FNHSO Privacy and Security Framework Forum Sept 20, 2016 BC First Nations Panorama Support FNHSO Privacy and Security Framework Forum Sept 20, 2016

Agenda Roll-call General Updates Agenda items for next meeting? FNHSO P&S Framework Forum Agenda Roll-call General Updates Agenda items for next meeting? Any changes to Panorama users (add/remove) ? Access Audit Program Update & Next Steps ISA Compliance Approach Round table discussion

Roll Call FNHSO P&S Framework Forum Kwakiutl District Council Health Services Scw’exmx Community Health Service Society FNHA Health Protection Seabird Island Band's Health Services Department Inter Tribal Health Authority Carrier Sekani Family Services Three Corners Health Services Society Pauquachin Health Centre Hailika’as Heiltsuk Health Centre Society Tla’amin Community Health Services Nazko Health Esk'etemc Health Department Westbank First Nation Health and Wellness Simpcw First Nation Saulteau First Nation Health Services Nak’azdli Health Centre Nuu-chah-nulth Tribal Council – Community and Human Services Ktunaxa Nation Council – Health Services Okanagan Indian Band Health Services Splatsin Health Services Cowichan Tribes - Ts’ewulhtun Health Services Sto:lo Service Agency Health

4. Refine Policy / Process FNHSO P&S Framework Forum Audit Program Stage 1: Validate & Refine Process / Procedures with volunteer FNHSOs Splatsin Health Services Kwakiutl District Council Health Services Seabird Island Ts’ewulhtun Health Services Findings: Materials are clear / easy to use Procedure is practical and doable 5. Refine Approach For Remaining Stages Based on Lessons Learned 4. Refine Policy / Process / Procedures Based on Lessons Learned Add March 15 PDG meeting 3. Validate Process / Procedures 2. Define Procedures / Forms 1. Define Stage Objectives & Process Period 1 Period 2 Period 3 Period 4 Period 5

Types of Accesses to Audit FNHSO P&S Framework Forum Types of Accesses to Audit

Types of Access Audits FNHSO P&S Framework Forum For each Type of Access, the following Types of Access Audits may be required In the Access audit meeting the approach for conducting these access audits is reviewed and the relevant Panorama access audits are completed User Access Requirements User Account Activity User Access Application Audit Log Does the user require the access they’ve been assigned? Does the user still require access if it isn’t used? Was the user’s access appropriate? Does the application audit log contain the correct access events?

Stage 1 Validation: Proposal FNHSO P&S Framework Forum Stage 1 Validation: Proposal FNHSO Proposed Audit Timeframe Tla’amin Oct Westbank Nuu-chah-nulth Tribal Council – Community and Human Services Okanagan Indian Band Health Services Nov Three Corners Health Services Society Scw’exmx Inter Tribal Health Authority Dec Pauquachin Nakazdli Jan Simpcw Ktunaxa Continue validation with FNHSOs in order of oldest go-live date Time commitment approximately 2-3 hours for the access audit meeting Timeframe subject to everyone’s availability Are these timeframes going to work for you?

Completing the Panorama ISA Compliance Checklist FNHSO P&S Framework Forum Completing the Panorama ISA Compliance Checklist Panorama Data Governance Committee has developed an ISA Compliance checklist tool FNHSOs accessing Panorama would complete this checklist a year after their go-live date and every three years after that Now that completing the access audit is underway, it’s a good time to start addressing ISA Compliance requirements Developing an approach to align and simplify ongoing audit and compliance assessment activities

Align Ongoing Audit and Conformance Activities FNHSO P&S Framework Forum Align Ongoing Audit and Conformance Activities Step 3: Ongoing Annual Review Developing a simple approach to address Step 1: Initial Access Audit Access Audit eHealth Conformance Standards Compliance Step 2: Developing simple approach to address ISA Compliance Initial ISA Compliance Assessment eHealth Conformance Standards Compliance Stay tuned for more details

FNHSO P&S Framework Forum Roundtable Review Questions or concerns?