Download presentation
Presentation is loading. Please wait.
Published byJean Lane Modified over 8 years ago
1
FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support
2
Agenda Roll-call General Updates Access Audits Round table discussion FNSHO P&S Framework Forum
3
Roll Call Kwakiutl District Council Health Services Seabird Island Band's Health Services Department Three Corners Health Services Society Tla’amin Community Health Services Westbank First Nation Health and Wellness Saulteau First Nation Health Services Nuu-chah-nulth Tribal Council – Community and Human Services Okanagan Indian Band Health Services Cowichan Tribes - Ts’ewulhtun Health Services Scw’exmx Community Health Service Society Inter Tribal Health Authority Pauquachin Health Centre Nazko Health Simpcw First Nation Nak’azdli Health Centre Ktunaxa Nation Council – Health Services Splatsin Health Services FNSHO P&S Framework Forum
4
Panorama Access Audit Program Objectives Establish a robust access audit program that complies with the Panorama Access Audit requirements and includes the data in Panorama that is included in their local systems (e.g. Mustimuhw) Identify best practices for conducting user access audits in local systems (e.g. Mustimuhw) Address the different service model situations Nurse works on their own or in a small community setting Nurse works as part of a medium to large health program delivery team Multiple sites within FNHSO Define roles, responsibilities, processes, timelines, including escalation and disciplinary processes Build capacity to support sustainability 4 FNSHO P&S Framework Forum
5
5 Staged Approach to Establish Access Audit Program Period 1 Validate & Refine Stage 1: Initial Audit Process Stage 0 Define Stages, Processes, RnR, etc. Validate & Refine Stage 2: Data Quality Audits Period 2Period 3 Validate & Refine Stage 3: Pattern-based Audits Validate & Refine Stage 4: Comprehensive Audit Program Period 4 5 FNSHO P&S Framework Forum
6
Stage 1: Initial Access Audit Process Objective: Develop capacity to: Respond to access complaints (reactive audit) Inactivate inactive user accounts Identify users that have accessed their own record or records of a family member with the same last name Monitor access to special clients (e.g. chief, others) 6 FNSHO P&S Framework Forum
7
Stage 1: Initial Access Audit Process Next Steps √ Develop Stage 1 processes and procedures Develop standard approach for suspending user accounts, collecting VPN FOB and inactivating BCeIDs when a user leaves Refine Stage 1 processes/procedures and approach for subsequent phases based on lessons learned Refine Panorama Access Audit Policy to reflect lessons learned Others? 7 FNSHO P&S Framework Forum
8
Reactive Audit Trigger: Complaint received of possible inappropriate access to a specific client or by a specific user Have you implemented a process to manage complaints? Does it include responding to a complaint of possible inappropriate access to Panorama? FNSHO P&S Framework Forum
9
Reactive Audit Investigation Process: Execute Panorama report showing access to the specific client or by a specific user Review activity to identify possible inappropriate activity What do you think inappropriate activity would look like? If warranted, review activity with user, user’s manager, possibly Human Resources Would representatives from other departments be involved? If access is confirmed to be inappropriate, determine disciplinary actions (e.g. Privacy refresher, review the User Acknowledgement) in conjunction with user’s manager and Human Resources Would representatives from other departments be involved? Other disciplinary actions that might be considered? Initiate Breach Management process, if warranted or complete disciplinary actions FNSHO P&S Framework Forum
10
Inactivate Inactive User Accounts Trigger: Users that have not used the system for a period of time must have their user account inactivated Conformance Standard requirement Intended to prevent access by an unauthorized user Legitimate that some users wouldn’t necessarily have used their account during the date range (e.g. infrequent immunizations to document) Inactivation is managed FNHSO Panorama Support Team, not Panorama Operations FNSHO P&S Framework Forum
11
Inactivate Inactive User Accounts Process: Execute Panorama report showing user activity Notify the user & user manager that user account may be inactivated within 30 days if not used Recommend possible retraining for the user Inactivate the user account in 30 days if it is still inactive FNSHO P&S Framework Forum
12
Identify User Accesses to Family Records Context: Users are not allowed to review : Their own records or Records of a family member unless they have a legitimate work-related reason to do so Conformance Standard requirement User is made aware that this is not allowed as part of Privacy Awareness training and when signing the Use Acknowledgement FNSHO P&S Framework Forum
13
Identify User Accesses to Family Records Investigation Process: Execute Panorama report showing user activity against clients with the same Last Name as the user (family member) or the same First Name/Last Name as the user (their own) Review activity with user, user’s manager, possibly Human Resources If access is confirmed to be inappropriate, determine disciplinary actions in conjunction with user’s manager and Human Resources Initiate Breach Management process, if warranted or complete disciplinary actions This access is not considered a breach unless the user continues to repeat this behavior after being reminded not to FNSHO P&S Framework Forum
14
Monitor Access to Special Clients Trigger: A client of “importance” has received services How would you define “importance”? Investigation Process: Execute Panorama report showing user activity against a specific client Review activity to identify possible inappropriate activity Review activity with user, user’s manager, possibly Human Resources If access is confirmed to be inappropriate, determine disciplinary actio ns in conjunction with user’s manager and Human Resources Initiate Breach Management process, if warranted or complete disciplinary actions FNSHO P&S Framework Forum
15
Roundtable Review Any changes to Panorama users (add/remove) ? Questions or concerns? Agenda items for next meeting? FNSHO P&S Framework Forum
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.