Audit of Data Sharing Agreements:
Ontario Ministry of Health and Long-Term Care

Audit Report

Report Date: March 2012
Project Number: 80590-68

Executive Summary

Data Sharing Agreements (DSAs) are a key business process. In recent years, data-sharing has become a growing and increasingly complex area to manage. Ensuring confidentiality of data is a challenge. Currently, Statistics Canada has four DSAs covering health surveys, under the authority of section 12 of the Statistics Act with the Ontario Ministry of Health and Long-Term Care (the Ministry). The Ministry may share the data with third party recipients such as Health Regions within its jurisdiction; researchers at a recognized provincial or university Research Institutes or Organizations; the Ontario Institute for Clinical Evaluative Sciences and Cancer Care Ontario.

To protect the confidentiality and sensitive nature of the information collected, the DSAs contain terms and conditions to ensure that confidentiality of information is not compromised.

The objective of this audit is to provide assurance to the Chief Statistician (CS) and Statistics Canada's Departmental Audit Committee (DAC) that:

  • The Terms and Conditions of the Data Sharing Agreements between Statistics Canada and the Ministry are met.

The audit was conducted by Internal Audit Services in accordance with the Government of Canada's Policy on Internal Audit.

Key Findings

Roles and responsibilities are formally defined and communicated and effective segregation of duties exist to manage Statistics Canada confidential information and contractual agreements both at Statistics Canada and at the Ministry. A delegation of authority matrix at the Ministry specifies the level of authority required to share data with third parties. The Ministry includes an audit clause in all third party contractual agreements where identifiable information is shared. The Ministry is planning to start "process" audits in 2012 to assess compliance to the requirements prescribed in the Ministry's agreements. Formal practices and procedures are in place to ensure that management identifies and responds to risks for protecting and safeguarding Statistics Canada confidential information. Effective controls for physical access to the Ministry's premises and physical storage are in place. Logical access controls and effective practices compliant with the Ministry's policy on identification and authentication safeguards are in place and working as intended.

Assessment of electronic access privileges of Statistics Canada data files at the Ministry revealed that opportunities exist to strengthen access controls by providing access privileges to employees on a "need-to-know" basis. Ongoing monitoring should be performed by the Ministry to ensure access privileges to Statistics Canada data files are up to date and granted to authorized employees only.

Overall Conclusion

Statistics Canada entered into statistical data-sharing agreements with the Ministry to assist and support health planning and decision making. The partnership between Statistics Canada and the Ministry ensures that confidentiality of data is maintained.

The Ministry has clear delegated authorities, delineation of responsibilities, and clear lines of communication to support effective management of the Terms and Conditions (T&Cs) of the DSAs between Statistics Canada and the Ministry. Formal practices and procedures for Data Management and Information Management are in place at the Ministry to ensure that management identifies and responds to risks for protecting and safeguarding Statistics Canada confidential information. Effective controls and safeguards for physical access to the Ministry's premises, physical storage, identification and authentication, and IT storage and transmission exist to protect against loss, theft, compromise or improper disclosure.

Opportunities to strengthen electronic access controls exist by 1) Providing access privileges to Statistics Canada data files to employees on a "need-to-know" basis and 2) Conducting ongoing monitoring of access privileges to Statistics Canada data files to ensure they are up to date and granted to authorized employees only.

Conformance and Professional Standards

The conduct of this engagement conforms to the International Standards for the Professional Practice of Internal Auditing and the Government of Canada Internal Auditing Standards. Sufficient testing was carried to support the findings and related recommendations.

Patrice Prud'homme
Chief Audit Executive
Internal Audit Services, Statistics Canada

Introduction

Background

The Health Statistics Division (HSD) at Statistics Canada has the mandate to provide accurate, timely and relevant information about the health of Canadians. The HSD provides statistical information about the health of the population, the determinants of health, and the scope and utilization of Canada's health care resources. This information is used to assist and support health planners and decision-makers at all levels of government, to sustain demographic and epidemiological research, and to report to the Canadian public about their collective health and health care system. The HSD works in partnership with provincial and territorial vital statistics registrars and cancer registries as well as data providers and users at the federal level (Health Canada and the Public Health Agency of Canada), provincial level (provincial ministries of health), and the regional level (health regions).

