FNHSO Privacy and Security Framework Forum Feb 16, 2016 BC First Nations Panorama Support.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

The Risk Management Process (AS/NZS 4360, Chapter 3)
Educational Specialists Performance Evaluation System
Internet Rechartering 2014 All Unit Charter Renewals are due at the respective District’s Roundtable Meeting in November
Preparing for Compliance Monitoring Reviews Understanding CMS Protocols Used by Review Organizations January 14, 2009 Presented by: Margaret deHesse, RN,
Department of Children and Families Care Provider Background Screening Clearinghouse.
Test Monitor Training Administering Minnesota Assessments “Leading for educational excellence and equity. Every day for every one.”
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Mr. Caputo Unit #1 Lesson #7
Environmental Management System (EMS)
© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.
Developing a Records & Information Retention & Disposition Program:
Hospital Patient Safety Initiatives: Discharge Planning
Session 3 – Information Security Policies
Network security policy: best practices
SAISD Federal Programs Department. Stage 1 of the Organization and Development Process Form the Planning Team 1 2.
Test Security. Texas Education Code (TEC) Sec SECURITY IN ADMINISTRATION OF ASSESSMENT INSTRUMENTS. (a) The commissioner: (1) shall establish.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Regulatory Update Ellen Leinfuss SVP, Life Sciences.
AICT5 – eProject Project Planning for ICT. Process Centre receives Scenario Group Work Scenario on website in October Assessment Window Individual Work.
Maintain Ethical Conduct
1 Accreditation and Certification: Definition  Certification: Procedures by which a third party gives written assurance that a product, process or service.
The Audit Process Tahera Chaudry March Clinical audit A quality improvement process that seeks to improve patient care and outcomes through systematic.
2008 New York - Member Forum Council for Responsible Jewellery Practices, Ltd. Overview of CRJP.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Management Responsibilities. Building a Culture of Safety.
Environmental Management System Definitions
April 2008 BAS Forum Payments to Non-Resident Aliens Reference the March 20th to the BAS Communications group. Departments planning events for summer.
All Unit Charter Renewals are due at the respective District’s Roundtable Meeting in November Last Updated 9/29/15.
a guidance to conversion
Local Assessment of Code of Conduct Complaints. Background  On 08 May 2008 – the local assessment of Code of Conduct complaints was implemented due to.
Project management Topic 8 Quality Review. Overview of processes Prepare for Quality Review Questions list Meeting Agenda Review Meeting Sign-off Product.
Test Security Guidebook West Virginia: A State Perspective.
Quality Assurance. Define Quality (product & service) Exceeds the requirements of the customer. General excellence of standard or level. A product which.
Revision N° 11ICAO Safety Management Systems (SMS) Course01/01/08 Module N° 9 – SMS operation.
AssessPlanDo Review QuestionYesNo? Do I know what I want to evaluate and why? Consider drivers and audience Do I already know the answer to my evaluation.
FNHSO Privacy and Security Framework Forum Mar 15, 2016 BC First Nations Panorama Support.
Management Performance Assessment Tool (MPAT) Briefing the Portfolio Committee 05 November 2014.
FNHSO PANORAMA DATA GOVERNANCE FORUM Kick-off Meeting July 8, 2014.
FNHSO PANORAMA DATA GOVERNANCE FORUM Regular Forum Meeting April 12, 2016.
Component D: Activity D.3: Surveys Department EU Twinning Project.
FNHSO Privacy and Security Framework Forum Nov 19, 2014 BC First Nations Panorama Support.
Improving Compliance with ISAs Presenters: Al Johnson & Pat Hayle.
What’s New in SPEED APPS 2.3 ? Business Excellence Application Services.
Public sector whistleblowing: Ombudsman Victoria’s experience 10 June 2010 Glenn Sullivan, Director Ombudsman Victoria.
FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support.
MEASURE Evaluation Data Quality Assurance Workshop Session 3 Introduction to Routine Data Quality Assessment.
FNHSO Privacy and Security Framework Forum June 16, 2015 BC First Nations Panorama Support.
The International Society for Quality in Health Care (ISQua) – Guidelines.
FNHSO PANORAMA DATA GOVERNANCE FORUM Regular Forum Meeting December 8, 2015.
FNHSO Privacy and Security Framework Forum October 15, 2014 BC First Nations Panorama Support.
FNHSO PANORAMA DATA GOVERNANCE FORUM Regular Forum Meeting March 8, 2016.
A LOOK AT AMENDMENTS TO ISO/IEC (1999) Presented at NCSLI Conference Washington DC August 11, 2005 by Roxanne Robinson.
FNHSO Panorama Data Governance Forum
Panorama Clinical and Business Oversight for FNHSOs
FNHSO Privacy and Security Framework Forum Jan 19, 2016
FNHSO Panorama Data Governance Forum
FNHSO Panorama Data Governance Forum
FNHSO Panorama Data Governance Forum
FNHSO Panorama Data Governance Forum
FNHSO Panorama Data Governance Forum
FNHSO Privacy and Security Framework Forum Sept 20, 2016
FNHSO Panorama Data Governance Forum
FNHSO Privacy and Security Framework Forum April 16, 2014
The Policies and Processes of the WFME Recognition Program
Michigan Department of Education
PREPARATION FOR GMP INSPECTION
IS4680 Security Auditing for Compliance
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
How to conduct Effective Stage-1 Audit
Presentation transcript:

