
[関西支部との連携強化活動]

[2021年9月]
1. 国内活動
[関西支部との連携強化活動]

  • 2021年9月29日(終了)
    第2回CSA関西・健康医療WG公開ワークショップ「クラウドにおける医療ビッグデータのプライバシー/セキュリティ」
    日本クラウドセキュリティアライアンス(CSAジャパン)関西支部は、バイオコミュニティ関西(BiocK)様と連携して、関西発スマートヘルスケアにおけるグローバル展開支援共通ICT基盤の検討に向けて、健康医療/ライフサイエンス領域の技術者やクラウドユーザー、プラットフォーム関連サービス事業者等を対象に、ワークショップを実施します。
  • オープニング
    坂田 恒昭 氏 バイオコミュニティ関西(BiocK)/大阪大学産学共創機構特任教授
  • 講演1:「クラウドにおける医療ビッグデータのプライバシー保護/セキュリティ管理」
    講師:笹原 英司 
    日本クラウドセキュリティアライアンス 健康医療情報管理ユーザーWGリーダー
  • 講演2:「秘密計算技術とデータ利活用について」
    講師:藤井 了 
    日本電気株式会社 技術価値創出本部 主任研究員
  • 講演3:「健康医療・ライフサイエンス分野のデータ戦略に必要なグランドデザインと日本における取組の戦略」
    講師:吉澤 尚 氏
    GRiT Partners 法律事務所 所長・マネージングパートナー
    内閣官房バイオ戦略有識者
    Willsame株式会社 CEO
    慶應義塾大学大学院政策・メディア研究科特任講師
  • パネルディスカッション
  • 日時:2021年9月29日(水) 18:30-20:30
    受付:18:20
    オープニング:18:30-18:35
    講演1:18:35-19:00
    講演2:19:00-19:30
    講演3:19:30-20:10
    パネルディスカッション:20:10-20:30
    https://www.slideshare.net/esasahara/ss-250646661

[2021年8月]
1. 国内活動
[関西支部との連携強化活動]

[2021年7月]
1. 国内活動
[関西支部との連携強化活動]

  • 2021年7月28日(終了)
    第1回ワークショップ
    「クラウド接続した医療機器のサイバーセキュリティ対策」日本クラウドセキュリティアライアンス(CSAジャパン)関西支部は、バイオコミュニティ関西(BiocK)様と連携して、関西発スマートヘルスケアにおけるグローバル展開支援共通ICT基盤の検討に向けて、健康医療/ライフサイエンス領域の技術者やクラウドユーザー、プラットフォーム関連サービス事業者等を対象に、ワークショップを実施します。
  • 講演1:「グローバルバイオコミュニティの形成に向けて」講師:坂田恒昭 氏 バイオコミュニティ関西(BiocK)/大阪大学産学共創機構特任教授
  • 講演2:「クラウド接続した医療機器のサイバーセキュリティ対策」講師:笹原英司 氏 日本クラウドセキュリティアライアンス 健康医療情報管理ユーザーWGリーダー
  • ライトニングトーク&ディスカッション・セッション:関西ライフサイエンス関連企業による医療機器サイバーセキュリティの取組事例
    クラウド関連サービス企業によるクラウドセキュリティ・ソリューションの紹介
    セキュリティ関連団体による啓発活動 他
    パネラー:谷本重和 氏 シスメックス株式会社 DX推進本部 デジタル企画部 Sysmex-CSIRT舟木康浩 氏 タレスDIS CPLジャパン株式会社 データプロテクション事業本部 セールスエンジニアリングマネージャー CISSPコーディネーター:笹原 英司(CSAジャパン)日時:2021年7月28日(水) 18:30-20:00受付:18:20
    講演1:18:35-18:50
    講演2:18:50-19:25
    LT・ディスカッション:19:30-20:00
    https://www.slideshare.net/esasahara/ss-249906829/

2. グローバル活動

           2-1.  CSAグローバルHIM WGの活動

2-1-1. Health Information Management Meeting Call(終了)
           日時:2021年7月22日(木)3:30am~4:30am (JST)
場所:オンライン
[概要]

  • CSA Events and Updates
    • Healthcare Data Breach – who is at fault?
      • Elekta Health Data Breach Strikes Jefferson Health, Disclosing PHI
      • Vince gave an overview of how Jefferson Health is notifying patients of a health data breach that exposed patient PHI, and lead a group discussion on the topic getting perspectives of the issue from Jim from Trinity Health, Richard and Eric from Optum (United Health Care), and others on the call.
    • Medical Device Incident Response Playbook – IoT paper in peer review until 8/11

      • This document presents a best-practices medical device incident response playbook that incorporates clinical aspects of medical device IR. As such, this guidance should be reviewed and adapted by clinical leadership to ensure it is acceptable from a patient care standpoint. This document should be viewed as a starting point for medical device incident response and not a prescriptive end goal.
      • Peer Review: https://cloudsecurityalliance.org/research/contribute#peer-reviews
  • Healthcare Publications Update
    • Recent Releases
      • Telehealth Risk Management
      • The Use of Blockchain in Healthcare
        • This paper investigates current blockchain use cases in the medical field and the impact they may have. It begins with a description of blockchain technology and then discusses the benefits of using blockchain in healthcare, such as increasing the security of telehealth systems.  By using blockchain, organizations may be able to efficiently share healthcare data while ensuring patient privacy and data security at the same time.
        • Released: July 15th, 2021
        • Press Release: Scheduled for August 2nd
      • Upcoming Releases
        • Protecting the Privacy of Healthcare Data in the Cloud
          • Privacy is concerned with decisions about who should legitimately have the capability to access and alter information. In healthcare, the value associated with technology is connected to the collection of personal information. Ideally, technology should optimize the benefits individuals derive from technology while protecting the individual’s privacy.
          • Since 7/21 meeting, received confirmation to put into final publication
        • Ransomware in the Healthcare Industry
          • Ransomware is the fastest-growing malware threat today and is already an epidemic. The number of ransomware incidents affecting healthcare has grown substantially in the past few years. And has quickly become extremely lucrative for criminal enterprises. Ransomware directly affects the ability of the Healthcare Delivery Organization (HDO) to access their data.
          • Submitted to copyeditors
        • Information Technology Governance, Risk and Compliance in Healthcare
          • GRC is the policies and procedures that manage the organization’s process for aligning the management and control of information with business objectives, the organization’s risk tolerance, and how they comply with regulations and manage risk. This paper shows how to create a program for each and then integrate them into one cohesive and effective program.
          • Out of peer review July 21st, ready for final review and approval before submitting to copyeditors
    • Healthcare research projects in development
      • AI in healthcare systems
      • Jim is still working on a 1st draft
      • Ransomware additional content
        • Jim will work on an announcement blog post
        • Threat Modeling Project being developed by Top Threats group
          • HIM group can contribute to Top Threats or Deep Dive pieces later
      • Supply chain risk management
        • Michael has done first draft of research and will continue when ready
      • Building a Successful Vendor Risk Assessment (VRA) Program
        • Ashish is working on an outline blueprint that he will share at a future meeting
      • Healthcare Interoperability between providers
        • Michael has done first draft of research and will continue when ready
    • Next Meeting
      •  August 4th 11:30 AM

2-1-2. Health Information Management Meeting Call(終了)
           日時:2021年7月8日(木)3:30am~4:30am (JST)
場所:オンライン
[概要]

  • CSA Events and Updates
    • Chapter Events – Summer 2021
      • Moving from Cyber Security to Cyber Resiliency in the Cloud
      • CloudCon 2021
      • Account Takeover in Office 365
      • Dark Web, Demystified
    • CCAK Questions and Answers Collection
  • Medical Device Incident Response Playbook

    • Last chance to add feedback to this IoT group paper before it enters public peer review
  • Recent Releases
    • Upcoming Releases

      • The Use of Blockchain in Healthcare
        • This paper investigates current blockchain use cases in the medical field and the impact they may have. It begins with a description of blockchain technology and then discusses the benefits of using blockchain in healthcare, such as increasing the security of telehealth systems.  By using blockchain, organizations may be able to efficiently share healthcare data while ensuring patient privacy and data security at the same time.
          • Final design, scheduled for July release
      • Protecting the Privacy of Healthcare Data in the Cloud
        • Privacy is concerned with decisions about who should legitimately have the capability to access and alter information. In healthcare, the value associated with technology is connected to the collection of personal information. Ideally, technology should optimize the benefits individuals derive from technology while protecting the individual’s privacy.
          • Final review, scheduled for July/August release
    • Peer Review:

      • Ransomware in the Healthcare Industry
        • Ransomware is the fastest-growing malware threat today and is already an epidemic. The number of ransomware incidents affecting healthcare has grown substantially in the past few years. And has quickly become extremely lucrative for criminal enterprises. Ransomware directly affects the ability of the Healthcare Delivery Organization (HDO) to access their data.
          • Open until July 9th, 2021
      • Information Technology Governance, Risk and Compliance in Healthcare
        • GRC is the policies and procedures that manage the organization’s process for aligning the management and control of information with business objectives, the organization’s risk tolerance, and how they comply with regulations and manage risk. This paper shows how to create a program for each and then integrate them into one cohesive and effective program.
          • Open until July 21st, 2021
  • Healthcare research projects in development
    • AI in healthcare systems
      • Jim is still working on a 1st draft
    • Ransomware additional content
      • Jim will work on an announcement blog post
      • Threat Modeling Project being developed by Top Threats group
        • HIM group can contribute to Top Threats or Deep Dive pieces later
    • Supply chain risk management
      • Michael has done first draft of research and will continue when ready
    • Building a Successful Vendor Risk Assessment (VRA) Program
      • Ashish is working on an outline blueprint that he will share at a future meeting
    • Healthcare Interoperability between providers
      • Michael has done first draft of research and will continue when ready
  • Next Meeting
    •  Wednesday, July 21st 11:30 AM PT

[2021年6月]
1. 国内活動
[関西支部との連携強化活動]

2. グローバル活動

           2-1.  CSAグローバルHIM WGの活動

2-1-1. Health Information Management Meeting Call(終了)
           日時:2021年6月24日(木)3:30am~4:30am (JST)
場所:オンライン
[概要]

  • CSA News and Events
    • Chapter Events – Summer 2021
      • Moving from Cyber Security to Cyber Resiliency in the Cloud
      • CloudCon 2021
      • Account Takeover in Office 365
    • CSA Blog
    • CAIQ v4 Released
  • Medical Device Incident Response Playbook