To achieve its mandate, the HSD enters into statistical data-sharing agreements (DSAs) with other organizations under the authority of sections 11 and 12 of the Statistics Act. These agreements cover nearly all of the business surveys and a majority of household surveys, and enjoy certain exceptions regarding the release of confidential respondent information either with or without the respondent consent, provided that the legal requirements for the provision of data-sharing information, consent rights and confidentiality protection are respected by all parties. In general, data-sharing for statistical purposes occurs when statistical and information inquiry is initiated by joint survey partners, or where a common data resource is equally and jointly owned by two or more partners. Data-sharing is exercised when there are significant reductions in response burden and compliance costs for data-sharing partners, as well as improvements in statistical data accuracy, coverage, relevance and timeliness.

DSAs are a key business process. In recent years, data-sharing has become a growing and increasingly complex area to manage. Ensuring confidentiality of data is a challenge. Currently, Statistics Canada has four DSAs covering health surveys, under the authority of section 12 of the Statistics Act with the Ontario Ministry of Health and Long-Term Care (the Ministry). They are:

  1. The Canadian Community Health Survey (CCHS)
  2. Canadian Community Health Survey – Nutrition (CCHS Nutrition)
  3. The National Population Health Survey (NPHS) and
  4. The Survey on Living with Chronic Diseases in Canada (SLCDC).

The CCHS is a cross-sectional survey which collects information related to health status, health care utilization and health determinants for the Canadian population. It is an annual survey which relies upon a large sample of respondents and is designed to provide reliable estimates at the health region level. The CCHS Nutrition is a one-time survey to gather information at the provincial level on the overall nutritional status of the Canadian population. Its primary goal is to provide reliable, timely information about the dietary intake, nutritional well-being and their key determinants to inform and guide programs, policies and activities of federal and provincial governments and local health agencies. The uniqueness of these surveys arises from the regional nature of both content and survey implementation. These aspects allow for analysis of health data at a regional level, across Canada.

The NPHS is a longitudinal survey providing unique information about the health of Canadians. Every two years, the same individuals provide current and in-depth information on their physical and mental health status, use of health care services, physical activities, life in the workplace and social environment. It collects information related to the health of the Canadian population and related socio-demographic information. Health Canada, the Public Health Agency of Canada and provincial ministries use NPHS longitudinal data to plan

The SLCDC is sponsored by the Public Health Agency of Canada to assess the impact of diabetes and respiratory conditions (asthma and chronic obstructive pulmonary disease) on quality of life and to provide more information on how Canadians manage their chronic condition. Data were collected in the fall of 2010 and the spring of 2011 and approximately 6,500 individuals in the ten provinces were interviewed.

The data are used extensively by the research community and other health professionals. Federal and provincial departments of health and human resources, social service agencies, and other types of government agencies use the information collected from the respondents to plan, implement and evaluate programs to improve health and the efficiency of health services. Non-profit health organizations and academic researchers use the information for research on ways to improve health.

Audit Objectives

The objective of the audit is to provide assurance to the Chief Statistician and Statistics Canada's Departmental Audit Committee that:

  • The Terms and Conditions of the Data Sharing Agreements between Statistics Canada and the Ministry are met.

Scope

The scope of this audit included an examination of the terms and conditions prescribed in the four DSAs to ensure that confidentiality of information and the sensitive nature of the information collected is protected. The audit focused on the confidentiality and security (physical access, IT storage and transmission, physical storage and information copying and retention and record management) safeguards at the Ministry to ensure that data is protected and confidentiality is maintained.

The Ministry may share the data with third party recipients such as Health Regions within its jurisdiction; researchers at a recognized provincial or university Research Institutes or Organizations; the Ontario Institute for Clinical Evaluative Sciences and Cancer Care Ontario. To protect the confidentiality and sensitive nature of the information collected, the DSAs contain terms and conditions to ensure that confidentiality of information is not compromised.

Approach

A site visit to the Ministry was conducted to assess the procedures in place to ensure the T&Cs of the DSAs between Statistics Canada and the Ministry are met. The approach consisted of interviews with key Senior Management and personnel and an examination, review and testing of processes and procedures in place at the Ministry to ensure the terms and conditions of the DSAs between Statistics Canada and the Ministry are met with emphasis on whether the security requirements are in place and complied to and confidentiality of data is maintained.

Authority

The audit was conducted under the authority of Statistics Canada Multi-Year Risk-Based Audit Plan 2011/12-2013/14, approved March, 2011 by the Departmental Audit Committee.

Findings, Recommendations and Management Response

Line of Enquiry:  The Terms and Conditions of the Data Sharing Agreements between Statistics Canada and the Ministry are met.

