--0000000000006376680636d444f7 Content-Type: multipart/alternative; boundary="0000000000006376660636d444f6" --0000000000006376660636d444f6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I just received an out of office reply from Terrence. Can one of you answer this question please? Best regards, * Timon Page * General Manager, Ontario *Please note my email address has changed:* timon.page@thekey.com Mobile: (437) 223-0841 TheKey.com On Thu, Jun 5, 2025 at 10:49=E2=80=AFAM Timon Page = wrote: > Hey Terrence > > I am inputting the answers to the Ontario tenders portal form and I just > wanted to clarify something. There is repeated reference to SASS but I am > assuming it is a typo and what you meant was SaaS, correct? > > Best regards, > * Timon Page * > General Manager, Ontario > *Please note my email address has changed:* > timon.page@thekey.com > Mobile: (437) 223-0841 > TheKey.com > > > > On Wed, Jun 4, 2025 at 11:32=E2=80=AFAM Terrence Vetter terrence.vetter@thekey.com> wrote: > >> Hi Nina, >> >> Any thoughts on how you want to answer this? >> >> Tim, >> At a high level HIPAA audits include the below: >> [image: image.png] >> >> Thanks , Terrence >> >> >> On Tue, Jun 3, 2025 at 4:07=E2=80=AFPM Timon Page wrote: >> >>> I agree. What is the auditing process for HIPAA? >>> >>> Best regards, >>> * Timon Page * >>> General Manager, Ontario >>> *Please note my email address has changed:* >>> timon.page@thekey.com >>> Mobile: (437) 223-0841 >>> TheKey.com >>> >>> >>> >>> On Tue, Jun 3, 2025 at 3:32=E2=80=AFPM Terrence Vetter >> terrence.vetter@thekey.com> wrote: >>> >>>> I have to defer to Nina on this section as these questions are >>>> specifically talking about PHIPA and my concern is around Clearcare's >>>> logs and the lack of availability of these logs for us to monitor. >>>> >>>> We cannot audit Clearcare logs and there is no process in place to >>>> monitor and track all access to PHI in Clearcare. >>>> I am not sure how you would like to answer this? >>>> If we answer no on these questions I am afraid of the impact of >>>> submitting this questionnaire. >>>> >>>> >>>> Thanks , Terrence >>>> >>>> >>>> On Tue, Jun 3, 2025 at 9:16=E2=80=AFAM Timon Page >>>> wrote: >>>> >>>>> Morning Terrence >>>>> >>>>> Thanks for this. I have done a deeper dive into section 4: Electronic >>>>> Audit Logging as it seems that the document I sent over from Tala Bar= akat >>>>> wasn't sufficient enough for you to feel confident on answering the >>>>> questions. We do not have an electronic audit process in place at the >>>>> office level. If other offices are performing these, I would very muc= h like >>>>> to know the procedure involved. However, as the vast majority of the >>>>> applications we use are implemented at a corporate level, with admin = access >>>>> restricted, it seems logical that the electronic auditing would be >>>>> performed at the corporate level. Is there not IT auditing done to c= heck >>>>> for netwo