    • Michael Roza reviewed the Medical Device Incident Response Playbook
  • Healthcare Publications Status Update
    • Recent Releases
    • Upcoming Releases
      • The Use of Blockchain in Healthcare
        • This paper investigates current blockchain use cases in the medical field and the impact they may have. It begins with a description of blockchain technology and then discusses the benefits of using blockchain in healthcare, such as increasing the security of telehealth systems.  By using blockchain, organizations may be able to efficiently share healthcare data while ensuring patient privacy and data security at the same time.
          • Final Design, scheduled for July release
      • Protecting the Privacy of Healthcare Data in the Cloud
        • Privacy is concerned with decisions about who should legitimately have the capability to access and alter information. In healthcare, the value associated with technology is connected to the collection of personal information. Ideally, technology should optimize the benefits individuals derive from technology while protecting the individual’s privacy.
          • Final Design, Scheduled August release
    • Currently in Peer Review
      • Ransomware in the Healthcare Industry
        • Ransomware is the fastest-growing malware threat today and is already an epidemic. The number of ransomware incidents affecting healthcare has grown substantially in the past few years. And has quickly become extremely lucrative for criminal enterprises. Ransomware directly affects the ability of the Healthcare Delivery Organization (HDO) to access their data.
          • Open until July 9th
      • Information Technology Governance, Risk and Compliance in Healthcare
        • GRC is the policies and procedures that manage the organization’s process for aligning the management and control of information with business objectives, the organization’s risk tolerance, and how they comply with regulations and manage risk. This paper shows how to create a program for each and then integrate them into one cohesive and effective program.
          • Open until July 21st
      • https://cloudsecurityalliance.org/research/contribute#peer-reviews
  • Healthcare Research Projects in Development
    • AI in healthcare systems
      • Jim is working on a 1st draft
    • Ransomware additional content
      • Jim will work on an announcement blog post
    • Supply chain risk management
      • Michael has done first draft of research and will continue when ready
    • Building a Successful Vendor Risk Assessment (VRA) Program
      • Ashish is working on an outline
    • Healthcare Interoperability between providers
      • Michael has done first draft of research and will continue when ready
  • Next Meeting
    •  Wednesday, July 7th 11:30 AM PT

[2021年5月]
1. 国内活動

  •  特になし

2. グローバル活動

           2-1.  CSAグローバルHIM WGの活動

2-1-1. Health Information Management Meeting Call(終了)
           日時:2021年5月27日(木)3:30am~4:30am (JST)
場所:オンライン
[概要]

  • HIM Activities, CSA Events
    • Chapter Events- Summer 2021
      • How to Think Life a Hacker to Avoid Cloud Exploits
        • June 10th, 2021
    • RSA Conference 2021
    • CCAK Exam now available
    • CSA Blog
    • Certificate of Cloud Auditing Knowledge (CCAK)
    • New Member Introductions
    • Group suggestions for the research publications, initiatives, and upcoming meetings
    • Open Discussion, Q&A, Next Meeting
  • Healthcare Publications in Development
  • Design, Peer Review
    • Telehealth Risk Management
      • The global pandemic has changed the rules governing telehealth dramatically, prompting HDOs to quickly update the required changes for achieving an effective governance and risk program. Having the processes in place will ensure a smooth and seamless transition to the new requirements while improving the current risk posture.
        • Copy edit and design, scheduled for release June 3rd
    • The Use of Blockchain in Healthcare
      • This paper investigates current blockchain use cases in the medical field and the impact they may have. It begins with a description of blockchain technology and then discusses the benefits of using blockchain in healthcare, such as increasing the security of telehealth systems.  By using blockchain, organizations may be able to efficiently share healthcare data while ensuring patient privacy and data security at the same time.
        • Copy edit and design, reviewing copyeditor’s final version
    • Protecting the Privacy of Healthcare Data in the Cloud
  • Research and Development
    • Ransomware in the Healthcare Industry
      • Ransomware is the fastest-growing malware threat today and is already an epidemic. The number of ransomware incidents affecting healthcare has grown substantially in the past few years. And has quickly become extremely lucrative for criminal enterprises. Ransomware directly affects the ability of the Healthcare Delivery Organization (HDO) to access their data.
        • Draft in internal review, ready for public peer review
      • Group discussion on current ransomware threats and mitigation techniques, and plans to create a blog post to more quickly provide ransomware recommendations and best practices for healthcare providers.
      • Discussed the recent Conti ransomware healthcare network attacks in Ireland, US, and worldwide:
    • Information Technology Governance, Risk and Compliance in Healthcare
      • GRC is the policies and procedures that manage the organization’s process for aligning the management and control of information with business objectives, the organization’s risk tolerance, and how they comply with regulations and manage risk. This paper shows how to create a program for each and then integrate them into one cohesive and effective program.
        • Draft in internal review, ready for public peer review
  • Healthcare initiative topics for consideration
    • AI in healthcare systems
    • Healthcare Interoperability between providers
    • Building a Successful Vendor Risk Assessment (VRA) Program
    • Best Practices: Medical Devices in the Cloud; Implementation Guide
  • Open Discussion, Q&A
  • Next Meeting
    •  Wednesday, June 9th 11:30 AM PT

2-1-2. Health Information Management Meeting Call(終了)
           日時:2021年5月13日(木)3:30am~4:30am (JST)
場所:オンライン
[概要]

  • CSA Events
    • Chapter Events
      • May 15th – June 10th, 2021
    • RSA Conference 2021
      • May 17th – 20th, 2021
  • CCAK Exam now available
  • CSA Blog
  • Healthcare Publications Status Update

    • Telehealth Risk Management
    • The Use of Blockchain in Healthcare
    • Protecting the Privacy of Healthcare Data in the Cloud
    • Governance, Risk, and Compliance (GRC)
    • Ransomware in the Healthcare Industry
  • Healthcare Initiatives for considerations
  • Open Discussion, Q&A

    [Healthcare Publications in Design, Peer Review]

  • Telehealth Risk Management
    • The global pandemic has changed the rules governing telehealth dramatically, prompting HDOs to quickly update the required changes for achieving an effective governance and risk program. Having the processes in place will ensure a smooth and seamless transition to the new requirements while improving the current risk posture. .
      • Copy Edit and Design, Preparing for publication as soon as possible
  • The Use of Blockchain in Healthcare
    • This paper investigates current blockchain use cases in the medical field and the impact they may have. It begins with a description of blockchain technology and then discusses the benefits of using blockchain in healthcare, such as increasing the security of telehealth systems.  By using blockchain, organizations may be able to efficiently share healthcare data while ensuring patient privacy and data security at the same time.
      • Copy Edit and Design, Preparing for publication as soon as possible
  • Protecting the Privacy of Healthcare Data in the Cloud
    • Privacy is concerned with decisions about who should legitimately have the capability to access and alter information. In healthcare, the value associated with technology is connected to the collection of personal information. Ideally, technology should optimize the benefits individuals derive from technology while protecting the individual’s privacy.

      • Peer Review until June 1st
  • Healthcare Publications in Development

    • Information Technology Governance, Risk and Compliance in Healthcare
      • GRC is the policies and procedures that manage the organization’s process for aligning the management and control of information with business objectives, the organization’s risk tolerance, and how they comply with regulations and manage risk. This paper shows how to create a program for each and then integrate them into one cohesive and effective program.
        • Draft in internal review, ready for public peer review
    • Ransomware in the Healthcare Industry
      • Ransomware is the fastest-growing malware threat today and is already an epidemic. The number of ransomware incidents affecting healthcare has grown substantially in the past few years. And has quickly become extremely lucrative for criminal enterprises. Ransomware directly affects the ability of the Healthcare Delivery Organization (HDO) to access their data.
        • Draft in internal review, open for comments and recommendation
  • Healthcare initiative topics for consideration
    • On hold until the current papers (Telehealth Risk, Blockchain in Healthcare) that are in the last stage of publication are released, so that we can clear our queue of projects to focus on.
      • AI in healthcare systems
      • Healthcare Interoperability between providers
      • Covid tracking and tracing, post mass vaccinations
      • Building a Successful Vendor Risk Assessment (VRA) Program
      • Best Practices: Medical Devices in the Cloud; Implementation Guide
      • Cloud based Electronic Health Records
      • Regulations Frameworks (HIPAA, GDPR, GAPP)
      • Standards activities (ISO, NIST, EU, California law)
      • Medical device and Health IT Joint Security Plan
      • Technologies to protect healthcare data
      • Health industry cybersecurity best practices
  • Open Discussion, Q&A
  • Next Meeting
    •  Wednesday, May 26th, 11:30 AM PT

[2021年4月]
1. 国内活動

  •  特になし

2. グローバル活動

           2-1.  CSAグローバルHIM WGの活動

2-1-1. Health Information Management Meeting Call(終了)
           日時:2021年4月29日(木)3:30am~4:30am (JST)
場所:オンライン
[概要]

  • HIM Activities, CSA Events
    • Chapter Events
      • April 28th – May 20th, 2021
    • RSA Conference 2021
    • CCAK Exam now available
    • CSA Blog
    • Healthcare Playbook
      • A paper in development outside of the working group connecting the CCM and STAR to sector specific requirements in the healthcare industry.
      • We are looking for subject matter experts from the HIM working group who would be interested in reviewing the Healthcare Playbook.
  • Healthcare Publications in Development
    • Telehealth Risk Management
      • The global pandemic has changed the rules governing telehealth dramatically, prompting HDOs to quickly update the required changes for achieving an effective governance and risk program. Having the processes in place will ensure a smooth and seamless transition to the new requirements while improving the current risk posture.
        • Copy Edit and Design phase, preparing for publication as soon as possible

    • The Use of Blockchain in Healthcare
      • This paper investigates current blockchain use cases in the medical field and the impact they may have. It begins with a description of blockchain technology and then discusses the benefits of using blockchain in healthcare, such as increasing the security of telehealth systems.  By using blockchain, organizations may be able to efficiently share healthcare data while ensuring patient privacy and data security at the same time.
        • Copy Edit and Design phase, preparing for publication as soon as possible
    • Protecting the Privacy of Healthcare Data in the Cloud
      •  Privacy is concerned with decisions about who should legitimately have the capability to access and alter information. In healthcare, the value associated with technology is connected to the collection of personal information. Ideally, technology should optimize the benefits individuals derive from technology while protecting the individual’s privacy.