Control Environment for the Management of the DSAs

Roles and responsibilities are formally defined, communicated and practiced. Effective segregation of duties exist to manage Statistics Canada confidential information and contractual agreements both at Statistics Canada and at the Ministry. A Delegation of Authority matrix at the Ministry specifies the level of authority required to share data with third parties. The Ministry includes an audit clause in all agreements where identifiable information is shared. The Ministry is planning to start "process" audits in 2012 to assess compliance to the requirements prescribed in the agreements.

Clear delegated authorities, delineation of responsibilities and lines of communication to support effective management of the Terms and Conditions (T&Cs) of the DSAs should exist to ensure efficient and effective operations. Monitoring of operational performance should exist to detect errors or potential errors which would otherwise increase operational risk.

Authority
Statistics Canada exercises its mandate to enter into statistical data-sharing agreements (DSAs) with other organizations under the authority of sections 11 and 12 of the Statistics Act.

The Ministry exercises its mandate to enter into contractual agreements for Statistics Canada health survey data files with third party recipients included in Statistics Canada DSAs with the Ministry (i.e. 36 Ontario Public Health Units (PHUs); 14 Ontario Local Health Integration Networks (LHINs); the Ontario Institute of Clinical and Evaluative Sciences (ICES), Cancer Care Ontario (CCO); and independent researchers at a recognized provincial or university research Institute/organization (RI/O)) under the authority of sections 29, 39 and 45 of the Ontario Personal Health Information Protection Act (PHIPA).

Roles and Responsibilities and Segregation of Duties
The audit determined that roles and responsibilities are formally defined, communicated, and practiced. Effective segregation of duties exist to manage Statistics Canada confidential information and contractual agreements both at Statistics Canada and at the Ministry.

At Statistics Canada, three divisions have functional responsibility for the administration and management of the DSAs.

  • The Information Management Division (IMD), (formerly named Data Access and Control Services Division (DACS), in consultation with Legal Services Division, negotiate and draft the DSAs to ensure the T&Cs cover and comply with the required provisions under section 12 of the Statistics Act and section 18.1 and 45 of the Ontario PHIPA.
  • Client Services, HSD acts as a liaison between the Ministry and Statistics Canada preparing the health survey data files for transmission to the Ministry and
  • Collection Systems and Infrastructure Division (CSID) oversee the electronic file transfer (e-FT) process to securely transfer encrypted data from Statistic Canada to the Ministry.

At the Ministry, three branches in the Health System Information Management Investment Division of the Ministry have functional responsibility for the administration and management of Statistics Canada health survey data information.

  • The Information Management Strategy and Policy Branch (IMSPB) in consultation with the Legal Services Branch negotiate, draft and manage all contractual agreements between the Ministry and third party recipients.
  • The Health Analytics Branch (HAB) is responsible for receiving all Statistics Canada's health survey data files; analyzing the data files and providing front line customer service support to the PHUs, LHINs and CCO.
  • The Health Data Branch (HDB) is responsible for preparing all the data files for transmission to third parties and providing front line customer service support to ICES and independent researchers at the RI/O.

Delegation of Authority
The Ministry has a Delegation of Authority matrix dated September 2010. The Assistant Deputy Minister (ADM) has to approve all third party agreements with access to identifiable information and Directors approve access to unidentifiable information. The audit randomly selected and reviewed 13 out of 36 agreements with PHUs (36%) and five out of 14 agreements with LHINs (36%) and each of the agreement with ICES and CCO and noted that all of the agreements were approved by the ADM, Health System Information Management Investment Division and respected the Delegation of Authority.

Contractual Agreements
Each type of agreement allows for the sharing of anonymised or synonymised data. Anonymised data means that all identifiable components are removed. Synonymised data means that all identifiable components are encrypted before sharing. Two senior advisors in IMSPB manage all the contractual agreements between the Ministry and third party recipients. One is responsible for the PHUs, LHINs, ICES and CCO and the second is responsible for independent researchers at a RI/O.

The following agreements are in place between the Ministry and third party recipients for Statistics Canada health survey data files:

  1. Data Privacy Agreement for a Prescribed Entity (PE). There is an agreement with ICES covering the CCHS and the NPHS data and an agreement with CCO covering the CCHS data as per Statistics Canada DSAs with the Ministry. The PE must have in place practices and procedures approved by the Information and Privacy Commissioner of Ontario (IPC) to protect the privacy of individuals whose personal health information is received, and to maintain the confidentiality of that information.
  2. Data Sharing Agreements. There is a Data Sharing Agreement in place with each of the 36 PHUs in Ontario covering the CCHS data as per Statistics Canada DSAs with the Ministry.
  3. Anonymous Information Agreement. There is an Anonymous Information Agreement in place with each of the 14 LHINs in Ontario covering the CCHS data as per Statistics Canada DSAs with the Ministry.