FNHSO Privacy and Security Framework Forum Feb 16, 2016 BC First Nations Panorama Support

Agenda  Roll-call  General Updates  Access Audit Model  Round table discussion FNHSO P&S Framework Forum

Roll Call  Kwakiutl District Council Health Services  Seabird Island Band's Health Services Department  Three Corners Health Services Society  Tla’amin Community Health Services  Westbank First Nation Health and Wellness  Saulteau First Nation Health Services  Nuu-chah-nulth Tribal Council – Community and Human Services  Okanagan Indian Band Health Services  Cowichan Tribes - Ts’ewulhtun Health Services  Scw’exmx Community Health Service Society  Inter Tribal Health Authority  Pauquachin Health Centre  Nazko Health  Simpcw First Nation  Nak’azdli Health Centre  Ktunaxa Nation Council – Health Services  Splatsin Health Services  Sto:lo Service Agency Health FNHSO P&S Framework Forum

Context: Panorama Access Audit Program Objectives  Establish a robust access audit program that complies with the Panorama Access Audit requirements and includes the data in Panorama that is included in local systems (e.g. Mustimuhw)  Identify best practices for conducting user access audits in local systems (e.g. Mustimuhw)  Address the different service models:  Nurse works on their own or in a small community setting  Nurse works as part of a medium to large health program delivery team  Multiple sites within FNHSO  Define roles, responsibilities, processes, timelines, including escalation and disciplinary processes  Build capacity to support sustainability 4 FNHSO P&S Framework Forum

5 Staged Approach to Establish Access Audit Program Period 1 Validate & Refine Stage 1: Initial Audit Process Stage 0: Define Audit Program: Stages, RnR, etc. Validate & Refine Stage 2: Data Quality Audits Period 2Period 3 Validate & Refine Stage 3: Pattern-based Audits Validate & Refine Stage 4: Comprehensive Audit Program Period 4 5 FNHSO P&S Framework Forum

6 Period 1 2. Define Procedures / Forms Stage 1: Activities 1. Define Stage Objectives & Process 3. Validate Process / Procedures Period 2Period 3 4. Refine Policy / Process / Procedures Based on Lessons Learned 5. Refine Approach For Remaining Stages Based on Lessons Learned Period 4 6 Period 5 FNHSO P&S Framework Forum

Stage 1: Initial Access Audit Process √ Objectives established :  Develop capacity to:  Respond to user access complaints (reactive audit)  Inactivate user accounts that are not being used  Identify users that have accessed their own record or records of a family member with the same last name when not providing services  Monitor access to special clients 7 FNHSO P&S Framework Forum

8 Stage 1: 1. Define Process 8  Process defined √Respond to access complaints (reactive audit) √Inactivate user accounts that are not being used  Process topics for today:  Identify users that have accessed their own record or records of a family member with the same last name when not providing services  Monitor access to special clients FNHSO P&S Framework Forum

Identify User Accesses to Family Records  Context: Users are not allowed to review :  Their own records or  Records of a family member  unless they have a legitimate work-related reason to do so  Conformance Standard requirement  User is made aware that this is not allowed as part of Privacy Awareness training and when signing the Confidentiality and Acceptable Use Agreement FNHSO P&S Framework Forum

Identify User Accesses to Family Records  Investigation Process:  Execute Panorama report showing user activity against possible family members with same last name  Investigate whether access was inappropriate  Determine if the client had an appointment or other service event prior to the access event  Confirm that the user is part of client’s care team  Determine if the user viewed or updated the records  Other considerations? FNHSO P&S Framework Forum

Scenario 1: Nurse with access to a family member’s record provides lab results to family member Test for Inappropriate AccessAnswer Did the client have an appointment or other service event prior to the access event? Yes, lab work done Was the user is part of client’s care team? No, sister, not part of care team; CNRBC guidelines identify this as well; ethics Did the user view or update the client record? No, only printed lab result Was access appropriate?No FNHSO P&S Framework Forum