        • Ready for public peer review, will post link when available
    • Information Technology Governance, Risk and Compliance in Healthcare
      • GRC is the policies and procedures that manage the organization’s process for aligning the management and control of information with business objectives, the organization’s risk tolerance, and how they comply with regulations and manage risk. This paper shows how to create a program for each and then integrate them into one cohesive and effective program.
        • Draft in internal review open for comments, soon ready for public peer review
    • Ransomware in the Healthcare Industry
      • Ransomware is the fastest-growing malware threat today and is already an epidemic. The number of ransomware incidents affecting healthcare has grown substantially in the past few years. And has quickly become extremely lucrative for criminal enterprises. Ransomware directly affects the ability of the Healthcare Delivery Organization (HDO) to access their data.
        • Draft in internal review open for comments
  • Healthcare initiative topics for consideration
    • AI in healthcare systems
    • Healthcare Interoperability between providers
    • Covid tracking and tracing, post mass vaccinations
    • Building a Successful Vendor Risk Assessment (VRA) Program
    • Best Practices: Medical Devices in the Cloud; Implementation Guide
    • Cloud based Electronic Health Records
    • Regulations Frameworks (HIPAA, GDPR, GAPP)
    • Standards activities (ISO, NIST, EU, California law)
    • Medical device and Health IT Joint Security Plan
    • Technologies to protect healthcare data
    • Health industry cybersecurity best practices
  • Open Discussion, Q&A
  • Next Meeting
    •  Wednesday, May 12th, 11:30 AM PT

2-1-2. Health Information Management Meeting Call(終了)
           日時:2021年4月15日(木)3:30am~4:30am (JST)
場所:オンライン
[概要]

  • CSA Events
    • Chapter Events
      • April 20th – 27th, 2021
    • RSA Conference 2021
      • May 17th – 20th, 2021
  • CCAK Exam now available
  • CSA Blog
  • Research Lifecycle – 20 Steps to Publication
  • Open Discussion, Q&A
  • Healthcare Publications in Progress
    • Protecting the Privacy of Healthcare Data in the Cloud
      • Draft in internal review open for feedback, ready for public peer review.
    • Governance, Risk, and Compliance (GRC)
      • Draft in internal review open for feedback, soon ready for public peer review.
    • Ransomware in the Healthcare Industry
      • Jim will soon be posting an early draft of a paper on ransomware general knowledge and prevention recommendations in which others can contribute content and provide feedback to.
      • Ransomware Notes 
        • Ransomware is a type of malware that infects systems and files, rendering them inaccessible until a ransom is paid. When this occurs in the healthcare industry, critical processes are slowed or become completely inoperable, slowing the medical process and ultimately soaking up funds that may otherwise have been allocated.
        • One of the most common delivery systems is phishing spam, attachments that come to the victim in an email, masquerading as a file they should trust. Once they’re downloaded and opened, they can take over the victim’s computer, especially if they have built-in social engineering tools that trick users into allowing administrative access. There are several things the malware might do once it’s taken over the victim’s computer, but by far the most common action is to encrypt some or all of the user’s files.
        • Overall, Emsisoft data shows at least 2,354 US government, healthcare, and schools were impacted by ransomware attacks in 2020
        • The second half of the year saw some of the greatest impact from ransomware, with a host of healthcare ransomware victims were driven into EHR downtime. These attacks also caused other life-threatening disruptions, including the diversion of ambulances, inaccessible lab tests, radiation treatments for cancer patients were delayed, medical records were rendered temporarily inaccessible and, in some cases, permanently lost, while hundreds of staff were furloughed as a result of the disruptions.
      • https://healthitsecurity.com/news/560-healthcare-providers-fell-victim-to-ransomware-attacks-in-2020
      • https://www.zdnet.com/article/ransomware-attacks-now-to-blame-for-half-of-healthcare-data-breaches/
    • Healthcare initiative topics for Consideration
      • AI in healthcare systems
      • Healthcare Interoperability between providers
      • Covid tracking and tracing, post mass vaccinations
      • Building a Successful Vendor Risk Assessment (VRA) Program
      • Best Practices: Medical Devices in the Cloud; Implementation Guide
      • Cloud based Electronic Health Records
      • Regulations Frameworks (HIPAA, GDPR, GAPP)
      • Standards activities (ISO, NIST, EU, California law)
      • Medical device and Health IT Joint Security Plan
      • Technologies to protect healthcare data
      • Health industry cybersecurity best practices
  •  Upcoming Zoom meeting: April 28th, 11:30 AM PT

2-1-3. Health Information Management Meeting Call(終了)
           日時:2021年4月1日(木)3:30am~4:30am (JST)
場所:オンライン
[概要]

  • CSA Events
    • CCAK Exam now available
    • CCM v4 additional mapping, updates
    • Call for Participation
    • Zero Trust Security and the use of the Cloud
    • SecureWorld Mid-Atlantic virtual conference
    • EMEA Summit 2021
  • Certificate of Cloud Auditing Knowledge (CCAK) Exam
  • HIM Circle Community
  • Healthcare Publications
    • Telehealth Risk Management
      • Out of public peer review 3/22, in design phase, waiting for release date.
    • The Use of Blockchain in Healthcare
      •  Out of public peer review 3/31, in design phase, waiting for release date.
    • Protecting the Privacy of Healthcare Data in the Cloud
      • Draft in internal review open for feedback, soon ready for public peer review.
    • Governance, Risk, and Compliance (GRC)
      • Draft in internal review open for feedback, soon ready for public peer review.
    • Ransomware in the Healthcare Industry
      • Jim will soon be posting an early draft of a paper on ransomware general knowledge and prevention recommendations in which others can contribute content and provide feedback to.
    • Ransomware Notes 
      • Ransomware is a type of malware that infects systems and files, rendering them inaccessible until a ransom is paid. When this occurs in the healthcare industry, critical processes are slowed or become completely inoperable, slowing the medical process and ultimately soaking up funds that may otherwise have been allocated.
      • There are several things the malware might do once it’s taken over the victim’s computer, but by far the most common action is to encrypt some or all of the user’s files.
      • One of the most common delivery systems is phishing spam, attachments that come to the victim in an email, masquerading as a file they should trust. Once they’re downloaded and opened, they can take over the victim’s computer, especially if they have built-in social engineering tools that trick users into allowing administrative access.
    • Ransomware Stats
  • Open Discussion, Q&A
  • Future Healthcare Topics
    • AI and IoT in remote healthcare
      • Examine how modern and future AI and IoT systems are being integrated and utilized by healthcare cloud providers to offer enhanced support and opportunity to their patients.
    • Building a Successful Vendor Risk Assessment (VRA) Program
    • Covid vaccine tracking/tracing
      • Discussed issues with deploying the vaccine, how it’s currently being distributed, and the recent “loss” of millions of vaccines. Started to come up with ways to research/report on the situation.
    • Regulations Frameworks (HIPAA, GDPR, GAPP)
      • At a previous meeting, Ashish commented that he has experience with regulatory frameworks and could speak on the topic in the future.
    • Other Ideas
      • Best Practices: Medical Devices in the Cloud; Implementation Guide
      • Cloud based Electronic Health Records
      • Standards activities (ISO, NIST, EU, California laws)
      • Medical device and Health IT Joint Security Plan
      • Technologies to protect healthcare data
      • Health industry cybersecurity best practices
    •  Upcoming Zoom meeting: April 14th, 11:30 AM PT
        • Discuss and address feedback for the privacy and GRC healthcare papers
        • Continuing Ransomware discussion and planning for development of that paper
        • Review next Healthcare topic ideas and review status
      • Review HIM Artifacts
      • HIM on CSA websites

[2021年3月]

1. 国内活動

  •  特になし

2. グローバル活動

           2-1.  CSAグローバルHIM WGの活動

2-1-1. Health Information Management Meeting Call(終了)
           日時:2021年3月17日(木)4:30am~5:30am (JST)
場所:オンライン
[概要]

  • Intro
    • CSA Events
      • Call for Participation
      • Exploring Cloud identities, API’s and automation
      • Zero Trust Security and the use of the Cloud
      • APAC Virtual Summit 2021
      • EMEA Summit 2021
    • Certificate of Cloud Auditing Knowledge (CCAK) Exam
    • HIM Circle community
  • Peer Review
    • Telehealth Risk Management 
      • Until March 22nd, 2021
    • Blockchain in healthcare – HIM_BC Collab
      • Completed peer review process in blockchain group, now going to be released from the Health Information Management group
  • Healthcare Publications in Progress

    • Protecting the Privacy of Healthcare Data in the Cloud
      • Draft, internal review looking for feedback. Most likely ready for peer review in April
    • Governance, Risk, and Compliance (GRC)
      • Draft, internal review looking for feedback
  • Open Discussion, Q&A
  • Future Healthcare Topics

    • Ransomware
      • It was agreed from the group that Ransomware would be a good next topic to research and create a publication from because of the increased number of attacks that healthcare providers have had to deal with, and the immense loss that can be suffered, with 46% of healthcare data breaches being ransomware attacks. Ransomware attackers are using double extortion techniques as a method to force victims to give in and pay instead of restoring the network themselves, rather than risk private medical information being released or destroyed.
    • AI, IoT in Healthcare
      • Examine how modern and future AI and IoT systems are being integrated and utilized by healthcare cloud providers to offer enhanced support and opportunity to their patients.
    • Covid vaccine tracking/tracing
      • Discussed issues with deploying the vaccine, how it’s currently being distributed, and the recent “loss” of millions of vaccines. Started to come up with ways to research/report on the situation.
    • Regulations Frameworks (HIPAA, GDPR, GAPP)
      • Ashish Vashishtha commented that he has experience with regulatory frameworks and could speak on the topic in the future.
    • Best Practices: Medical Devices in the Cloud; Implementation Guide
    • Cloud based Electronic Health Records
    • Standards activities (ISO, NIST, EU, California laws)
    • Medical device and Health IT Joint Security Plan
    • Technologies to protect healthcare data
    • Health industry cybersecurity best practices
  •  Next Zoom meeting: March 31st, 11:30 AM PT

2-1-2. Health Information Management Meeting Call(終了)
           日時:2021年3月4日(木)4:30am~5:30am (JST)
場所:オンライン
[概要]

  • Intro
    • CSA Events
      • Journey to the Cloud with Confidence
      • CCSK Training and Certification Guidelines
      • CSA APAC Virtual Summit 2021
    • Certificate of Cloud Auditing Knowledge (CCAK) Exam
    • HIM Circle community
  • Healthcare Publications in Progress
    • Telehealth Risk Management 
      • Currently in Peer Review until March 22nd available for public distribution and review
    • Governance, Risk, and Compliance (GRC)
      • Draft, internal review looking for feedback
    • Protecting the Privacy of Healthcare Data in the Cloud
      • Draft, internal review looking for feedback
    • Blockchain in healthcare – HIM_BC Collab
      • Lead authored by Jim Angle, in review with Blockchain working group
  • Open Discussion, Q&A
  • Future Healthcare Topics
    • IoT, AI, Ransomware healthcare risks
      • Vince and Michael Roza discussed risks that AI and ransomware have on healthcare systems.
    • Covid vaccine tracking/tracing
      • Discussed issues with deploying the vaccine, how it’s currently being distributed, and the recent “loss” of millions of vaccines. Started to come up with ways to research/report on the situation.
    • Regulations Frameworks (HIPAA, GDPR, GAPP)
      • Ashish Vashishtha commented that he has experience with regulatory frameworks and could speak on the topic in the future.
    • Best Practices: Medical Devices in the Cloud; Implementation Guide
    • Cloud based Electronic Health Records
    • Standards activities (ISO, NIST, EU, California laws)
    • Medical device and Health IT Joint Security Plan
    • Technologies to protect healthcare data
    • Health industry cybersecurity best practices
  •  Next Zoom meeting: March 17th, 11:30 AM PT
    • Review comments from healthcare papers, and plan next steps.
    • Review HIM Artifacts
    • HIM on CSA website

[2021年2月]
1. 国内活動

  •  特になし

2. グローバル活動

           2-1.  CSAグローバルHIM WGの活動

2-1-1. Health Information Management Meeting Call(終了)
           日時:2021年2月18日(木)4:30am~5:30am (JST)
場所:オンライン
[概要]

  • Intro
    • CSA Events
      • Journey to the Cloud with Confidence
      • CSA APAC Virtual Summit 2021
    • Certificate of Cloud Auditing Knowledge (CCAK) Exam
    • HIM Circle community
  • Current Healthcare projects
    • Telehealth Risk Assessment 
      • Draft, ready for public peer review
      • Reviewed latest changes, all comments and specific feedback have been addressed, and the paper is ready for public peer review, and among healthcare and cyber security professionals inside and out of CSA. The peer review link will be included as soon as it’s available.
    • Governance, Risk, and Compliance (GRC)
      • -Draft, ready for internal review
    • Protecting the Privacy of Healthcare Data in the Cloud
      •  Draft, ready for internal review

    • Blockchain in healthcare – HIM_BC Collab 
      •  A new paper authored by Jim Angle, in collaboration with the Blockchain working group, now in peer review
      • -Peer review in Blockchain group.
  • Open Discussion, Q&A
  • Future Healthcare Topics – 2020, 2021
    • Covid vaccine tracking/tracing – Discussed issues with deploying the vaccine, how it’s currently being distributed, and the recent “loss” of millions of vaccines. Started to come up with ways to research/report on the situation.
    • Best Practices: Medical Devices in the Cloud; Implementation Guide
    • Cloud based Electronic Health Records
    • Regulations Frameworks (HIPAA, GDPR, GAPP)
    • Standards activities (ISO, NIST, EU, California laws)
    • Medical device and Health IT Joint Security Plan
    • Technologies to protect healthcare data
    • Health industry cybersecurity best practices
  •  Next Zoom meeting: March 3rd, 11:30 AM PT

2-1-2. Health Information Management Meeting Call(終了)
           日時:2021年2月4日(木)4:30am~5:30am (JST)
場所:オンライン
[概要]

CSA Events

  • CSA Cloudbytes Connect (February 2nd – 4th)

    • Reviewed the “Birds of a Feather” Healthcare session and the discussion topics that came from it.
    • Reviewed the agenda for the last day of Cloudbytes Connect for Friday, February 4th.