Third party recipient agreements were reviewed for compliance to the T&Cs in Statistics Canada DSAs, with a focus on the management of confidentiality and security (physical access, IT storage and transmission, physical storage and information copying and retention and record management) by randomly selecting 13 of the 36 agreements with PHUs (36%), five of the 14 agreements with LHINs (36%), and each of the agreement with ICES and CCO.

The audit noted the Ministry's agreements with PHUs, LHINs, ICES and CCO are compliant with the T&Cs in Statistics Canada DSAs, with regards to the management of confidentiality and security.

Clear delegated authorities, delineation of responsibilities and lines of communication to support effective management of the T&Cs of the DSAs are in place, complied to, and ensure efficient and effective operations.

Monitoring
Monitoring is prescribed by Statistics Canada in two audit clauses included in the DSAs. The clauses are: "the right to review, at any time and at its own expense, compliance by the Ministry with the terms set out in this Agreement, by means of a program review or audit" and instructing the Ministry to audit the third parties "upon the reasonable request of Statistics Canada".

The Ministry includes an audit clause in all agreements where identifiable information is shared. The Ministry is planning to start "process" audits in 2012. A process document including templates for letters, checklists, audit questionnaires, etc. on conducting a "process" audit has been developed. Although "process" audits have not effectively started, the Ministry demonstrated the implementation of compensating controls such as providing training to its employees and third parties on security requirements; communicating a reminder about security requirements before transmitting a data file; obtaining the required written consent from Statistics Canada, prior to signing agreements with researchers at RI/Os; and maintaining ongoing collaboration with its stakeholders.

The Ministry is subject to oversight by the Information and Privacy Commissioner of Ontario (IPC) who has the jurisdiction to issue a binding Order of Power on receipt of a formal complaint with respect to personal information held by government and all health care practitioners and organizations. The binding Order of Power mandates compliance to the PHIPA.

Statistics Canada's DSAs with the Ministry have a provision outlining the requirements should unauthorized access occur. No incidences of unauthorized access have been reported to Statistics Canada by the Ministry. There is a similar provision in the Ministry's contractual agreements and the Ministry has documentation describing the process to follow in case of a breach and identifies roles and responsibilities of key stakeholders. No incidences of unauthorized access have been reported to the Ministry by third parties.

Practices and Procedures for Protecting and Safeguarding Statistics Canada Confidential Information

Formal practices and procedures are in place to ensure that management identifies and responds to risks for protecting and safeguarding Statistics Canada confidential information.

The existence of formal practices and procedures for managing risks related to unauthorized use of, disclosure, loss or theft of data by the Ministry would ensure that management identifies and responds to risks for protecting and safeguarding Statistics Canada confidential information.

Data Management
At the program level, HSD at Statistics Canada is responsible for the secure transfer of the health survey data files to only one authorized contact at the Ministry. Client Services, HSD prepares and password protects the data files for transmission through e-FT by CSID. On acknowledgment of receipt of the data file by the authorized contact, Client Services, HSD forwards the password either by email or fax. A control log is maintained, listing the organization, contact name, data files, and date sent and received by the Ministry, and the password.

At the Ministry, the data files are received and stored in a 'Restricted' directory on a designated server with limited access to authorized employees. Data files are then stored in a 'Shared' directory on the designated server for use by authorized employees. Access to the directory and related folders and files containing Statistics Canada data can only be granted by the authorized contact receiving Statistics Canada data files and has to be approved by HAB and by Information Technology (IT) Cluster branch.

Preparation and distribution of the data files to third party recipients is organized and carried out by two branches at the Ministry. HAB prepares and distributes to PHUs, LHINs, ICES and CCO and HDB prepares and distributes to researchers at RI/O.

Data files are transmitted to third party recipients on Computer Disks (CDs). CDs are only sent after confirming the contact at the third parties. Only on receipt of this confirmation is the CD couriered to them. Password is forwarded separately either by fax or email on confirmation of receipt of the CD. A control log is maintained, and includes the contact name, CD dispatch and receipt date, and password sent date and email acknowledgement date. Information sent back to the Ministry by third parties has to be encrypted, zipped, and transmitted on a CD.