Scenario 2: Nurse provides immunization to a family member and charts service Test for Inappropriate AccessAnswer Did the client have an appointment or other service event prior to the access event? Yes Was the user is part of client’s care team? Yes, RN gave the imms Did the user view or update the client record? Yes, RN charted services Was access appropriate?Yes FNHSO P&S Framework Forum

Scenario 3: Nurse provides flu shot to a family member and then checks to see what STIs the family member has Test for Inappropriate AccessAnswer Did the client have an appointment or other service event prior to the access event? Yes Was the user is part of client’s care team? Yes Did the user view or update the client record? Both; sequence was chart the service, then view the record Was access appropriate?Depends on whether there is evidence of the need to go to STI documented in the chart FNHSO P&S Framework Forum

Scenario 4: Nurse accidently accesses a family member’s record – Test for Inappropriate Access Answer should you document this in the client record? Important to chart the access if something was added to the chart in error -Looking at something in error should be there for a short time – that would provide the hint that the access was in error w/o charting a note -Some FNHSOs document this with using Mustimuhw because duration is not available FNHSO P&S Framework Forum

Scenario 5: other scenarios? Test for Inappropriate AccessAnswer Did the client have an appointment or other service event prior to the access event? Was the user is part of client’s care team? Did the user view or update the client record? Was access appropriate? FNHSO P&S Framework Forum

Identify User Accesses to Family Records  Investigation Process (cont’d):  If warranted, review activity with user, user’s manager/supervisor  If access is confirmed to be inappropriate, determine disciplinary actions (e.g. Privacy refresher, review the Confidentiality & Acceptable Use Agreement) in conjunction with user’s manager/supervisor  If warranted Initiate Breach Management process or complete disciplinary actions  This access is not considered a breach unless the user continues to repeat this behavior after being reminded not to FNHSO P&S Framework Forum

 Trigger: A “special” client has received services  How would you define “special”? FNHSO P&S Framework Forum Deferred: Monitor Access to Special Clients

Monitor Access to Special Clients  Investigation Process:  Execute Panorama report showing user activity against a specific client  Review access to identify possible inappropriate activity  If warranted, review activity with user, user’s manager/supervisor  If access is confirmed to be inappropriate, determine disciplinary actions (e.g. Privacy refresher, review the Confidentiality and Acceptable Use Agreement)  If warranted Initiate Breach Management process or complete disciplinary actions FNHSO P&S Framework Forum

19 Period 1 2. Define Procedures / Forms Stage 1: Activities 1. Define Stage Objectives & Process 3. Validate Process / Procedures Period 2Period 3 4. Refine Policy / Process / Procedures Based on Lessons Learned 5. Refine Approach For Remaining Stages Based on Lessons Learned Period 4 19 Period 5 FNHSO P&S Framework Forum

What forms are required? Stage 1 AuditsForms (others)? Template Available/Required? Respond to access complaints (reactive audit) Complaint form Client Response Letter FNHSO P&S Framework Forum

What forms are required? Stage 1 AuditsForms (others)? Template Available / Required? Inactivate user accounts that are not being used Letter to manager that explains: - how to evaluate access requirements - what to do if access is required or no longer required - Timeframe when response back is expected - Consequences when timeframe passes FNHSO P&S Framework Forum

What forms are required? Stage 1 AuditsForms (others)? Template Available / Required? Identify User Accesses to Family Records Letter to manager that explains: - how to evaluate whether access was appropriate - possible remediation activities if access was not appropriate - Timeframe when response back is expected - Consequences when timeframe passes FNHSO P&S Framework Forum

What forms are required? Stage 1 AuditsForms (others)? Template Available / Required? Monitor Access to Special Clients Letter to manager that explains: - how to evaluate whether access was appropriate - possible remediation activities if access was not appropriate - Timeframe when response back is expected - Consequences when timeframe passes FNHSO P&S Framework Forum

24 Period 1 2. Define Procedures / Forms Stage 1: Activities 1. Define Stage Objectives & Process 3. Validate Process / Procedures Period 2Period 3 4. Refine Policy / Process / Procedures Based on Lessons Learned 5. Refine Approach For Remaining Stages Based on Lessons Learned Period 4 24 Period 5 FNHSO P&S Framework Forum Next Step: 1.Prepare process & procedure documentation 2.Validate

Roundtable Review  Any changes to Panorama users (add/remove) ?  Questions or concerns?  Mildred: FOB not working and takes along time to correct; working with Karl/Lisa to address  Agenda items for next meeting?  Mildred for April meeting TBC late March – Mustimuhw audit procedure and screen shots where relevant FNHSO P&S Framework Forum