Current Healthcare Project

  • Telehealth Risk Assessment 
  • Reviewed latest changes and suggested feedback, plan next steps.
  • Jim will be following up with others on remaining specific questions he had regarding suggested changed.
  • After finalizing the remaining feedback, the Telehealth Risk Assessment will be submitted for public peer review and ready for wider distribution among healthcare and cyber security professionals inside and out of CSA.

Open Discussion, Q&A

    • Future Healthcare Topics – 2020, 2021
      • Blockchain in healthcare – HIM_BC Collab –  A new paper authored by Jim Angle, in collaboration with the Blockchain working group, now in peer review.
      • Covid vaccine tracking/tracing – Discussed issues with deploying the vaccine, how it’s currently being distributed, and the recent “loss” of millions of vaccines. Started to come up with ways to research/report on the situation.
      • Best Practices: Medical Devices in the Cloud; Implementation Guide
      • Cloud based Electronic Health Records
      • Governance, Risk, and Compliance (GRC) – Circle Unpublished paper
      • Regulations Frameworks (HIPAA, GDPR, GAPP)
      • Standards activities (ISO, NIST, EU, California laws)
      • Medical device and Health IT Joint Security Plan
      • Technologies to protect healthcare data
      • Health industry cybersecurity best practices
    •  Next Zoom meeting: February 17th, 11:30 AM PT

[2021年1月]
1. 国内活動

  •  特になし

2. グローバル活動

           2-1.  CSAグローバルHIM WGの活動

2-1-1. Health Information Management Meeting Call(終了)
           日時:2021年1月21日(木)4:30am~5:30am (JST)
場所:オンライン
[概要]

  • CSA Events
    •  New HIM webpage layout with research and blogs.
    • https://cloudsecurityalliance.org/
      • New website changes, Circle character guide, CCAK, upcoming Cloudbytes webinars, Chapter webinars.
  • Current Healthcare projects
    • Telehealth Risk Assessment
    • Reviewed latest changes and suggested feedback, plan next steps.
    • Jim will be following up with others on a few specific questions he had regarding suggested changed.
    • After finalizing the remaining feedback, the Telehealth Risk Assessment will be submitted for public peer review and ready for wider distribution among healthcare and cyber security professionals inside and out of CSA.
  • Open Discussion, Q&A
      • Future Healthcare Topics – 2020, 2021
        • Blockchain in healthcare – HIM_BC Collab –  A new paper authored by Jim Angle, in collaboration with the Blockchain working group, now in peer review.
        • Covid vaccine tracking/tracing 
        • Best Practices: Medical Devices in the Cloud; Implementation Guide
        • Cloud based Electronic Health Records
        • Governance, Risk, and Compliance (GRC) – Circle Unpublished paper
        • Regulations Frameworks (HIPAA, GDPR, GAPP)
        • Standards activities (ISO, NIST, EU, California laws
        • Medical device and Health IT Joint Security Plan
        • Technologies to protect healthcare data
        • Health industry cybersecurity best practices
    •  Next Zoom meeting: February 3rd, 11:30 AM PT

2-1-2. Health Information Management Meeting (Call)(終了)
           日時:2021年1月9日(木)4:30am~5:30am (JST)
場所:オンライン
[概要]

  • CSA Events
    •  New HIM webpage layout with research and blogs.
    • https://cloudsecurityalliance.org/
      • New website changes, Circle character guide, CCAK, upcoming Cloudbytes webinars, Chapter webinars.
  • Current Healthcare projects
    • Telehealth Risk Assessment
    • Review current material, plan next steps
  • Open Discussion, Q&A
  • Current Project
  • Telehealth Risk Assessment
5 risk assessment questions in progress. Work on this paper can be tracked in the discussion post.

1. How to do a risk assessment, starting with HDO and including cloud.

    1. Specific things to look assess, may include some kind of checklist guidance.
    2. Documents to review, what to look for in different third party assessment reports.

2. HIPAA and GDPR compliance, what the basic requirements are and steps to take to comply.

  1. List of must do things for both privacy and security

3. Basic steps to ensure secure use: IAM, data transmission, and data storage.

4. Cross-Border/ Offshoring of Healthcare Information
  1. Implications, restrictions
  2. Regulatory differences

5. EU’s Directive on Security of Network and Information Systems (NIS Directive) compliance.
1. Concerns for OES (Operators of Essential Services)
Future Healthcare Topics – 2020, 2021

    • Blockchain in healthcare – HIM_BC Collab –  A new paper authored by Jim Angle, in collaboration with the Blockchain working group, now in peer review.
    • Covid vaccine tracking/tracing 
    • Best Practices: Medical Devices in the Cloud; Implementation Guide
    • Cloud based Electronic Health Records
    • Governance, Risk, and Compliance (GRC) – Circle Unpublished paper
    • Regulations Frameworks (HIPAA, GDPR, GAPP)
    • Standards activities (ISO, NIST, EU, California laws
    • Medical device and Health IT Joint Security Plan
    • Technologies to protect healthcare data
    • Health industry cybersecurity best practices
  •  Next Zoom meeting: January 20th, 11:30 AM PT
    • Next meeting we will have a final internal review of the Telehealth Risk Assessment before it goes in Peer Review.

[2020年12月]
1. 国内活動

  •  特になし

2. グローバル活動

           2-1.  CSAグローバルHIM WGの活動

2-1-1. Health Information Management Meeting Call (終了)
           日時:2020年12月9日(木)4:30pm~5:30pm (JST)
場所:オンライン
[概要]

CSA Events

    • New HIM webpage layout with research and blogs.
    • https://cloudsecurityalliance.org/
      • New website changes, Circle character guide, CCAK, Cloudbytes webinars, Chapter webinars.

Current Healthcare projects

  • Telehealth Risk Assessment
  • Review current material, plan next steps

Open Discussion, Q&A

Current Project
Telehealth Risk Assessment

5 risk assessment questions in progress. Work on this paper can be tracked in the discussion post.
1. How to do a risk assessment, starting with HDO and including cloud.
    1. Specific things to look assess, may include some kind of checklist guidance.
    2. Documents to review, what to look for in different third party assessment reports.

2. HIPAA and GDPR compliance, what the basic requirements are and steps to take to comply.

  1. List of must do things for both privacy and security

3. Basic steps to ensure secure use: IAM, data transmission, and data storage.

4. Cross-Border/ Offshoring of Healthcare Information
  1. Implications, restrictions
  2. Regulatory differences

5. EU’s Directive on Security of Network and Information Systems (NIS Directive) compliance.
1. Concerns for OES (Operators of Essential Services)

Future Healthcare Topics – 2020, 2021

    • Blockchain in healthcare – HIM_BC Collab –  A new paper authored by Jim Angle, in collaboration with the Blockchain working group, now in peer review.
    • Covid vaccine tracking/tracing 
    • Best Practices: Medical Devices in the Cloud; Implementation Guide
    • Cloud based Electronic Health Records
    • Governance, Risk, and Compliance (GRC) – Circle Unpublished paper
    • Regulations Frameworks (HIPAA, GDPR, GAPP)
    • Standards activities (ISO, NIST, EU, California laws
    • Medical device and Health IT Joint Security Plan
    • Technologies to protect healthcare data
    • Health industry cybersecurity best practices
  •  Next Zoom meeting: January 6th, 11:30 AM PT
    • We will be skipping the next bi-weekly call for the holidays and will regroup after the new year, continuing work on the Telehealth Risk Assessment paper and other upcoming healthcare topics.

[2020年11月]
1. 国内活動

  •  特になし

2. グローバル活動

           特になし

[2020年10月]
1. 国内活動

  •  特になし

2. グローバル活動

           2-1.  CSAグローバルHIM WGの活動

2-1-1. Health Information Management Meeting (Relaunch call) (終了)
           日時:2020年10月29日(木)3:30am~4:30am (JST)
場所:オンライン
[概要]

  • Working group governance – John Yeoh
    • Why Health Information Management?
      • The HIM working group aims to provide direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications and storage) to their clients, and foster cloud awareness within all aspects of healthcare and related industries.
    • CSA Research Portfolio
    • Recent healthcare news, Covid-19
  • Working Group Activities – Alex Kaluza
    • HIM Leadership
      • Co-Chairs
        • Dr. Jim Angle – Vulnerability Management at Trinity Health
          • 2020 Ron Knode Service Award Recipient
        • Vince Campitelli – Enterprise Security Specialist at Cloud Security Alliance
      • CSA Research
        • Alex Kaluza – Research Analyst
        • John Yeoh – Research Global Director
  • Latest Publications – Jim Angle
  • Healthcare Info Security Interview – Jim Angle
  • Current Project – Vince Campitelli
    • Telehealth Risk Assessment, based on CSA’s Perspective on Cloud Risk Management recent publication.
      • CSA’s Perspective on Cloud Risk Management
      • Initial draft on HIPAA and GDPR compliance, what the basic requirements are and steps to take to comply.
      • More assistance from the HIM working group needed to answer additional risk assessment questions, which can be found in the discussion post, here.
  • Future Topics – Vince Campitelli
    • Best Practices: Medical Devices in the Cloud; Implementation Guide
    • Cloud based Electronic Health Records
    • Governance, Risk, and Compliance (GRC), Regulations Frameworks (HIPAA, GDPR, GAPP), and Standards activities (ISO, NIST, EU, California law)
    • Technologies to protect healthcare data
    • Health industry cybersecurity best practices
  • Call for Action – Alex Kaluza
    • Join the next Health Information Management Zoom meeting
      • Next meeting November 11th 11:30 AM PT
    • Understand and discuss the latest trends in cloud and healthcare services
      • Circle Health Information Management working group
    • Participate in CSA open peer reviews and surveys

[2020年9月]
1. 国内活動

  •  特になし

2. グローバル活動

           2-1.  CSAグローバルHIM WGの活動

2-1-1. CSA India Virtual Summit 2020(終了)
           日時:2020年9月24日(木)1:45pm~ (IST)
場所:オンライン(Zoom)
https://www.csaapac.org/indiavsummit2020.html
[概要]
Panel Discussion : Impact of COVID-19 on Cloud Adoption & Security
The lockdown has been an inflexion point in the adoption of cloud computing; we have observed increased usage and adoption. The increased usage as well as new cloud adoption during the current crisis is a positive outcome of the lockdown. The distinguished panel from APAC & India will offer their views and perspectives.

