A recent BC Auditor General report ((http://www.bcauditor.com/pubs/2010/report7/paris-system-community-care-services-access-and-security) exposed privacy concerns regard a community based clinical application known as PARIS operated by the Vancouver Coast Health Authority. In my daily examination of RFPs issued by provincial ministries of health, regional health authorities and hospitals I came across an RFP issued by the BC Health Authorities Shared Services Organization on behalf of Provincial Health Services Authority (PHSA) for a “professional assurance services to conduct an internal audit for up to ten (10) clinical application systems” to “ensure that personal health information is protected with the appropriate security and access controls (SACs)”.
According to the RFP, “up to ten (10) applications are / will be selected. The application selection is determined by the Internal Assurance Office (IAO) of the PHSA with the collaboration of the Information Technology and Systems department for the PHSA and VCHA”. The preliminary list of clinical applications includes:
1. Cancer Agency Information System (CAIS)
2. Patient Care Information System (PCIS), including Eclipysis, McKesson, and IDX
7. Mysis / Sunquest
Scope of the audit includes:
- Assurance that the PHSA conforms to leading privacy protection practices
- Recommendations for improvements to ensure PHSA, meets applicable information management standards, and is in alignment with Provincial and industry or other leading practices;
- Assurance of compliance with legislative and other health specific regulations governing the protection and security of personal health information.