Presentation is loading. Please wait.

Presentation is loading. Please wait.

FNHSO Privacy and Security Framework Forum Jan 19, 2016

Published byAustin Wilson Modified over 6 years ago

Similar presentations

Presentation on theme: "FNHSO Privacy and Security Framework Forum Jan 19, 2016"— Presentation transcript:

1 FNHSO Privacy and Security Framework Forum Jan 19, 2016
BC First Nations Panorama Support FNHSO Privacy and Security Framework Forum Jan 19, 2016

2 Agenda Roll-call General Updates Access Audits Round table discussion
FNSHO P&S Framework Forum Agenda Roll-call General Updates Access Audits Round table discussion

3 Roll Call FNSHO P&S Framework Forum
Kwakiutl District Council Health Services Seabird Island Band's Health Services Department Three Corners Health Services Society Tla’amin Community Health Services Westbank First Nation Health and Wellness Saulteau First Nation Health Services Nuu-chah-nulth Tribal Council – Community and Human Services Okanagan Indian Band Health Services Cowichan Tribes - Ts’ewulhtun Health Services Scw’exmx Community Health Service Society Inter Tribal Health Authority Pauquachin Health Centre Nazko Health Simpcw First Nation Nak’azdli Health Centre Ktunaxa Nation Council – Health Services Splatsin Health Services

4 Panorama Access Audit Program Objectives
FNSHO P&S Framework Forum Panorama Access Audit Program Objectives Establish a robust access audit program that complies with the Panorama Access Audit requirements and includes the data in Panorama that is included in their local systems (e.g. Mustimuhw) Identify best practices for conducting user access audits in local systems (e.g. Mustimuhw) Address the different service model situations Nurse works on their own or in a small community setting Nurse works as part of a medium to large health program delivery team Multiple sites within FNHSO Define roles, responsibilities, processes, timelines, including escalation and disciplinary processes Build capacity to support sustainability

5 Staged Approach to Establish Access Audit Program
FNSHO P&S Framework Forum Staged Approach to Establish Access Audit Program Period 1 Validate & Refine Stage 1: Initial Audit Process Stage 0 Define Stages, Processes, RnR, etc. Refine Stage 2: Data Quality Audits Period 2 Period 3 Refine Stage 3: Pattern-based Audits Refine Stage 4: Comprehensive Audit Program Period 4 Add March 15 PDG meeting

6 Stage 1: Initial Access Audit Process
FNSHO P&S Framework Forum Stage 1: Initial Access Audit Process Objective: Develop capacity to: Respond to access complaints (reactive audit) Inactivate inactive user accounts Identify users that have accessed their own record or records of a family member with the same last name Monitor access to special clients (e.g. chief, others)

7 Stage 1: Initial Access Audit Process
FNSHO P&S Framework Forum Stage 1: Initial Access Audit Process Next Steps √ Develop Stage 1 processes and procedures Develop standard approach for suspending user accounts, collecting VPN FOB and inactivating BCeIDs when a user leaves Refine Stage 1 processes/procedures and approach for subsequent phases based on lessons learned Refine Panorama Access Audit Policy to reflect lessons learned Others?

8 FNSHO P&S Framework Forum
Reactive Audit Trigger: Complaint received of possible inappropriate access to a specific client or by a specific user Have you implemented a process to manage complaints? Does it include responding to a complaint of possible inappropriate access to Panorama?

9 Reactive Audit FNSHO P&S Framework Forum Investigation Process:
Execute Panorama report showing access to the specific client or by a specific user Review activity to identify possible inappropriate activity What do you think inappropriate activity would look like? If warranted, review activity with user, user’s manager, possibly Human Resources Would representatives from other departments be involved? If access is confirmed to be inappropriate, determine disciplinary actions (e.g. Privacy refresher, review the User Acknowledgement) in conjunction with user’s manager and Human Resources Other disciplinary actions that might be considered? Initiate Breach Management process, if warranted or complete disciplinary actions

10 Inactivate Inactive User Accounts
FNSHO P&S Framework Forum Inactivate Inactive User Accounts Trigger: Users that have not used the system for a period of time must have their user account inactivated Conformance Standard requirement Intended to prevent access by an unauthorized user Legitimate that some users wouldn’t necessarily have used their account during the date range (e.g. infrequent immunizations to document) Inactivation is managed FNHSO Panorama Support Team, not Panorama Operations

11 Inactivate Inactive User Accounts
FNSHO P&S Framework Forum Inactivate Inactive User Accounts Process: Execute Panorama report showing user activity Notify the user & user manager that user account may be inactivated within 30 days if not used Recommend possible retraining for the user Inactivate the user account in 30 days if it is still inactive

