This workshop helps healthcare IT teams plan their electronic health record systems’ migration to post-quantum cryptography while maintaining clinical operations.
Electronic health record systems were not built with cryptographic agility in mind. HL7 FHIR's interoperability architecture relies on TLS 1.3, OAuth 2.0, and JWT token signing. Every component uses RSA or ECC. A working PQC migration is not a matter of swapping one algorithm; it requires a full dependency map, vendor readiness assessment, and sequenced rollout that keeps clinical systems operational. This workshop provides the methodology to do that, structured around real EHR architecture rather than abstract cryptographic theory. The session includes a facilitator-led cryptographic discovery exercise against a sample clinical data flow, plus a dedicated module on genomic data exposure within EHR cryptographic risk, addressing the NHS Genomics England National Genomic Research Library (110,000+ clinically linked whole genomes) as a specific vulnerability class.
The regulatory pressure is building from multiple directions simultaneously. In the UK, NHS Digital's DSP Toolkit is expected to incorporate explicit PQC readiness requirements by Phase 1 of the NCSC's March 2025 migration roadmap (deadline: 2028). In the EU, NIS2 places hospitals under mandatory risk management obligations enforceable from 2025 with penalties up to EUR 10 million or 2% of global revenue. In the US, HHS has signalled that HIPAA's technical safeguard requirements will be interpreted to include quantum-resistant encryption for long-lived patient data. Participants leave this workshop with a populated cryptographic inventory template, a regulatory gap map for their jurisdiction, a migration sequencing model calibrated to their EHR vendor stack (Epic, Cerner/Oracle Health, MEDITECH, or open-source alternatives), and a NIST CSWP 48 mapping that expresses PQC migration as auditable CSF 2.0 risk outcomes for information governance committees.
Full-day session structure with scheduled breaks. Content is configurable to your team's technical level and EHR vendor stack.
| # | Session | Topics |
|---|---|---|
| 1 | Threat Landscape Why healthcare EHR systems are high-value HNDL targets | |
| 2 | Cryptographic Inventory Exercise Mapping your clinical data flows |
|
| Break, after 90 min | ||
| 3 | NIST PQC Standards Deep Dive FIPS 203, 204, 205 for health IT constraints |
|
| 4 | Genomic Data Exposure NHS Genomics England, biobanks, and permanent identifiability |
|
| 5 | Migration Sequencing Workshop Building your phased transition plan |
|
| Break, after 45 min | ||
| 6 | Regulatory Checkpoint NIS2, HIPAA, NHS DSPT, and NIST CSWP 48 CSF 2.0 mapping |
|
| 7 | Q&A and Action Planning | |
Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and healthcare systems.
Workshop design and delivery
QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.
Domain expertise and clinical validation
Healthcare-specific workshops are co-delivered with sector specialists who bring direct operational experience in NHS trusts, private hospital groups, pharmaceutical R&D, and medical device manufacturing. This ensures workshop content is grounded in regulatory, clinical, and operational realities.
Sessions are configured around your team's technical level, EHR vendor stack, and regulatory jurisdiction. Get in touch to discuss requirements and schedule a date.
Contact Us