FNHSO Panorama Data Governance Forum Regular Forum Meeting May 9, 2017

Agenda Roll-call Response from OIPC after review of materials sent by PDGC Data Governance Committee Materials Data Governance Committee Orientation Package 4 – PIAs and ISAs Update on efforts to support availability of TB Screening Summary Reports for non-Panorama FNHSOs Update on FNHSO P&S and Data Governance Compliance Program Roundtable review (i.e. future agenda items; other items; etc.)

Role Call Na’kazdli KDC Simpcw TCHSS Ktunaxa WFN Splatsin Tla’amin Sto:lo FNHA Health Protection Carrier Sekani Family Services Heiltsuk Esk’etemc Iskut Huli’tun KDC TCHSS WFN Tla’amin OKIB NTC Seabird Saulteau Cowichan Scw’exmx Nazko Pauquachin ITHA

PDGC and OIPC Recap on history of request Refer to March 30th letter from BC and Yukon Privacy Commissioners (i.e. the second letter sent to PDGC)

Training Material Roadmap Overview – October 25, 2016 [Complete] Data Extracts – December 14, 2016 [Complete] Data Breaches – January 24, 2017 [Complete] PIAs and ISAs – April 25, 2017 [Complete]

Panorama Data Governance Committee Committee Member Orientation Module 4 – PIAs and ISAs April 2017

Overview PIAs and ISAs – What are they? PIA Development and Review ISA Development and Review Committee Role

What is a PIA? Privacy Impact Assessment Privacy Review Intake Tool for assessing privacy and security issues and risks related to a project involving storage, use or transmission of personal information Any recorded information about an identifiable individual Excludes business contact information Mandatory to submit a PIA to PHSA Information Access and Privacy Department (IAP) for significant new uses or creation of personal information Panorama implementation STIX module IAP uses the PIA to determine compliance of initiative with privacy legislation and policies Privacy Review Intake “Light” version of PIA which is suitable for IAP review in some circumstances E.g.: Modification of existing uses/linkages which impact storage of personal information IAP has more information on these tools on POD: http://pod/phsa/foi/pia/Pages/Default.aspx

What is an ISA? Information Sharing Agreement Contractual agreement between PHSA/BCCDC and party that is receiving data from Panorama Defines prerequisites, conditions and accountability measures with respect to use of Panorama information E.g.: Panorama ISA, Yukon Data Conversion ISA Panorama Research Agreement is specific type of ISA for use in research projects

PIA Development and Approval Project Manager (PM) Defines initiative Liaise with Panorama Privacy PDGC reviews PIA as part of request for approval of initiative PM Drafts PIA or Privacy Review Intake as appropriate IAP Approval

ISA Development and Approval Project Manager (PM) Defines initiative Liaise with Panorama Privacy PDGC reviews draft ISA as part of request for approval of initiative Panorama Privacy Drafts ISA Panorama Privacy Finalizes ISA Feedback from Parties to Agreement

PDGC Role Most requests to PDGC will not require PIA PDGC may make IAP review a condition of approval PIA (or Privacy Review Intake) becomes part of the review materials for PDGC when reviewing a request/initiative In some cases, PDGC may be asked for feedback on draft version prior to submission to IAP, but this is not required Draft ISA (or Panorama Research Agreement) may also be included in review materials PDGC may set conditions on approval over and above what appears in PIA or ISA Panorama Privacy will implement conditions in ISA prior to sign-off

TB Data Access Updates TB Screening Summary Reports Decision document approved by PDGC Enables FNHA TB Services to enter TB screening data from non-Panorama FNHSOs into Panorama Generate updated TB Screening Summary Reports from Panorama and distribute them to non-Panorama FNHSOs Under this model, FNHA retains stewardship and accountability for the Panorama data used to support this model “Agreement” model is being developed between non-Panorama FNHSO CHNs and FNHA to support Panorama TB Data Distribution In parallel, efforts will continue to support non-Panorama FNHSOs to begin full Panorama deployment process

Update on FNHSO Compliance Program Additional FNHSOs have completed their initial Access Audits (some are coming due to for second annual Access Audit); other FNHSOs are scheduled for upcoming Access Audits 2 FNHSOs have completed the ISA Compliance Assessment Several FNHSOs are in the process of an annual Privacy Review Efforts are underway to engage with community-operated health centres where FNHSO CHNs are providing public health services – in these cases, it has become necessary to support P&S Framework implementation at the community health centre level as well Additional work underway to continue to streamline the FNHSO P&S / Data Governance / System Use Compliance Program

Roundtable Questions? Request for agenda items to be included in next meeting?