Presentation is loading. Please wait.

Presentation is loading. Please wait.

FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support.

Published byJean Lane Modified over 8 years ago

Similar presentations

Presentation on theme: "FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support."— Presentation transcript:

1 FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support

2 Agenda  Roll-call  General Updates  Access Audits  Round table discussion FNSHO P&S Framework Forum

3 Roll Call  Kwakiutl District Council Health Services  Seabird Island Band's Health Services Department  Three Corners Health Services Society  Tla’amin Community Health Services  Westbank First Nation Health and Wellness  Saulteau First Nation Health Services  Nuu-chah-nulth Tribal Council – Community and Human Services  Okanagan Indian Band Health Services  Cowichan Tribes - Ts’ewulhtun Health Services  Scw’exmx Community Health Service Society  Inter Tribal Health Authority  Pauquachin Health Centre  Nazko Health  Simpcw First Nation  Nak’azdli Health Centre  Ktunaxa Nation Council – Health Services  Splatsin Health Services FNSHO P&S Framework Forum

4 Panorama Access Audit Program Objectives  Establish a robust access audit program that complies with the Panorama Access Audit requirements and includes the data in Panorama that is included in their local systems (e.g. Mustimuhw)  Identify best practices for conducting user access audits in local systems (e.g. Mustimuhw)  Address the different service model situations  Nurse works on their own or in a small community setting  Nurse works as part of a medium to large health program delivery team  Multiple sites within FNHSO  Define roles, responsibilities, processes, timelines, including escalation and disciplinary processes  Build capacity to support sustainability 4 FNSHO P&S Framework Forum

5 5 Staged Approach to Establish Access Audit Program Period 1 Validate & Refine Stage 1: Initial Audit Process Stage 0 Define Stages, Processes, RnR, etc. Validate & Refine Stage 2: Data Quality Audits Period 2Period 3 Validate & Refine Stage 3: Pattern-based Audits Validate & Refine Stage 4: Comprehensive Audit Program Period 4 5 FNSHO P&S Framework Forum

6 Stage 1: Initial Access Audit Process  Objective:  Develop capacity to:  Respond to access complaints (reactive audit)  Inactivate inactive user accounts  Identify users that have accessed their own record or records of a family member with the same last name  Monitor access to special clients (e.g. chief, others) 6 FNSHO P&S Framework Forum

7 Stage 1: Initial Access Audit Process  Next Steps √ Develop Stage 1 processes and procedures  Develop standard approach for suspending user accounts, collecting VPN FOB and inactivating BCeIDs when a user leaves  Refine Stage 1 processes/procedures and approach for subsequent phases based on lessons learned  Refine Panorama Access Audit Policy to reflect lessons learned  Others? 7 FNSHO P&S Framework Forum

8 Reactive Audit  Trigger: Complaint received of possible inappropriate access to a specific client or by a specific user  Have you implemented a process to manage complaints?  Does it include responding to a complaint of possible inappropriate access to Panorama? FNSHO P&S Framework Forum

9 Reactive Audit  Investigation Process:  Execute Panorama report showing access to the specific client or by a specific user  Review activity to identify possible inappropriate activity  What do you think inappropriate activity would look like?  If warranted, review activity with user, user’s manager, possibly Human Resources  Would representatives from other departments be involved?  If access is confirmed to be inappropriate, determine disciplinary actions (e.g. Privacy refresher, review the User Acknowledgement) in conjunction with user’s manager and Human Resources  Would representatives from other departments be involved?  Other disciplinary actions that might be considered?  Initiate Breach Management process, if warranted or complete disciplinary actions FNSHO P&S Framework Forum

10 Inactivate Inactive User Accounts  Trigger: Users that have not used the system for a period of time must have their user account inactivated  Conformance Standard requirement  Intended to prevent access by an unauthorized user  Legitimate that some users wouldn’t necessarily have used their account during the date range (e.g. infrequent immunizations to document)  Inactivation is managed FNHSO Panorama Support Team, not Panorama Operations FNSHO P&S Framework Forum

