Presentation is loading. Please wait.

Presentation is loading. Please wait.

FNHSO Privacy and Security Framework Forum Feb 16, 2016 BC First Nations Panorama Support.

Published byAmie O’Brien’ Modified over 8 years ago

Similar presentations

Presentation on theme: "FNHSO Privacy and Security Framework Forum Feb 16, 2016 BC First Nations Panorama Support."— Presentation transcript:

1 FNHSO Privacy and Security Framework Forum Feb 16, 2016 BC First Nations Panorama Support

2 Agenda  Roll-call  General Updates  Access Audit Model  Round table discussion FNHSO P&S Framework Forum

3 Roll Call  Kwakiutl District Council Health Services  Seabird Island Band's Health Services Department  Three Corners Health Services Society  Tla’amin Community Health Services  Westbank First Nation Health and Wellness  Saulteau First Nation Health Services  Nuu-chah-nulth Tribal Council – Community and Human Services  Okanagan Indian Band Health Services  Cowichan Tribes - Ts’ewulhtun Health Services  Scw’exmx Community Health Service Society  Inter Tribal Health Authority  Pauquachin Health Centre  Nazko Health  Simpcw First Nation  Nak’azdli Health Centre  Ktunaxa Nation Council – Health Services  Splatsin Health Services  Sto:lo Service Agency Health FNHSO P&S Framework Forum

4 Context: Panorama Access Audit Program Objectives  Establish a robust access audit program that complies with the Panorama Access Audit requirements and includes the data in Panorama that is included in local systems (e.g. Mustimuhw)  Identify best practices for conducting user access audits in local systems (e.g. Mustimuhw)  Address the different service models:  Nurse works on their own or in a small community setting  Nurse works as part of a medium to large health program delivery team  Multiple sites within FNHSO  Define roles, responsibilities, processes, timelines, including escalation and disciplinary processes  Build capacity to support sustainability 4 FNHSO P&S Framework Forum

5 5 Staged Approach to Establish Access Audit Program Period 1 Validate & Refine Stage 1: Initial Audit Process Stage 0: Define Audit Program: Stages, RnR, etc. Validate & Refine Stage 2: Data Quality Audits Period 2Period 3 Validate & Refine Stage 3: Pattern-based Audits Validate & Refine Stage 4: Comprehensive Audit Program Period 4 5 FNHSO P&S Framework Forum

6 6 Period 1 2. Define Procedures / Forms Stage 1: Activities 1. Define Stage Objectives & Process 3. Validate Process / Procedures Period 2Period 3 4. Refine Policy / Process / Procedures Based on Lessons Learned 5. Refine Approach For Remaining Stages Based on Lessons Learned Period 4 6 Period 5 FNHSO P&S Framework Forum

7 Stage 1: Initial Access Audit Process √ Objectives established :  Develop capacity to:  Respond to user access complaints (reactive audit)  Inactivate user accounts that are not being used  Identify users that have accessed their own record or records of a family member with the same last name when not providing services  Monitor access to special clients 7 FNHSO P&S Framework Forum

8 8 Stage 1: 1. Define Process 8  Process defined √Respond to access complaints (reactive audit) √Inactivate user accounts that are not being used  Process topics for today:  Identify users that have accessed their own record or records of a family member with the same last name when not providing services  Monitor access to special clients FNHSO P&S Framework Forum

9 Identify User Accesses to Family Records  Context: Users are not allowed to review :  Their own records or  Records of a family member  unless they have a legitimate work-related reason to do so  Conformance Standard requirement  User is made aware that this is not allowed as part of Privacy Awareness training and when signing the Confidentiality and Acceptable Use Agreement FNHSO P&S Framework Forum

10 Identify User Accesses to Family Records  Investigation Process:  Execute Panorama report showing user activity against possible family members with same last name  Investigate whether access was inappropriate  Determine if the client had an appointment or other service event prior to the access event  Confirm that the user is part of client’s care team  Determine if the user viewed or updated the records  Other considerations? FNHSO P&S Framework Forum