Moderator: Vandana VERMA (Global Board of Directors at OWASP and President at InfosecGirls)
Panelists:
Satyavathi DIVADRI (Chairman, CSA Bangalore Chapter)
Dr. Eiji SASAHARA (ED, CSA Japan Chapter)
Dr. Hing-Yan LEE (EVP APAC, CSA)

2-1-2. CSA Health Information Management WG call(終了)
                        日時:2020年9月3日(木)4:30am~5:30am
場所:オンライン(WebEX)
コーディネーター:Alex Kaluza (CSA)
[概要]

  • CSA Events Calendar
    • SECtember – September 8th– 25th 11:00 AM – 12:00 PM, Everyday sessions
    • CSA Virtual EMEA Congress – November 3rd – 5th
    • Cloudbytes Connect (TBD)
    • ISC2 – December 16 -18th
    • re:Invent – December 16 -18th
  • Telehealth Risk Assessment
    •  1. How to do a risk assessment, starting with HDO and including cloud.
        • Specific things to look assess, may include some kind of checklist guidance.
        • Documents to review, what to look for in different third party assessment reports.

      2. HIPAA and GDPR compliance, what the basic requirements are and steps to take to comply.
      -List of must do things for both privacy and security.
      3. Basic steps to ensure secure use: IAM, data transmission, and data storage.
      4. Cross-Border/ Offshoring of Healthcare Information
      -Implications, restrictions
      -Regulatory differences

    • 5. EU’s Directive on Security of Network and Information Systems (NIS Directive) compliance.
      -Concerns for OES (Operators of Essential Services)
  • Recent HIM Publications
  • Telehealth Data in the Cloud Released July 23rd – June 18th
    • The Telehealth paper was picked up by Cyber Security news site Dark Reading.
      • What are the HIPAA/HITECH challenges you’re facing?
      • What security breaches and incidents are you concerned with?
  • Healthcare Big Data in the Cloud
  • Future Initiative Topics

    • Governance, Risk, and Compliance (GRC)
    • Privacy of Healthcare Data in the Cloud
    • Blockchain in Healthcare
    • Regulations Frameworks ( HIPAA, GDPR,GAPP?)
    • Standards activities ( ISO,NIST,)
    • Privacy challenges of Cloud for HC (data location, trans-border concerns, third-party risk)
    • Technologies to protect HC data
    • Cloud based Electronic Health Records, Intersection of wearable devices and healthcare, implementation guide, risk chart
    • HIM Relaunch Call – September 30th

      • Targeted push on social media of call from CSA marketing and membership
      • Cvent registration page with meeting agenda
      • HIM Charter, research lifecycle, and working group activities
      • Co-Chair’s present on recently released healthcare publications and topics
      • Call to Action – How to contribute

[2020年8月]
1. 国内活動

  •  特になし

2. グローバル活動
           2-1.  CSAグローバルHIM WGの活動

2-1-1. CSA Health Information Management WG call(終了)
                        日時:2020年8月6日(木)4:30am~5:30am
場所:オンライン(WebEX)
コーディネーター:Alex Kaluza (CSA)
[概要]

  • HIM Relaunch Call
    • Review and present revised HIM Charter.
    • Co-Chair’s present on recent released HIM publications.
    • Targeted push of call from CSA marketing and membership, potential survey to gather more interest.

[2020年7月]
1. 国内活動

  •  特になし

2. グローバル活動
           2-1.  CSAグローバルHIM WGの活動

2-1-1. CSA Health Information Management WG call(終了)
                        日時:2020年7月23日(木)4:30am~5:30am
場所:オンライン(WebEX)
コーディネーター:Alex Kaluza (CSA)
[概要]

  • Telehealth Data in the Cloud
  • Healthcare Big Data in the Cloud
    • Release Date: July 23rd
    • https://cloudsecurityalliance.org/artifacts/healthcare-big-data-in-the-cloud/
      • Introduction: A digital transformation is emerging within the healthcare industry. The use of cloud computing, big data analytics, coupled with the move to consumer centric healthcare are changing the way healthcare is delivered. This digital transformation has changed healthcare in ways that were not possible just a few years ago. Healthcare Delivery Organizations (HDO) have access to large quantities of data that if collated, analyzed, and properly utilized can provide tremendous benefit to both the HDO and the patient.
  • Other Future Initiative Topics
    • Proposed Topics by Jim Angle 
        • Governance, Risk, and Compliance (GRC)
        • Privacy of Healthcare Data in the Cloud
        • Blockchain in Healthcare
      • Diego Diviani, standards, regulation ideas
        • Privacy challenges of Cloud for HC (data location, trans-border concerns, third-party risk)
        • Standards activities ( ISO,NIST,)
        • Regulations Frameworks ( HIPAA, GDPR,GAPP?)
        • Technologies to protect HC data
      • Jim and Patty will be compiling questions for a risk assessment paper related to the Telehealth data in the Cloud for a potential future release.
      • Cloud based Electronic Health Records, Intersection of wearable devices and healthcare, and other proposed healthcare topics are currently on hold, and will be brought up in future meetings.
      • Guest Speaker from Blockchain, other WG’s with complementary topics.
  • HIM Relaunch Call
    • Review and present revised HIM Charter.
    • Co-Chair’s present on recent released HIM publications.
    • Potential deep-dive into new or existing Healthcare related topic.
    • Targeted push of call from CSA marketing and membership, potential survey to gather more interest.

2-1-2. CSA Health Information Management WG call(終了)
                        日時:2020年7月9日(木)4:30am~5:30am
場所:オンライン(WebEX)
コーディネーター:Alex Kaluza (CSA)
[概要]

  • CSA Events Calendar
    • Federal Summit – CSA Research Director John Yeoh gave his first hand experience being at the one of the first in-person Cybersecurity conference in months. Low attendance, controlled environment, but quality presentations and content.
    • Healthcare in Big Data, Release Date: July 15th
    • CSA CloudBytes Connect (July event)
    • Blackhat (7.31-8.6, Las Vegas) *Moved to Virtual
    • SECtember (September 14th-18th, Seattle)
  • Telehealth Data in the Cloud
  • Healthcare Big Data in the Cloud
    • Design Phase, Release Date: July 15th
    • https://cloudsecurityalliance.org/artifacts/healthcare-big-data-in-the-cloud/
      • Introduction: A digital transformation is emerging within the healthcare industry. The use of cloud computing, big data analytics, coupled with the move to consumer centric healthcare are changing the way healthcare is delivered. This digital transformation has changed healthcare in ways that were not possible just a few years ago. Healthcare Delivery Organizations (HDO) have access to large quantities of data that if collated, analyzed, and properly utilized can provide tremendous benefit to both the HDO and the patient.
  • Other Future Initiative Topics
    • The Co-Chairs discussed privacy related healthcare topics for potential paper ideas.
    • Cloud based Electronic Health Records, Intersection of wearable devices and healthcare, and other proposed healthcare topics are currently on hold, and will be brought up in future meetings.
  • HIM Relaunch Call
    • Review and present revised HIM Charter.
    • Co-Chair’s present on recent released HIM publications.
    • Guest Speaker from Blockchain, other WG’s with complementary topics.
    • Potential deep-dive into new or existing Healthcare related topic.
    • Targeted push of call from CSA marketing and membership, potential survey to gather more interest.

[2020年6月]
1. 国内活動
2020年度(2020年6月~2021年5月)活動計画/目標

  •  国内活動
    • ライフサイエンス/医薬品/医療機器産業、医療機関/介護施設/健康増進サービス事業者、患者/消費者を含む健康医療情報バリューチェーン全体におけるCSAガイダンス、CCM、STAR認証、医療機器/遠隔医療セキュリティガイダンス、IoTセキュリティガイダンス、アプリケーションコンテナ/マイクロサービスガイダンス等の有効活用の推進活動
    • CSAのワーキンググループが主導するCSAガイダンス、CCMおよびその他発行文書類(例.IoTセキュリティガイダンス)に関する、業界の視点に立ったピアレビューの実施およびフィードバックの提供
    • 健康医療情報に関わる国内外の主要なステークホルダーコミュニティ(例.フォーカスグループ、業界団体、研究機関、フォーラム、学術団体など)との積極的な協業活動
    • 上記に関する周知、認知、研究の機会を計画/実行するために、関東分科会および関西分科会を設置するとともに、オンラインツールを活用する
  • グローバル活動
    • CSA HIM-WGのグローバル活動への積極的コミットメント
    • CSA海外チャプターとの連携活動強化(例:中国、東南アジア、インド、EMEA)

2. グローバル活動
           2-1.  CSAグローバルHIM WGの活動

2-1-1. CSA Health Information Management WG call(終了)
                        日時:2020年6月25日(木)4:30am~5:30am
場所:オンライン(WebEX)
コーディネーター:Alex Kaluza (CSA)
[概要]

  • CSA Events Calendar
    • Telehealth paper, released 6/16.
    • Healthcare in Big Data, peer review ended 6/17.
    • CSA CloudBytes Connect (July event)
      • Submission for Health Information Management to speak on a Healthcare topic or the latest release.
    • Blackhat (7.31-8.6, Las Vegas) *Moved to Virtual
    • SECtember (September 14th-18th, Seattle)
      • Jim submitted to present
  • Telehealth Data in the Cloud
  • Healthcare Big Data in the Cloud
    • Jim Angle addressed some of the remaining feedback of a few remaining questions, and discussed with Vince how to handle responding to those.
    • Will be going into design phase before release.
  • Other Future Initiative Topics
    • Cloud based Electronic Health Records, Intersection of wearable devices and healthcare, and other proposed healthcare topics are currently on hold, and will be brought up in future meetings.
    • If anyone has a healthcare topic of interest they would like brought up at the next meeting (7/8) please let myself, or one of the Co-Chair’s know.

2-1-2. Cloud Security Alliance – Delaware Valley Chapter(終了)
日時:2020年6月25日(木)1:00am~2:00am
場所:オンライン開催
https://www.eventbrite.com/e/lessons-from-leveraging-risk-management-for-cybersecurity-in-healthcare-tickets-103708069628
演題:Lessons from Leveraging Risk Management for Cyber security in Healthcare
講師:Boris Vishnevsky, Principal, Complex Solutions and Cyber Security at Slalom & Adjunct Professor at Thomas Jefferson University.
[概要]
What comparison between human and computer viruses can teach us about risk management?
COVID-19 pandemic made us appreciate viruses as critical players in the history of humanity.
As we continue to learn to live in a “new normal” imposed on the world by this global pandemic, we forced to rethink our approaches to managing risks.
If we parallel the evolution, compare the history of biological and computer-based viruses, we can develop a new appreciation for leveraging modern risk management frameworks such as NIST RMF and CSA CAIQ. The comparison of origin, spread, and mitigation of viruses can help draw essential lessons in risk management. These lessons apply to both cybersecurity as well as population health.
In this session, we review, compare, and contrast risk mitigation techniques for biological and computer viruses based on risk management practices defined by CSA and NIST.