12 Identify User Accesses to Family Records
FNSHO P&S Framework Forum Identify User Accesses to Family Records Context: Users are not allowed to review: Their own records or Records of a family member unless they have a legitimate work-related reason to do so Conformance Standard requirement User is made aware that this is not allowed as part of Privacy Awareness training and when signing the Use Acknowledgement

13 Identify User Accesses to Family Records
FNSHO P&S Framework Forum Identify User Accesses to Family Records Investigation Process: Execute Panorama report showing user activity against clients with the same Last Name as the user (family member) or the same First Name/Last Name as the user (their own) Review activity with user, user’s manager, possibly Human Resources If access is confirmed to be inappropriate, determine disciplinary actions in conjunction with user’s manager and Human Resources Initiate Breach Management process, if warranted or complete disciplinary actions This access is not considered a breach unless the user continues to repeat this behavior after being reminded not to

14 Monitor Access to Special Clients
FNSHO P&S Framework Forum Monitor Access to Special Clients Trigger: A client of “importance” has received services How would you define “importance”? Investigation Process: Execute Panorama report showing user activity against a specific client Review activity to identify possible inappropriate activity Review activity with user, user’s manager, possibly Human Resources If access is confirmed to be inappropriate, determine disciplinary actions in conjunction with user’s manager and Human Resources Initiate Breach Management process, if warranted or complete disciplinary actions

15 Roundtable Review Any changes to Panorama users (add/remove) ?
FNSHO P&S Framework Forum Roundtable Review Any changes to Panorama users (add/remove) ? Questions or concerns? Agenda items for next meeting?

Download ppt "FNHSO Privacy and Security Framework Forum Jan 19, 2016"

Similar presentations

Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
This material was produced under grant number SH-22316-SH-1 from the Occupational Safety and Health Administration, U.S. Department of Labor. It does not.

This material was produced under grant number SH SH-1 from the Occupational Safety and Health Administration, U.S. Department of Labor. It does not.
Staff Structure Support HCCA Special Interest Group 1-28-03 New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.

Staff Structure Support HCCA Special Interest Group New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.
Confidentiality and Public Information Act LISD Special Education Department Training SY 2012-2013.

Confidentiality and Public Information Act LISD Special Education Department Training SY
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
2008 New York - Member Forum Council for Responsible Jewellery Practices, Ltd. Overview of CRJP.

2008 New York - Member Forum Council for Responsible Jewellery Practices, Ltd. Overview of CRJP.
Management Responsibilities. Building a Culture of Safety.

Management Responsibilities. Building a Culture of Safety.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
South Hunterdon Regional School District Consolidated Monitoring Report (CMR) Presentation to the SHRSD Board of Education on October 26, 2015 Audit from.

South Hunterdon Regional School District Consolidated Monitoring Report (CMR) Presentation to the SHRSD Board of Education on October 26, 2015 Audit from.
FNHSO Privacy and Security Framework Forum Mar 15, 2016 BC First Nations Panorama Support.

FNHSO Privacy and Security Framework Forum Mar 15, 2016 BC First Nations Panorama Support.
FNHSO PANORAMA DATA GOVERNANCE FORUM Kick-off Meeting July 8, 2014.

FNHSO PANORAMA DATA GOVERNANCE FORUM Kick-off Meeting July 8, 2014.
FNHSO Privacy and Security Framework Forum Feb 16, 2016 BC First Nations Panorama Support.

FNHSO Privacy and Security Framework Forum Feb 16, 2016 BC First Nations Panorama Support.
Quality Assurance Lincolnshire County Council Provider Forum Handout 2010.

Quality Assurance Lincolnshire County Council Provider Forum Handout 2010.
FNHSO PANORAMA DATA GOVERNANCE FORUM Regular Forum Meeting April 12, 2016.

FNHSO PANORAMA DATA GOVERNANCE FORUM Regular Forum Meeting April 12, 2016.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
FNHSO Privacy and Security Framework Forum Nov 19, 2014 BC First Nations Panorama Support.

FNHSO Privacy and Security Framework Forum Nov 19, 2014 BC First Nations Panorama Support.
Public sector whistleblowing: Ombudsman Victoria’s experience 10 June 2010 Glenn Sullivan, Director Ombudsman Victoria.

Public sector whistleblowing: Ombudsman Victoria’s experience 10 June 2010 Glenn Sullivan, Director Ombudsman Victoria.
FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support.

FNHSO Privacy and Security Framework Forum Jan 19, 2016 BC First Nations Panorama Support.
FNHSO Privacy and Security Framework Forum June 16, 2015 BC First Nations Panorama Support.

FNHSO Privacy and Security Framework Forum June 16, 2015 BC First Nations Panorama Support.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Similar presentations

Ads by Google