11 Scenario 1: Nurse with access to a family member’s record provides lab results to family member Test for Inappropriate AccessAnswer Did the client have an appointment or other service event prior to the access event? Yes, lab work done Was the user is part of client’s care team? No, sister, not part of care team; CNRBC guidelines identify this as well; ethics Did the user view or update the client record? No, only printed lab result Was access appropriate?No FNHSO P&S Framework Forum

12 Scenario 2: Nurse provides immunization to a family member and charts service Test for Inappropriate AccessAnswer Did the client have an appointment or other service event prior to the access event? Yes Was the user is part of client’s care team? Yes, RN gave the imms Did the user view or update the client record? Yes, RN charted services Was access appropriate?Yes FNHSO P&S Framework Forum

13 Scenario 3: Nurse provides flu shot to a family member and then checks to see what STIs the family member has Test for Inappropriate AccessAnswer Did the client have an appointment or other service event prior to the access event? Yes Was the user is part of client’s care team? Yes Did the user view or update the client record? Both; sequence was chart the service, then view the record Was access appropriate?Depends on whether there is evidence of the need to go to STI documented in the chart FNHSO P&S Framework Forum

14 Scenario 4: Nurse accidently accesses a family member’s record – Test for Inappropriate Access Answer should you document this in the client record? Important to chart the access if something was added to the chart in error -Looking at something in error should be there for a short time – that would provide the hint that the access was in error w/o charting a note -Some FNHSOs document this with using Mustimuhw because duration is not available FNHSO P&S Framework Forum

15 Scenario 5: other scenarios? Test for Inappropriate AccessAnswer Did the client have an appointment or other service event prior to the access event? Was the user is part of client’s care team? Did the user view or update the client record? Was access appropriate? FNHSO P&S Framework Forum

16 Identify User Accesses to Family Records  Investigation Process (cont’d):  If warranted, review activity with user, user’s manager/supervisor  If access is confirmed to be inappropriate, determine disciplinary actions (e.g. Privacy refresher, review the Confidentiality & Acceptable Use Agreement) in conjunction with user’s manager/supervisor  If warranted Initiate Breach Management process or complete disciplinary actions  This access is not considered a breach unless the user continues to repeat this behavior after being reminded not to FNHSO P&S Framework Forum

17  Trigger: A “special” client has received services  How would you define “special”? FNHSO P&S Framework Forum Deferred: Monitor Access to Special Clients

18 Monitor Access to Special Clients  Investigation Process:  Execute Panorama report showing user activity against a specific client  Review access to identify possible inappropriate activity  If warranted, review activity with user, user’s manager/supervisor  If access is confirmed to be inappropriate, determine disciplinary actions (e.g. Privacy refresher, review the Confidentiality and Acceptable Use Agreement)  If warranted Initiate Breach Management process or complete disciplinary actions FNHSO P&S Framework Forum

19 19 Period 1 2. Define Procedures / Forms Stage 1: Activities 1. Define Stage Objectives & Process 3. Validate Process / Procedures Period 2Period 3 4. Refine Policy / Process / Procedures Based on Lessons Learned 5. Refine Approach For Remaining Stages Based on Lessons Learned Period 4 19 Period 5 FNHSO P&S Framework Forum

20 What forms are required? Stage 1 AuditsForms (others)? Template Available/Required? Respond to access complaints (reactive audit) Complaint form Client Response Letter FNHSO P&S Framework Forum

21 What forms are required? Stage 1 AuditsForms (others)? Template Available / Required? Inactivate user accounts that are not being used Letter to manager that explains: - how to evaluate access requirements - what to do if access is required or no longer required - Timeframe when response back is expected - Consequences when timeframe passes FNHSO P&S Framework Forum