2-1-3. CSA Health Information Management WG call(終了)
                        日時:2020年6月11日(木)4:30am~5:30am
場所:オンライン(WebEX)
コーディネーター:Alex Kaluza (CSA)
[概要]

  • CSA Events Calendar
    • Telehealth paper now in design phase, released 6/22.
    • CSA CloudBytes Connect (July event)
      • Submission for Health Information Management to speak on a Healthcare topic or the latest release.
    • Blackhat (7.31-8.6, Las Vegas) *Moved to Virtual
    • SECtember (September 14th-18th, Seattle)
      • Submission to present a HIM release
  • Telehealth Paper
    • Peer review is now closed, currently in the design phase to be released June 22nd.
  • Current Initiative
    • Healthcare Big Data in the Cloud 
      • The next paper of focus for the HIM group, still in open peer review for another week until 6/17.
      • Co-Chair Jim Angle addressed some feedback that he’s received, and additions he has made to the paper.
      • Any feedback or comments regarding the paper, or direction in which to take it are welcome.
  • Other Initiatives
    • Cloud based Electronic Health Records, Intersection of wearable devices and healthcare, and other proposed healthcare topics are currently on hold, and will be brought up in future meetings.
    • If anyone has a healthcare topic of interest they would like brought up at the next meeting (6/24), please let myself, or one of the Co-Chair’s know.

[2020年5月]

  1. 国内活動
  • 1-1. OWASP Secure Medical Device Deployment Standard Version 2.0日本語翻訳版作成(レビュー中)

      2. グローバル活動
           2-1.  CSAグローバルHIM WGの活動

2-1-1. CSA Health Information Management WG call(終了)
                        日時:2020年5月14日(木)4:30am~5:30am
場所:オンライン(WebEX)
コーディネーター:Alex Kaluza (CSA)
[概要]

  • CSA Events Calendar
    • Telehealth paper in peer review until May 17th
    • CSA CloudBytes Connect (May 26-28th)
      https://web.cvent.com/event/356caa07-5b61-4592-a600-06e37119d1ac/summary
    • CSA CloudBytes Connect (July event)
      • Submission for Health Information Management to speak on a Healthcare topic or the latest release.
      • New date for Federal Summit (June 25, Washington DC)
    • SECtember (September 14th-18th, Seattle)
      • Submission to present a HIM release
  • Telehealth Paper
    • Open discussion between co-chairs addressing remaining unresolved comments from the paper.
    • Making sure the paper is addressing the needs of the Health Delivery Organizations and those who can most benefit from it.
      • Posting for open peer review, ready for public comments. 
  • Other Initiatives 
    • Healthcare Big Data in the Cloud paper will be brought up and focused on in future meetings.

[2020年4月]

  1. 国内活動

      2) CSA Events Calendar

  • New tentative date for Federal Summit (June 25, Washington DC)
  • Potentially have HIM WG could host a Virtual Summit on a Healthcare topic, or the latest release, Managing the Risk for Medical Devices Connected to the Cloud.

      3) HIM Potential Initiatives

  • Telehealth
  • Cloud-based Electronic Health Records
  • The intersection of wearable devices and healthcare
  • Big Data
  • Group discussion of a few potential working group initiatives, and how to prioritize them.
  • Telehealth is the consensus favorite for the next initiative, as it is critically important right now across the world, and new standards and guidelines should be brought up to date.

     4) Other Initiatives

  • An extension of the Medical Devices in the Cloud paper, and still in development.
  • Health Information Risk Chart
  • Medical device and Health IT Joint Security Plan (JSP) & Health Industry Cybersecurity Practices (HICP)
  • These are both on Hold for now, but can work as support content in the future after more related initiatives are completed.

   5) Closing Discussion

  • Jim will put together an Abstract draft for the Telehealth initiative.

   6) Next Meeting

  • Wednesday, April 29th.

[2020年3月]

  1. 国内活動
  1. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
    2-1-1. Managing the Risk for Medical Devices Connected to the Cloud(2020年3月16日公開済)
    https://cloudsecurityalliance.org/artifacts/managing-the-risk-for-medical-devices-connected-to-the-cloud/

[2020年2月]

  1. 国内活動
  • 1-1. OWASP Night 2020/02 @Security Days 2020(終了)
    主催:OWASP Japan
    https://f2ff.jp/introduction/2419?project_id=20200202
    日時:2020年2月5日(水)06:00 pm – 08:30 pm
    場所:JPタワー KITTE
    概要:医療機器サイバーセキュリティにおけるOWASPとCSAの連携
    1. 輸出戦略に赤信号が灯る日本の医療機器
    2. 医療機器開発におけるOWASPとCSAの連携活動
    3. まとめ/Q&A ~薬害エイズ事件の教訓を活かす~
    https://www.slideshare.net/esasahara/owaspcsa
  • 1-2. ファーマIT&デジタルエキスポ 2020(延期)
    主催:UBMジャパン
    後援:日本クラウドセキュリティアライアンス
    日時:時期未定
    場所:東京ビッグサイト
    概要:ブース出展
    https://www.pharmait-expo.com/
  1. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
    2-1-1. Managing the Risk for Medical Devices Connected to the Cloud(進行中)
    ドラフト第3版

[2020年1月]

  1. 国内活動
  • 1-1. AI を活用した医療機器の開発と発展を目指す協議会
    第3 回勉強会(終了)
    主催:AI を活用した医療機器の開発と発展を目指す協議会
    日時:2020年1月27日(月) 06:30 pm – 08 :00 pm
    場所:東京ガーデンテラス紀尾井町紀尾井タワー
    概要:AI医療機器に求められるセキュリティと国内外の動向
    1. メガ・プラットフォーム事業者と医療AI
    2. AI倫理と公共調達基準の国際動向
    3. SaMDと医療機器サイバーセキュリティをめぐる国際標準化動向
    4. まとめ/Q&A
    https://www.slideshare.net/esasahara/ai-224224836
  • 1-2. HIM-WG東京勉強会(終了)
    日時:2020年1月7日(火)7:00pm~9:00pm
    場所:株式会社MICIN会議室(東京都千代田区大手町2-6-2 日本ビル13階)
    概要:バイオエコノミー戦略を支えるデジタルツインとOT/ITリスク管理欧州連合(EU)は、気候変動/環境政策を背景に、生命・健康関連分野のバイオエコノミー戦略を積極的に推進しています。標準化されたデジタルプラットフォームとそこから生成・収集・保存されるデータ利活用を基軸とする「デジタルツイン」により、従来分断されていたウェットとドライ、制御技術(OT)と情報技術(OT)などの相互連携が進み、様々なイノベーションが期待される反面、データ品質保証/セキュリティ、サイバーサプライチェーン・リスクマネジメント、インシデント対応などリスク管理上の課題も山積しています。今回は、クラウドプラットフォームの視点から、イノベーションとリスクのバランスを検討していきます。1. バイオエコノミーとは何か?
    1-1. バイオエコノミーの定義
    1-2. バイオエコノミーにおけるデジタルヘルスと気候変動/環境の関係
    1-3. バイオエコノミーの社会実装とICTプラットフォーム
    1-4. SDGs投資からみたバイオエコノミー市場とスタートアップ
    2. デジタルツインとは何か?
    2-1. デジタルツインの定義
    2-2. デジタルツインの技術拡張:ビッグデータ/IoT/AI
    2-3. バイオエコノミー/健康医療分野におけるデジタルツインの適用事例
    2-4. デジタルツインのQMSとサイバーセキュリティ
    3. バイオエコノミーにおけるデジタルツインのOT/ITリスク管理
    3-1. バイオエコノミーのOT/IT構造とオペレーショナルリスク
    3-2. デジタルツインのOT/IT構造とオペレーショナルリスク
    3-3. 主要プラットフォーム事業者の取組から俯瞰するバイオエコノミーとデジタルツインのリスク管理
    3-4. 他業種事例から俯瞰するOT/ITのサイバーサプライチェーン・リスクマネジメント
    4. まとめ/Q&A
    https://www.slideshare.net/esasahara/otit
  • 1-3. ファーマIT&デジタルエキスポ 2020(予定)
    主催:UBMジャパン
    後援:日本クラウドセキュリティアライアンス
    日時:2020年3月16日(月)~18日(水)
    場所:東京ビッグサイト
    概要:ブース出展
    https://www.pharmait-expo.com/
  1. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
    2-1-1. Managing the Risk for Medical Devices Connected to the Cloud(進行中)
    ドラフト第3版

[2019年12月]

1. 国内活動

  • 1-1. HIM-WG東京勉強会(予定)
    日時:2020年1月7日(火)7:00pm~9:00pm
    場所:株式会社MICIN会議室(東京都千代田区大手町2-6-2 日本ビル13階)
    概要:バイオエコノミー戦略を支えるデジタルツインとOT/ITリスク管理欧州連合(EU)は、気候変動/環境政策を背景に、生命・健康関連分野のバイオエコノミー戦略を積極的に推進しています。標準化されたデジタルプラットフォームとそこから生成・収集・保存されるデータ利活用を基軸とする「デジタルツイン」により、従来分断されていたウェットとドライ、制御技術(OT)と情報技術(OT)などの相互連携が進み、様々なイノベーションが期待される反面、データ品質保証/セキュリティ、サイバーサプライチェーン・リスクマネジメント、インシデント対応などリスク管理上の課題も山積しています。今回は、クラウドプラットフォームの視点から、イノベーションとリスクのバランスを検討していきます。1. バイオエコノミーとは何か?
    1-1. バイオエコノミーの定義
    1-2. バイオエコノミーにおけるデジタルヘルスと気候変動/環境の関係
    1-3. バイオエコノミーの社会実装とICTプラットフォーム
    1-4. SDGs投資からみたバイオエコノミー市場とスタートアップ
    2. デジタルツインとは何か?
    2-1. デジタルツインの定義
    2-2. デジタルツインの技術拡張:ビッグデータ/IoT/AI
    2-3. バイオエコノミー/健康医療分野におけるデジタルツインの適用事例
    2-4. デジタルツインのQMSとサイバーセキュリティ
    3. バイオエコノミーにおけるデジタルツインのOT/ITリスク管理
    3-1. バイオエコノミーのOT/IT構造とオペレーショナルリスク
    3-2. デジタルツインのOT/IT構造とオペレーショナルリスク
    3-3. 主要プラットフォーム事業者の取組から俯瞰するバイオエコノミーとデジタルツインのリスク管理
    3-4. 他業種事例から俯瞰するOT/ITのサイバーサプライチェーン・リスクマネジメント
    4. まとめ/Q&A
    https://www.slideshare.net/esasahara/otit

2. グローバル活動

  • 2-1.  CSAグローバルHIM WGの活動
    2019年12月のグローバル活動は特になし

[2019年11月]