11 Inactivate Inactive User Accounts  Process:  Execute Panorama report showing user activity  Notify the user & user manager that user account may be inactivated within 30 days if not used  Recommend possible retraining for the user  Inactivate the user account in 30 days if it is still inactive FNSHO P&S Framework Forum

12 Identify User Accesses to Family Records  Context: Users are not allowed to review :  Their own records or  Records of a family member unless they have a legitimate work-related reason to do so  Conformance Standard requirement  User is made aware that this is not allowed as part of Privacy Awareness training and when signing the Use Acknowledgement FNSHO P&S Framework Forum

13 Identify User Accesses to Family Records  Investigation Process:  Execute Panorama report showing user activity against clients with the same Last Name as the user (family member) or the same First Name/Last Name as the user (their own)  Review activity with user, user’s manager, possibly Human Resources  If access is confirmed to be inappropriate, determine disciplinary actions in conjunction with user’s manager and Human Resources  Initiate Breach Management process, if warranted or complete disciplinary actions  This access is not considered a breach unless the user continues to repeat this behavior after being reminded not to FNSHO P&S Framework Forum

14 Monitor Access to Special Clients  Trigger: A client of “importance” has received services  How would you define “importance”?  Investigation Process:  Execute Panorama report showing user activity against a specific client  Review activity to identify possible inappropriate activity  Review activity with user, user’s manager, possibly Human Resources  If access is confirmed to be inappropriate, determine disciplinary actio ns in conjunction with user’s manager and Human Resources  Initiate Breach Management process, if warranted or complete disciplinary actions FNSHO P&S Framework Forum

15 Roundtable Review  Any changes to Panorama users (add/remove) ?  Questions or concerns?  Agenda items for next meeting? FNSHO P&S Framework Forum

Download ppt "FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support."

Similar presentations

The Risk Management Process (AS/NZS 4360, Chapter 3)

The Risk Management Process (AS/NZS 4360, Chapter 3)
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Comprehensive, Integrated, Three-Tiered (CI3T) Models of Prevention: Why does my school – and district – need an integrated approach to meet students’

Comprehensive, Integrated, Three-Tiered (CI3T) Models of Prevention: Why does my school – and district – need an integrated approach to meet students’
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.

© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.
EEN [Canada] Forum Shelley Borys Director, Evaluation September 30, 2010 Developing Evaluation Capacity.

EEN [Canada] Forum Shelley Borys Director, Evaluation September 30, 2010 Developing Evaluation Capacity.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
This material was produced under grant number SH-22316-SH-1 from the Occupational Safety and Health Administration, U.S. Department of Labor. It does not.

This material was produced under grant number SH SH-1 from the Occupational Safety and Health Administration, U.S. Department of Labor. It does not.
Staff Structure Support HCCA Special Interest Group 1-28-03 New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.

Staff Structure Support HCCA Special Interest Group New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.
Confidentiality and Public Information Act LISD Special Education Department Training SY 2012-2013.

Confidentiality and Public Information Act LISD Special Education Department Training SY
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
2008 New York - Member Forum Council for Responsible Jewellery Practices, Ltd. Overview of CRJP.

2008 New York - Member Forum Council for Responsible Jewellery Practices, Ltd. Overview of CRJP.
Management Responsibilities. Building a Culture of Safety.

Management Responsibilities. Building a Culture of Safety.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Background Management Council (MC) was briefed on approach in early Feb 2003 and approved it Agreed that every Service Group (SG) will participate in.

Background Management Council (MC) was briefed on approach in early Feb 2003 and approved it Agreed that every Service Group (SG) will participate in.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Local Assessment of Code of Conduct Complaints. Background  On 08 May 2008 – the local assessment of Code of Conduct complaints was implemented due to.

Local Assessment of Code of Conduct Complaints. Background  On 08 May 2008 – the local assessment of Code of Conduct complaints was implemented due to.

Similar presentations

Ads by Google