22 What forms are required? Stage 1 AuditsForms (others)? Template Available / Required? Identify User Accesses to Family Records Letter to manager that explains: - how to evaluate whether access was appropriate - possible remediation activities if access was not appropriate - Timeframe when response back is expected - Consequences when timeframe passes FNHSO P&S Framework Forum

23 What forms are required? Stage 1 AuditsForms (others)? Template Available / Required? Monitor Access to Special Clients Letter to manager that explains: - how to evaluate whether access was appropriate - possible remediation activities if access was not appropriate - Timeframe when response back is expected - Consequences when timeframe passes FNHSO P&S Framework Forum

24 24 Period 1 2. Define Procedures / Forms Stage 1: Activities 1. Define Stage Objectives & Process 3. Validate Process / Procedures Period 2Period 3 4. Refine Policy / Process / Procedures Based on Lessons Learned 5. Refine Approach For Remaining Stages Based on Lessons Learned Period 4 24 Period 5 FNHSO P&S Framework Forum Next Step: 1.Prepare process & procedure documentation 2.Validate

25 Roundtable Review  Any changes to Panorama users (add/remove) ?  Questions or concerns?  Mildred: FOB not working and takes along time to correct; working with Karl/Lisa to address  Agenda items for next meeting?  Mildred for April meeting TBC late March – Mustimuhw audit procedure and screen shots where relevant FNHSO P&S Framework Forum

Download ppt "FNHSO Privacy and Security Framework Forum Feb 16, 2016 BC First Nations Panorama Support."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
The Risk Management Process (AS/NZS 4360, Chapter 3)

The Risk Management Process (AS/NZS 4360, Chapter 3)
Educational Specialists Performance Evaluation System

Educational Specialists Performance Evaluation System
Internet Rechartering 2014 All Unit Charter Renewals are due at the respective District’s Roundtable Meeting in November

Internet Rechartering 2014 All Unit Charter Renewals are due at the respective District’s Roundtable Meeting in November
Preparing for Compliance Monitoring Reviews Understanding CMS Protocols Used by Review Organizations January 14, 2009 Presented by: Margaret deHesse, RN,

Preparing for Compliance Monitoring Reviews Understanding CMS Protocols Used by Review Organizations January 14, 2009 Presented by: Margaret deHesse, RN,
Department of Children and Families Care Provider Background Screening Clearinghouse.

Department of Children and Families Care Provider Background Screening Clearinghouse.
Test Monitor Training Administering Minnesota Assessments “Leading for educational excellence and equity. Every day for every one.”

Test Monitor Training Administering Minnesota Assessments “Leading for educational excellence and equity. Every day for every one.”
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Mr. Caputo Unit #1 Lesson #7

Mr. Caputo Unit #1 Lesson #7
Environmental Management System (EMS)

Environmental Management System (EMS)
© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.

© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Hospital Patient Safety Initiatives: Discharge Planning

Hospital Patient Safety Initiatives: Discharge Planning
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
SAISD Federal Programs Department. Stage 1 of the Organization and Development Process Form the Planning Team 1 2.

SAISD Federal Programs Department. Stage 1 of the Organization and Development Process Form the Planning Team 1 2.
Test Security. Texas Education Code (TEC) Sec. 39.0301. SECURITY IN ADMINISTRATION OF ASSESSMENT INSTRUMENTS. (a) The commissioner: (1) shall establish.

Test Security. Texas Education Code (TEC) Sec SECURITY IN ADMINISTRATION OF ASSESSMENT INSTRUMENTS. (a) The commissioner: (1) shall establish.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Regulatory Update Ellen Leinfuss SVP, Life Sciences.

Regulatory Update Ellen Leinfuss SVP, Life Sciences.
AICT5 – eProject Project Planning for ICT. Process Centre receives Scenario Group Work Scenario on website in October Assessment Window Individual Work.

AICT5 – eProject Project Planning for ICT. Process Centre receives Scenario Group Work Scenario on website in October Assessment Window Individual Work.

Similar presentations

Ads by Google