Information Management
Independent researchers in a RI/O are required to complete an application form outlining their research project, its purpose and the data requirements from the Ministry. Each application must be accompanied with an approval seal of the university's Research Ethics Board (REB). Each application is subject to rigorous data analysis to ensure that only information meeting the objective of the program or the research project is released, and only information for an authorized project under the Ministry's mandate is released. Access to data for these applicants is usually limited to three years. The audit noted that currently, there are no contractual agreements in place with independent researchers at RI/Os in Ontario.

Contractual agreements with PHUs, LHINs were renewed on an annual basis until last year. The new agreements signed in 2010 do not have an expiration date to minimize administrative burden. Reliance is now being placed on developing strong lines of communication and relationships at the operational level to protect and safeguard confidential information.

The audit tested the 2010 CCHS Ontario respondent files distributed to PHUs, LHINs, ICES and CCO for compliance to the T&Cs in Statistics Canada DSAs. The audit tests revealed:

  • The personal variable for respondents' day of birth and geographic identifiers for small areas contained in the data file prepared for distribution to LHINs, were removed to ensure that respondents cannot be identified and the column listing the health numbers was encrypted with a unique sequential identifier.
  • The data file prepared for distribution to PHUs also contained the unique sequential identifier, encrypting the health number. PHUs can access the data without any links to any names, addresses, telephone numbers and health numbers.
  • The data file prepared for CCO did not contain personal identifiers since an evaluation conducted by the Ministry on CCO's requirements revealed no requirement for them.
  • The linkage file with identifiers (health card numbers) is only sent to ICES.

The audit concluded that the 2010 CCHS Ontario respondent files distributed to PHUs, LHINs, ICES and CCO were compliant with the T&Cs in Statistics Canada DSAs.

Formal practices and procedures for managing risks related to unauthorized use of, disclosure, loss or theft of data are in place to ensure that management identifies and responds to risks for protecting and safeguarding Statistics Canada confidential information.

Data Stewardship

Effective controls for physical access to the Ministry's premises and physical storage are in place. Logical access controls and effective practices compliant with the Ministry's policy on identification and authentication safeguards are in place and working as intended. Assessment of electronic access privileges of Statistics Canada data files at the Ministry revealed that opportunities exist to strengthen access controls to employees on a "need-to-know" basis, and ongoing monitoring is performed by the Ministry to ensure access privileges to Statistics Canada data files are up to date and granted to authorized employees only.

Information provided to the Ministry is designated as 'Protected B' information as defined in the federal Policy on Government Security. The Ministry is required to ensure that the control and protection of the information, either physically or electronically, is carried out in a manner that protects against loss, theft, compromise or improper disclosure. Access should only be given to employees who have a "need-to-know" as part of their duties.

Physical Access to the Ministry's Premises and Physical Storage
A physical inspection was conducted of two Ministry sites during the examination phase of the audit. The audit noted that office space is secured by locked doors. There is a card reader outside each set of doors with access only to authorized personnel with personal ID access cards. Washrooms are located inside the secured office area and visitors are escorted by an authorized person at all times.

Office space is well secured, with each work station having cabinets with functional locks for storage of confidential information.

Electronic Access of the Data Files
Access to Statistics Canada health survey files is on a "need-to-know" basis only. This is the case for all high-sensitive data that is handled by the Ministry. Currently the Ministry has about 100 data sets which include Statistics Canada data.

Original survey files received from Statistics Canada are stored in a 'Restricted' directory and access is limited to a few analysts in HAB. Data files are copied and stored in a 'Shared' directory on the designated server and access is granted only to authorized employees. A control log listing the names of the drives and their related folders and files and the names of the authorized employees with access is used for tracking access to Statistics Canada health survey data files.

The audit verified that access to the 'Restricted' drive was by the employees listed in the control log. Names of the employees on an IT generated report from the IT Cluster branch were compared with the names of the employees on the control log. All but one of the employees' names matched. Enquiry revealed that supporting documentation existed for the change request but the control log had not been updated to reflect the change.

The audit tested access privileges for both the 'Restricted' directory and the 'Shared' directory for three employees from the IMSPB since it was not listed as a branch with access privileges. The audit noted that the three employees did not have access to the 'Restricted' directory, but they had access to the 'Shared' directory and all the related folders in the directory. However, since neither of them had SAS or SPSS applications on their personal computers, they were not able to open the files.