  • 1. 国内活動
  • 2019年11月の国内活動は特になし
  • 2. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
  • 2-1-1. Press Release: Cloud Security Alliance Health Information Management Working Group Co-Chair Dr. Jim Angle to Present at HIMSS.(2019年11月20日)
    SEATTLE –  The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, is pleased to share that Dr. Jim Angle, manager of Network Security – Vulnerability Management at Trinity Health and co-chair of CSA’s Health Information Management Working Group, will be presenting “Managing the Risk for Medical Devices Connected to the Cloud” at the HIMSS Global Health Conference & Exhibition (Orlando) on March 11 at 2:30 p.m. In his talk, Dr. Angle will share some of his key insights that laid the groundwork for the white paper of the same name by CSA’s Health Information Management (HIM) Working Group, sharing with attendees how to apply the IoT Security Controls Framework to highly sensitive medical systems that support critical services.
    In his presentation, Dr. Angle will offer best practices to manage the risk inherent with operating modern-day medical devices. Today’s cloud-connected medical devices are capable of collecting, processing, and storing electronically protected health information (ePHI), as well as managing life-critical functions, all with increasing reliance on complex software to manage vital functions. Dr. Angle will identify the requirements for purchasing new devices, managing the risk using degrees of separation from the patient, and continuous monitoring of these devices to ensure the mitigating control’s effectiveness.
    “How we manage devices is directly related to how close the device is to the patient – you can’t manage an implanted device the same way you would an ultrasound machine. To effectively manage risk, you have to examine it based on the degrees of separation between the patient and the device. The HIM Working Group document, as Dr. Angle will show, delves into how applying the CSA IoT Controls Framework to each degree can mitigate many of the risks associated with an IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies,” said Vince Campitelli, CSA enterprise security specialist and co-chair of the HIM Working Group.
    Dr. Angle has a Doctorate in Business Administration with a specialization in Computer and Information Security. He has over 25 years of experience in multiple areas of IT, culminating as the Deputy CIO for an army hospital, and more than 19 years of information security experience in both government service and the private sector. Currently, he is the manager of Network Security – Vulnerability Management at Trinity Health, where he previously held positions as Regional Information Security Officer and Security Architect.
    The Health Information Management Working Group aims to provide a direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications, and storage) to their clients, and foster cloud awareness within all aspects of healthcare and related industries. Individuals interested in becoming involved in the future research and initiatives of this group are invited to do so by visiting the Join page.
    https://cloudsecurityalliance.org/press-releases/2019/11/20/cloud-security-alliance-health-information-management-working-group-co-chair-dr-jim-angle-to-present-at-himss/
  • 2-1-2. CSA Health Information Management WG call(終了)
    日時:2019年11月21日(木)4:30am~5:30am
    場所:オンライン(WebEX)
    コーディネーター:Shamun Mahmud (CSA)
    概要:
    1) Brief overview on CSA, and the HIM WG
    2) Upcoming CSA Events
    3) Open Peer Reviews
    4) Current and future HIM WG Initiatives
    5) Deep dive into “Managing the Risk of Medical Devices Connected to the Cloud” (Current Initiative)Next steps: Post up-to-date version of the position paper to G-drive and Basecamp. Illicit feedback from entire HIM WG. Aim for peer review.

[2019年10月]

  • 1. 国内活動
  • 2019年10月の国内活動は特になし
  • 2. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
  • 2-1-1. CSA Health Information Management WG call(終了)
    日時:2019年10月24日(木)3:30am~4:30am
    場所:オンライン(WebEX)
    コーディネーター:Shamun Mahmud (CSA)
    概要:
    1)  CSA News/Updates
    2) Healthcare IT in the News
    3) Updates on the current deliverables

[2019年9月]

  • 1. 国内活動
  • 2019年9月の国内活動は特になし
  • 2. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
  • 2-1-1. CSA Health Information Management WG call(終了)
    日時:2019年9月27日(金)4:00am~5:00am
    場所:オンライン(WebEX)
    コーディネーター:Shamun Mahmud (CSA)
    概要:
    1) Brief overview on CSA
    2) Upcoming CSA Events
    3) Open Peer Reviews
    4) Current and future HIM WG Initiatives
    5) Deep dive into “Managing the Risk of Medical Devices Connected to the Cloud” (Current Initiative)
    6) Discussion of upcoming IEEE online meeting, how to collaborate with the specified IEEE WG
    7) Conclusion and next steps (read the paper, provide comments)

[2019年8月]

  • 1. 国内活動
  • 1-1. HIM-WG東京勉強会(終了)
    日時:2019年9月4日(水)7:00pm~9:00pm
    場所:株式会社MICIN会議室(東京都千代田区大手町2-6-2 日本ビル13階)
    概要:世界の潮流に学ぶSaMD/AIサイバーセキュリティ対策動向
    1.セーフティ/OTとセキュリティ/IT:
    カナダに学ぶデジタルツインのサイバーセキュリティ
    2. 市販前/開発と市販後/運用の一体化:
    オーストラリアに学ぶ製品ライフサイクルのサイバーセキュリティ
    3. SaMD/AIと医療機器/非医療機器:
    フランスに学ぶリスクベースのサイバーセキュリティ
    4. 世界の潮流から乗り遅れた日本のSaMD/AIに敗者復活戦はあるか
    https://www.slideshare.net/esasahara/samdai
  • 2. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
    2019年8月のグローバル活動は特になし

[2019年7月]

  • 1. 国内活動
  • 1-1. HIM-WG東京勉強会(予定)
    日時:2019年9月4日(水)7:00pm~9:00pm
    場所:株式会社MICIN会議室(東京都千代田区大手町2-6-2 日本ビル13階)
    概要:世界の潮流に学ぶSaMD/AIサイバーセキュリティ対策動向
    1.セーフティ/OTとセキュリティ/IT:
    カナダに学ぶデジタルツインのサイバーセキュリティ
    2. 市販前/開発と市販後/運用の一体化:
    オーストラリアに学ぶ製品ライフサイクルのサイバーセキュリティ
    3. SaMD/AIと医療機器/非医療機器:
    フランスに学ぶリスクベースのサイバーセキュリティ
    4. 世界の潮流から乗り遅れた日本のSaMD/AIに敗者復活戦はあるか
  • 2. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
    2-1-1.
    Contributors Needed: Healthcare Information Management (HIM) Working Group.(継続中)
    The CSA HIM Working Group is searching for contributors to participate in the development of white-papers on security guidance for Healthcare InfoSec as well as reference architectures and best practices for Healthcare InfoSec. The working group is looking for contributors who have expertise and experience working with Healthcare InfoSec or related technologies. If you are interested in being part of these projects, please sign up for the working group

[2019年6月]

  • 1. 国内活動
    2019年6月の国内活動は特になし
  • 2. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
    2-1-1.
    CSA Health Information Management WG call(終了)日時:2019年6月21日(金)4:00am~5:00am
    場所:オンライン(WebEX)
    コーディネーター:Shamun Mahmud (CSA)
    概要:
    1) Best Practices: Medical Devices in the Cloud. Current work in progress. Also craft an Implementation guide mapping Dr. Angle’s purchasing checklist to CSA’s IoT Framework. DRAFT copy (of spreadsheet) posted
    2) Health Information Risk Chart (Basecamp): Review the spreadsheet by mid- August. Compile and buildout the chart. DRAFT copy posted
    3) Medical device and Health IT Joint Security Plan (JSP): Review the JSP by mid-May. Compile and craft a response. ON HOLD
    4) Health Industry Cybersecurity Practices (HICP): Review the HICP by mid-June. Compile and craft a response. ON HOLD

[2019年5月]

      1.国内活動

  • 1-1. HIM-WG東京勉強会(終了)
    日時:2019年5月22日(水)7:00pm~9:00pm
    場所:株式会社MICIN会議室(東京都千代田区大手町2-6-2 日本ビル13階)
    概要:Securing Digital Health
    1.デジタルヘルスとSDGs
    2.DGHP: Securing Digital Health
    3.ENISA: サイバーセキュリティ・カルチャー・ガイドライン
  • 2. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
    2-1-1.
    CSA Health Information Management WG call(終了)日時:2019年5月10日(金)4:00am~5:00am
    場所:オンライン(WebEX)
    コーディネーター:Shamun Mahmud (CSA)
    概要:HIM Working Group Initiatives explained
    Respond to Current documents (uploaded to Basecamp)
    1. Medical Devices: Managing the Risk (NCIJ): Review the presentation and actual article by mid-June. Also craft an Implementation guide mapping Dr. Angle’s purchasing checklist to CSA’s IoT Framework
    2. Health Information Risk Chart (Basecamp): Review the spreadsheet by mid- June. Compile and craft a response
    3. Medical device and Health IT Joint Security Plan (JSP): Review the JSP by mid-May. Compile and craft a response
    4. Health Industry Cybersecurity Practices (HICP): Review the HICP by mid-June. Compile and craft a responseMedical Device Security – Managing the risk
    1. Threat Environment
    2. Legacy Medical Devices
    3. Securing Medical Devices
    4. New Medical Devices
    5. Conclusion

[2019年4月]

      1.国内活動

  • 1-1. HIM-WG東京勉強会(予定)
    日時:2019年5月22日(水)7:00pm~9:00pm
    場所:株式会社MICIN会議室(東京都千代田区大手町2-6-2 日本ビル13階)
    概要:TBD
  • 1-2. HIM-WG関西ミーティング(予定)
    日時:2019年6月3日(月)6:30pm~8:30pm
    場所:TBD
    概要:
    1. CSAジャパンサミット2019のrecap
    2. CSAグローバル活動報告
    -HIM-WG
    -IoT-WG
    -Application Containers & Microservices WG
    3. 関東HIM-WGの活動報告(5/22勉強会開催予定)
    4. 日本国内の動向(仮)
    -次世代医療基盤法の取組
    -医療APIの取組
    5. 2019年度関西HIM-WG活動計画について
    6. 自由討論
  • 2. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
    2-1-1.
    CSA Health Information Management WG call(終了)
    日時:2019年4月26日(金)3:00am~4:00am
    場所:オンライン(WebEX)
    コーディネーター:Shamun Mahmud (CSA)
    概要:HIM Working Group Initiatives explained
    Respond to Current documents (uploaded to Basecamp)
    1. Medical device and Health IT Joint Security Plan (JSP): Review the JSP by mid-May.  Compile and craft a response
    2. Health Industry Cybersecurity Practices (HICP): Review the HICP by mid-June. Compile and craft a response
    3. Medical Devices: Managing the Risk (NCIJ): Review the   presentation and actual article by mid-June. Also craft an Implementation guide mapping Dr. Angle’s purchasing checklist to CSA’s IoT Framework
    4. Health Information Risk Chart (Basecamp): Review the spreadsheet by   mid-June. Compile and craft a response

[2019年3月]

  1. 国内活動
  • 1-1. 慶應義塾大学経営管理研究科2018年度大和証券未来先導チェアシップ(終了)
    日時:2019年2月24日(日)1:10pm~14:30pm
    場所:慶應義塾大学日吉キャンパス協生館
    テーマ:「A Framework for SDGs, Regional Health and Global Health」
    講師:一般社団法人日本クラウドセキュリティアライアンス 日印人材育成・交流イニシアティブ 笹原英司

