Alberta Health Customization
Our consulting services use consistent, automated, and efficient sub processes. This allows ThreeShield to focus on your unique concerns and needs with a fully customizable -- yet very efficient -- approach.
Alberta Health Information Management and Information Technology (IMIT) vulnerability assessments and compliance reviews are customized to include Government of Alberta and AHS requirements. Examples of such requirements include the following:
-
2015-2020 Alberta Health Services Information Management and Information Technology Strategic Plan
- Mobile and Internet information access
- Social media
- AHS focus areas to balancing privacy and security with access and collaboration:
- Enabling
- Collaborating
- Responding
- Assuring
- Access controls and privacy for order sets, care pathways, and clinical documentation
- Alberta Health Information Act
- Shared EMR Access requirements
- Access Request Process
-
Least privilege
-
User access termination
- Alberta HIA (Health Information Act') training
- Privacy awareness
- Segregation of duties
- Authorizations
- Privacy Awareness
- Antivirus
- Password Management
-
AHS Records Retention Schedule
-
AHS Records Destruction Procedure
- Cloud migrations and security
Assessment Process
Although fully customizable, a typical engagement includes the following:
-
Initial scope discussion covering:
- web sites and Internet-facing systems
- networks, VPNs, and wireless systems
- servers, workstations, virtual machines, and operating systems
- established policies, standards, and procedures
- business impact assessment, disaster recovery, business continuity plans, and backup processes
- external systems and service providers
- compliance needs
-
Internal and external vulnerability scans
-
Partially-automated penetration tests
-
Execution of proprietary configuration extraction scripts.
-
Compliance assessment for:
- Alberta Health Information Act (HIA)
-
Alberta EMR, EHR, CCCIS access requirements
- AHS Records Rention Schedule
- privacy and personally-identifiable information (PII)
- Alberta Personal Information Protection Act
- Financial statement controls
- Clinic/organization policies
- Credit card compliance (PCI)
-
Server, Active Directory, databases, applications, and cloud service configurations.
-
Reporting at the level you need: from highly technical, executive risk statements, and customer assurance.