Presentation is loading. Please wait.

Presentation is loading. Please wait.

FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support.

Similar presentations


Presentation on theme: "FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support."— Presentation transcript:

1 FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support

2 Agenda  Roll-call  General Updates  Access Audits  Round table discussion FNSHO P&S Framework Forum

3 Roll Call  Kwakiutl District Council Health Services  Seabird Island Band's Health Services Department  Three Corners Health Services Society  Tla’amin Community Health Services  Westbank First Nation Health and Wellness  Saulteau First Nation Health Services  Nuu-chah-nulth Tribal Council – Community and Human Services  Okanagan Indian Band Health Services  Cowichan Tribes - Ts’ewulhtun Health Services  Scw’exmx Community Health Service Society  Inter Tribal Health Authority  Pauquachin Health Centre  Nazko Health  Simpcw First Nation  Nak’azdli Health Centre  Ktunaxa Nation Council – Health Services  Splatsin Health Services FNSHO P&S Framework Forum

4 Panorama Access Audit Program Objectives  Establish a robust access audit program that complies with the Panorama Access Audit requirements and includes the data in Panorama that is included in their local systems (e.g. Mustimuhw)  Identify best practices for conducting user access audits in local systems (e.g. Mustimuhw)  Address the different service model situations  Nurse works on their own or in a small community setting  Nurse works as part of a medium to large health program delivery team  Multiple sites within FNHSO  Define roles, responsibilities, processes, timelines, including escalation and disciplinary processes  Build capacity to support sustainability 4 FNSHO P&S Framework Forum

5 5 Staged Approach to Establish Access Audit Program Period 1 Validate & Refine Stage 1: Initial Audit Process Stage 0 Define Stages, Processes, RnR, etc. Validate & Refine Stage 2: Data Quality Audits Period 2Period 3 Validate & Refine Stage 3: Pattern-based Audits Validate & Refine Stage 4: Comprehensive Audit Program Period 4 5 FNSHO P&S Framework Forum

6 Stage 1: Initial Access Audit Process  Objective:  Develop capacity to:  Respond to access complaints (reactive audit)  Inactivate inactive user accounts  Identify users that have accessed their own record or records of a family member with the same last name  Monitor access to special clients (e.g. chief, others) 6 FNSHO P&S Framework Forum

7 Stage 1: Initial Access Audit Process  Next Steps √ Develop Stage 1 processes and procedures  Develop standard approach for suspending user accounts, collecting VPN FOB and inactivating BCeIDs when a user leaves  Refine Stage 1 processes/procedures and approach for subsequent phases based on lessons learned  Refine Panorama Access Audit Policy to reflect lessons learned  Others? 7 FNSHO P&S Framework Forum

8 Reactive Audit  Trigger: Complaint received of possible inappropriate access to a specific client or by a specific user  Have you implemented a process to manage complaints?  Does it include responding to a complaint of possible inappropriate access to Panorama? FNSHO P&S Framework Forum

9 Reactive Audit  Investigation Process:  Execute Panorama report showing access to the specific client or by a specific user  Review activity to identify possible inappropriate activity  What do you think inappropriate activity would look like?  If warranted, review activity with user, user’s manager, possibly Human Resources  Would representatives from other departments be involved?  If access is confirmed to be inappropriate, determine disciplinary actions (e.g. Privacy refresher, review the User Acknowledgement) in conjunction with user’s manager and Human Resources  Would representatives from other departments be involved?  Other disciplinary actions that might be considered?  Initiate Breach Management process, if warranted or complete disciplinary actions FNSHO P&S Framework Forum

10 Inactivate Inactive User Accounts  Trigger: Users that have not used the system for a period of time must have their user account inactivated  Conformance Standard requirement  Intended to prevent access by an unauthorized user  Legitimate that some users wouldn’t necessarily have used their account during the date range (e.g. infrequent immunizations to document)  Inactivation is managed FNHSO Panorama Support Team, not Panorama Operations FNSHO P&S Framework Forum

11 Inactivate Inactive User Accounts  Process:  Execute Panorama report showing user activity  Notify the user & user manager that user account may be inactivated within 30 days if not used  Recommend possible retraining for the user  Inactivate the user account in 30 days if it is still inactive FNSHO P&S Framework Forum

12 Identify User Accesses to Family Records  Context: Users are not allowed to review :  Their own records or  Records of a family member unless they have a legitimate work-related reason to do so  Conformance Standard requirement  User is made aware that this is not allowed as part of Privacy Awareness training and when signing the Use Acknowledgement FNSHO P&S Framework Forum

13 Identify User Accesses to Family Records  Investigation Process:  Execute Panorama report showing user activity against clients with the same Last Name as the user (family member) or the same First Name/Last Name as the user (their own)  Review activity with user, user’s manager, possibly Human Resources  If access is confirmed to be inappropriate, determine disciplinary actions in conjunction with user’s manager and Human Resources  Initiate Breach Management process, if warranted or complete disciplinary actions  This access is not considered a breach unless the user continues to repeat this behavior after being reminded not to FNSHO P&S Framework Forum

14 Monitor Access to Special Clients  Trigger: A client of “importance” has received services  How would you define “importance”?  Investigation Process:  Execute Panorama report showing user activity against a specific client  Review activity to identify possible inappropriate activity  Review activity with user, user’s manager, possibly Human Resources  If access is confirmed to be inappropriate, determine disciplinary actio ns in conjunction with user’s manager and Human Resources  Initiate Breach Management process, if warranted or complete disciplinary actions FNSHO P&S Framework Forum

15 Roundtable Review  Any changes to Panorama users (add/remove) ?  Questions or concerns?  Agenda items for next meeting? FNSHO P&S Framework Forum


Download ppt "FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support."

Similar presentations


Ads by Google