Identification and Authentication Safeguards, IT Storage and Transmission
The audit tested for logical access controls, login timeout and storage of data files on the personal computers of two employees. Logical access controls and effective practices compliant with the Ministry's policy on identification and authentication safeguards are in place and working as intended. Review of the hard drives on the personal computers of the two employees revealed that no data files were stored on them.

The Ministry's policy does not recommend the storage or transmission of high-sensitivity data by removable media such as CDs and memory keys. Transmission by removable media is permitted on a contingency basis only, and detailed instructions are provided in the policy "Transmitting High-Sensitivity Data by Removable Media". Transmission by email is also not recommended, but if it does occur, then files have to be zipped and password protected. It was pointed out that given the size of the data files, transmission by email would not be possible. Virtual Private Network (VPN) is used to securely encrypt and transfer information over the internet.

Data files are zipped, password protected and then copied on CDs. A new password is employed for CCHS data files and for NPHS data files, each time they are distributed. A new password is created for each new project for an independent researcher at an RI/O. The password is either faxed or emailed to the contact person on acknowledgement of receipt of the CD. Ministry employees are required to store all data files on the designated server and not on their personal computers and cannot take the files out of the office.

Information Retention and Record Management
Overarching responsibility for information retention and record management for the Ministry rests with the Office of the Chief Information Privacy Officer of Ontario. The Ministry for its own purposes has a schedule for record retention for specific data holdings that it creates and is responsible for, e.g. OHIP. It does not have a similar schedule for data that it has received from Statistics Canada and does not have a policy on information retention and record management.

A requirement for information retention is not prescribed in Statistics Canada's DSAs with the Ministry. HSD at Statistics Canada supports the retention of data until "completion of their use".

The Ministry has all of the CDs and all of the original files received from Statistics Canada to be able to refer to them.

Effective controls for physical access to the Ministry's premises and physical storage are in place. Effective management compliant with the Ministry's policy on identification and authentication safeguards are in place and working as intended. However, opportunities exist to strengthen electronic access controls to employees on a "need-to-know" basis, and regular monitoring should be performed by the Ministry to ensure electronic access is only granted to authorized employees.

Recommendations

The Assistant Chief Statistician (ACS) Social, Health and Labour Statistics Field should communicate with the Ministry to ensure the following is implemented:

  • Access to Statistics Canada data files in the 'Shared' directory is restricted to employees on a "need-to-know" basis;
  • Ongoing monitoring of access privileges to Statistics Canada data files in the 'Shared' directory is up to date and granted to authorized employees only.

Management Response

Management agrees with the recommendations.

  • Every six months, the Director, HSD will request that the Ministry provide a report outlining the employees who have access to the shared drive and attest that these employees have a legitimate "need to know" basis for accessing the data.

    Deliverable and Timeline: Report from the Ministry every six months.

Appendix

Appendix A: Audit Criteria
Lines of Enquiry/
Core Controls
Criteria
The Terms and Conditions of the Data Sharing Agreements between Statistics Canada and the Ministry are met, with an emphasis on Confidentiality of Data.
Accountability
  1. Responsibilities are formally defined and clearly communicated.
  2. Authority is formally delegated and delegated authority is aligned with individual's responsibilities. Where applicable, incompatible functions are not combined.
Risk Management
  1. Risks are identified at both the program and regional levels, respectively, and take into consideration the internal and external environments of the RDC Program.
  2. Formal processes and guidelines exist to assess the controls in place to manage the identified risks.
Citizen-Focused
Service
  1. Formal communication mechanisms to support sharing of information; and follow up procedures to ensure input and feedback exist.
  2. Records, data and information are appropriately secured in compliance with privacy legislation.
Stewardship
  1. Access to data is limited to authorized individuals and is appropriately secured in compliance with privacy legislation.
  2. Access is physically restricted.
  3. Procedures to safeguard the shared data upon change of duties of an employee exist and are adhered to.
  4. Procedures exist to protect the use of data from abuse or fraud.
  5. Logical access controls exist to ensure access to systems and data, is restricted to authorized users, e.g., systems require users to logon using unique user name and password.
  6. Authentication and access procedures and mechanisms exist for and are applied in order to keep authentication and access mechanisms effective.
  7. Responsibility for reporting is clear and communicated and is applied accordingly.
  8. Complete, accurate, relevant and timely reports are submitted as required.
  9. The processes are understood and are complied with.
  10. For services delivered by third parties, the Ministry has implemented a program to monitor their activities.
Results and
Performance
  1. Responsibility for monitoring is clear and communicated and results are reported to required authority levels.
  2. Active monitoring is demonstrated.