FNHSO PANORAMA DATA
GOVERNANCE FORUM
Regular Forum Meeting
April 12, 2016
Agenda
• Roll-call
• Review of items from last PDGC meeting (Feb 23)
• Public Health Reporting Data Warehouse (PHRDW) update
• IHA Panorama ISA Compliance Assessment Results
• FNHSO Panorama ISA Compliance Process
• Cowichan Tribes ISA Compliance Assessment Results
• Roundtable review (i.e. future agenda items; other items;
etc.)
Role Call
• KDC
• Na’kazdli
• TCHSS
• Simpcw
• WFN
• Ktunaxa
• Tla’amin
• Splatsin
• OKIB
• Sto:lo
• NTC
• Seabird
• Saulteau
• Cowichan
• Scw’exmx
• Nazko
• Pauquachin
• ITHA
• FNHA Health
Protection
• Carrier Sekani
Family Services
• Heiltsuk
PHRDW Update
• Security model has been applied to the CD Data Mart to support
•
•
•
•
•
authorized RHA users to access a subset of Panorama CD data
The same security model will also be applied across other PHRDW
Data Marts thereby enabling RHA views/access to other PHRDW
datasets
A new Public Health Indicators Data Mart will make aggregate-level
Indicators of Health data available
New Data Marts are being developed that will integrate Panorama
data with other data sets (lab data, for instance) and will increase the
utility and value of the PHRDW (other examples: Vaccine Preventable
Disease data integrated with Vaccine History data, lab data, etc.)
Vital Stats data may also be integrated into PHRDW Data Marts
Currently, there is no authorized access to First Nation or FNHSO
identified data through any of the PHRDW Data Marts
PHRDW Architecture 2016
5
IHA ISA Compliance Assessment
Refer to slides from March PDGC meeting
Panorama
Information Sharing Agreement
Compliance Assessment
March 22, 2016
Givonna DeBruin, Corporate Director, Internal Audit
Background
•
•
Purpose to measure Interior Health’s (IH)
compliance with the Information Sharing
Agreement and Data Governance Framework as
part of the implementation of the Panorama
system.
Top Risks:
1. Privacy or security breaches occur and are not
identified or addressed on a timely basis.
2. Information in the Panorama database is inaccurate,
incomplete or out of date.
3. Staff have access to patient information that is not
required for their job.
8
Background
• Audit requested by the Office of the
Information Privacy Commissioner
• “Audit” – What does that Mean?
– Systematic examination and assessment
– Independent mindset and validation
9
Background
•
•
IH piloted the audit tool to be used by other
health authorities to measure compliance of this
system containing significant patient data.
Tool Development
– Key components from Agreement
– Developed and Piloted tool to guide assessment
•
Tool findings provide valuable information and
guidance to assist with strengthening maturity.
10
Compliance with ISA
Findings at IH
•
•
•
•
1
4
Fully Met
13 of the 18 data governance
requirements fully met
Most other requirements partially met
Demonstrates a good level of maturity
Requirements that are fully met include:
13
•
•
•
•
•
•
Principle Data Steward responsibility
Whistleblower policy and program
Foreign access restrictions
Foreign information demands
Breach management policy
Security Threat Risk and Privacy Impact
Assessments
Partially Met
Not Met
User Privacy obligations acceptance
Clients’ information use notification
Data use for internal research
Data use for program evaluation or
surveillance (3 aspects: self, multiple
party, foreign)
• Client’s access to own information
•
•
•
•
11
Findings at IH
•
5 requirements not fully met,
comprise 3 main themes.
–
–
–
Fully Met
Partially Met
Not Met
Risk Assessment and Audit — Privacy and Security Audits
are not conducted on a regular basis as required, rather only
completed when a breach is suspected or reported.
Evidence Retention — Evidence to support compliance
with the Agreement has not been consistently retained for all
items in all areas.
Periodic Awareness and Acknowledgement — Panorama
specific user awareness training and Acceptable Use
Acknowledgements currently are only completed at onset of
use of the application and does not include an annual reacknowledgement/training process.
12
Lessons Learned
• Self-assessment by management
– Increases engagement
– Tool familiarity
• Independent assurance added
– Objective validation
• Overall increase in knowledge and
understanding of ISA requirements
13
Ts’ewulhtun Health Centre ISA
Compliance Assessment
Refer to Ts’ewulhtun Health Centre Panorama Information
Sharing Agreement Compliance Assessment PowerPoint
presentation
Roundtable
• Questions?
• Request for agenda items to be included in next meeting?