 

  • 1-2. HIM-WG東京勉強会(終了)
    日時:2019年3月13日(水)7:00pm~9:00pm
    場所:株式会社MICIN会議室(東京都千代田区大手町2-6-2 日本ビル13階)
    概要:「healthcare business trend 2019」
    CSA Summit 2019報告など

 

  • 1-3. Medtec Japan 2019/ファーマIT&デジタルエキスポ 2019(終了)
    主催:UBMジャパン
    後援:日本クラウドセキュリティアライアンス
    日時:2019年3月18日(月)9:30am~10:15am
    場所:東京ビッグサイト
    概要:「IoT、AIと今後の医療機器」(Medtec Japan 2019)
    講師:一般社団法人日本クラウドセキュリティアライアンス 笹原英司     http://www.medtecjapan.com/

 

  1. グローバル活動
    2-1.  CSAグローバルHIM WGの活動
    2-1-1. CSA IoT and Healthcare Meeting at RSA(終了)
    日時:2019年3月5日(火)11:30am~1:00pm
    場所:Galvanize San Francisco, 44 Tehama St, San Francisco, 94105
    概要:
    The CSA cordially invites our IoT and HIM WGs to an in-person session during RSAC 2019, lunch will be provided. Topics to be discussed include (but not limited to) –
  1. Brief overviews of
    1. IoT WG
    2. HIM WG
  2. Discussion of Medical Device and Healthcare IT Joint Security Plan (the “Plan”)
    1. Online location of the Plan here: lIT Joint Security Plan
    2. Preliminary comments will be discussed at the meeting, please submit comments and concerns by February 22, 2019.
  3. We will also review a recent release from HHS entitled Cybersecurity Practices: Managing Threats and Protecting Patients (HICP).2-1-2. CSA Health Information Management WG Kick-off call(終了)
    日時:2019年3月15日(金)3:00am~4:00am
    場所:オンライン(WebEX)
    コーディネーター:Shamun Mahmud (CSA)
    概要:
    Current Trends in Healthcare  – (Technology Impacts and Influence of Cloud)
  1. Focus on Consumerism
  2. Impact of Healthcare Regulation and Restructuring of Financial Risks
  3. Influence of Digitalization – Open topicHIM Working Group Initiatives explained
    Respond to Current documents (uploaded to Basecamp)
  1. Medical device and Health IT Joint Security Plan (JSP): Review the JSP by mid-April.  Compile and craft a response
  2. Health Industry Cybersecurity Practices (HICP): Review the HICP by mid-July. Compile and craft a response

[2019年2月]

  1. 国内活動
  • 慶應義塾大学経営管理研究科2018年度大和証券未来先導チェアシップ(終了)

日時:2019年2月24日(日)午後予定

場所:慶應義塾大学日吉キャンパス協生館

テーマ:(仮)インドの保健医療とICT

講師:一般社団法人日本クラウドセキュリティアライアンス 日印人材育成・交流イニシアティブ 笹原英司

  • HIM-WG東京勉強会(予定)

日時:2019年3月13日(水)夕方予定

場所:日本橋近辺

テーマ:CSA Summit 2019報告会など

  • Medtec Japan 2019/ファーマIT&デジタルエキスポ 2019(予定)

主催:UBMジャパン

後援:日本クラウドセキュリティアライアンス

日時:2019年3月18日(月)9:30~16:30(予定)

場所:東京ビッグサイト

概要:(仮)IoT、AIと今後の医療機器

講師:一般社団法人日本クラウドセキュリティアライアンス 笹原英司

http://www.medtecjapan.com/

 

  1. グローバル活動

2-1.  CSAグローバルHIM WGの活動

CSA IoT and Healthcare Meeting at RSA

日時:2019年3月5日(火)11:30~13:00(予定)

場所:Galvanize San Francisco, 44 Tehama St, San Francisco, 94105

概要:

The CSA cordially invites our IoT and HIM WGs to an in-person session during RSAC 2019, lunch will be provided. Topics to be discussed include (but not limited to) –

  1. Brief overviews of
    1. IoT WG
    2. HIM WG
  2. Discussion of Medical Device and Healthcare IT Joint Security Plan (the “Plan”)
    1. Online location of the Plan here: lIT Joint Security Plan
    2. Preliminary comments will be discussed at the meeting, please submit comments and concerns by February 22, 2019.
  3. We will also review a recent release from HHS entitled Cybersecurity Practices: Managing Threats and Protecting Patients (HICP).

 

2019年1月

  • 1. 国内活動
  • 1-1. 公開研究会「アビリティ実証都市」キックオフセミナー(終了)
    主催:泉大津市/グローバルヘルスイニシャティブ関係機関連連絡会議
    日時:2019年1月15日(火)午後01:00~04:55
    場所:泉大津市テクスピア大阪大ホール
    (大阪府泉大津市旭町22-45)
    概要:「インドの予防保健とICTプラットフォーム」
    講師:一般社団法人日本クラウドセキュリティアライアンス
    日印人材育成・交流イニシャティブ 笹原英司
  • 1-2. 地域間交流⽀援(RIT) 事業 第⼆回 国内研究会 「ライフサイエンス分野の⽶国市場参⼊について」(終了)
    主催:大阪府商⼯労働部/ジェトロ⼤阪本部
    日時:2019年1⽉25⽇(⾦)午後2時00分〜午後4時30分
    場所:ジェトロ⼤阪本部 セミナールーム
    (⼤阪市中央区安⼟町2-3-13 ⼤阪国際ビルディング29階)
    概要:「⽶国のライフサイエンス市場の概況について」」
    講師:一般社団法人日本クラウドセキュリティアライアンス/在⽇⽶国商⼯会議所 笹原英司
  • 1-3. 慶應義塾大学経営管理研究科2018年度大和証券未来先導チェアシップ(予定)
    日時:2019年2月24日(日)午後予定
    場所:慶應義塾大学日吉キャンパス協生館
    テーマ:(仮)インドの保健医療とICT
    講師:一般社団法人日本クラウドセキュリティアライアンス 日印人材育成・交流イニシアティブ 笹原英司
  • 1-4. HIM-WG東京勉強会(予定)
    日時:2019年3月13日(水)夕方予定
    場所:日本橋近辺
    テーマ:CSA Summit 2019報告会など
  • 1-5. Medtec Japan 2019/ファーマIT&デジタルエキスポ 2019(予定)
    主催:UBMジャパン
    (今年度も日本クラウドセキュリティアライアンスへ後援依頼あり)
    日時:2019年3月18日(月)9:30~16:30(予定)
    場所:東京ビッグサイト
    概要:(仮)IoT、AIと今後の医療機器
    講師:一般社団法人日本クラウドセキュリティアライアンス 笹原英司
  • 2. グローバル活動
  • 2-1.  CSAグローバルHIM WGの活動
    HIPAA個人データ漏えいインシデントの傾向に関するディスカッション
    (参考)Summary of Recent Healthcare Data Breaches

 

  • 2018年12月
  • 1. 国内活動
  • 1-1. 公開研究会「アビリティ実証都市」キックオフセミナー(予定)
    主催:泉大津市/グローバルヘルスイニシャティブ関係機関連連絡会議
    日時:2019年1月15日(火)午後01:00~04:55
    場所:泉大津市テクスピア大阪大ホール
    (大阪府泉大津市旭町22-45)
    概要:「インドの予防保健とICTプラットフォーム」
    講師:一般社団法人日本クラウドセキュリティアライアンス
    日印人材育成・交流イニシャティブ 笹原英司
  • 1-2. 地域間交流⽀援(RIT) 事業 第⼆回 国内研究会 「ライフサイエンス分野の⽶国市場参⼊について」(予定)
    主催:大阪府商⼯労働部/ジェトロ⼤阪本部
    日時:2019年1⽉25⽇(⾦)午後2時00分〜午後4時30分
    場所:ジェトロ⼤阪本部 セミナールーム
    (⼤阪市中央区安⼟町2-3-13 ⼤阪国際ビルディング29階)
    概要:「⽶国のライフサイエンス市場の概況について」」
    講師:一般社団法人日本クラウドセキュリティアライアンス/在⽇⽶国商⼯会議所 笹原英司
  • 1-3. Medtec Japan 2019/ファーマIT&デジタルエキスポ 2019(予定)
    主催:UBMジャパン
    (今年度も日本クラウドセキュリティアライアンスへ後援依頼あり)
    日時:2019年3月18日(月)9:30~16:30(予定)
    場所:東京ビッグサイト
    概要:(仮)IoT、AIと今後の医療機器
    講師:一般社団法人日本クラウドセキュリティアライアンス 笹原英司2. グローバル活動
  • 2-1.  CSAグローバルHIM WGの活動
    2018年12月の活動は特になし
  • 2018年11月1. 国内活動
  • 1-1. 理化学研究所との連携活動(終了)
    主催:国立研究開発法人 理化学研究所
    日時:2018年11月12日(月)午後04:00~05:00
    場所:iKAfE (健康“生き活”羅針盤リサーチコンプレックス(三宮拠点))
    兵庫県神戸市中央区雲井通5-3-1 サンパル7階[JR三ノ宮駅、東口徒歩]
    概要:デジタルヘスとクラウドセキュリティの最新国際動向について
    講師:一般社団法人日本クラウドセキュリティアライアンス 笹原英司
  • 1-2. 公開研究会「アビリティ実証都市」キックオフセミナー(予定)
    主催:泉大津市/グローバルヘルスイニシャティブ関係機関連連絡会議
    日時:2019年1月15日(火)午後01:00~04:55
    場所:泉大津市・テクスピア大阪3階301会議室
    概要:「インドの予防保健とICTプラットフォーム」
    講師:一般社団法人日本クラウドセキュリティアライアンス
    日印人材育成・交流イニシャティブ 笹原英司
  • 1-3. Medtec Japan 2019(予定)
    主催:UBMジャパン(Healthcare ITジャパンの主催者)
    日時:2019年3月18日(月)9:30~16:30(予定)
    場所:東京ビッグサイト
    概要:(仮)IoT、AIと今後の医療機器
    講師:一般社団法人日本クラウドセキュリティアライアンス 笹原英司2. グローバル活動2-1.  CSAグローバルHIM WGの活動
    2018年11月の活動は特になし
  • 2018年10月
    こちらを参照
  • 2018年9月
    こちらを参照
  • 2018年8月
    こちらを参照
  • 2018年7月
    こちらを参照
  • 2018年6月
    こちらを参照
  • 2018年5月
    こちらを参照
  • 2018年4月
    こちらを参照
  • 2018年3月
    こちらを参照
  • 2018年2月
    こちらを参照
  • 2018年1月
    こちらを参照
  • 2017年12月
    こちらを参照
  • 2017年11月
    こちらを参照
  • 2017年10月
    こちらを参照
  • 2017年9月
    こちらを参照
  • 2017年8月
    こちらを参照
  • 2017年7月
    こちらを参照
  • 2017年6月
    こちらを参照
  • 2017年5月
    こちらを参照
  • 2017年4月
    こちらを参照
  • 2017年3月以前の活動報告はこちらを参照してください。