Re: Policies for Application - IT [PRIVILEGED AND CONFIDENTIAL]

--0000000000000e5eba0636d43be8 Content-Type: multipart/alternative; boundary="0000000000000e5eb90636d43be7" --0000000000000e5eb90636d43be7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hey Terrence I am inputting the answers to the Ontario tenders portal form and I just wanted to clarify something. There is repeated reference to SASS but I am assuming it is a typo and what you meant was SaaS, correct? Best regards, * Timon Page * General Manager, Ontario *Please note my email address has changed:* timon.page@thekey.com Mobile: (437) 223-0841 TheKey.com On Wed, Jun 4, 2025 at 11:32=E2=80=AFAM Terrence Vetter wrote: > Hi Nina, > > Any thoughts on how you want to answer this? > > Tim, > At a high level HIPAA audits include the below: > [image: image.png] > > Thanks , Terrence > > > On Tue, Jun 3, 2025 at 4:07=E2=80=AFPM Timon Page = wrote: > >> I agree. What is the auditing process for HIPAA? >> >> Best regards, >> * Timon Page * >> General Manager, Ontario >> *Please note my email address has changed:* >> timon.page@thekey.com >> Mobile: (437) 223-0841 >> TheKey.com >> >> >> >> On Tue, Jun 3, 2025 at 3:32=E2=80=AFPM Terrence Vetter > terrence.vetter@thekey.com> wrote: >> >>> I have to defer to Nina on this section as these questions are >>> specifically talking about PHIPA and my concern is around Clearcare's >>> logs and the lack of availability of these logs for us to monitor. >>> >>> We cannot audit Clearcare logs and there is no process in place to >>> monitor and track all access to PHI in Clearcare. >>> I am not sure how you would like to answer this? >>> If we answer no on these questions I am afraid of the impact of >>> submitting this questionnaire. >>> >>> >>> Thanks , Terrence >>> >>> >>> On Tue, Jun 3, 2025 at 9:16=E2=80=AFAM Timon Page wrote: >>> >>>> Morning Terrence >>>> >>>> Thanks for this. I have done a deeper dive into section 4: Electronic >>>> Audit Logging as it seems that the document I sent over from Tala Bara= kat >>>> wasn't sufficient enough for you to feel confident on answering the >>>> questions. We do not have an electronic audit process in place at the >>>> office level. If other offices are performing these, I would very much= like >>>> to know the procedure involved. However, as the vast majority of the >>>> applications we use are implemented at a corporate level, with admin a= ccess >>>> restricted, it seems logical that the electronic auditing would be >>>> performed at the corporate level. Is there not IT auditing done to ch= eck >>>> for network vulnerabilities, adherence to local and federal laws, >>>> identify data discrepancies and ensure data integrity? >>>> >>>> Best regards, >>>> * Timon Page * >>>> General Manager, Ontario >>>> *Please note my email address has changed:* >>>> timon.page@thekey.com >>>> Mobile: (437) 223-0841 >>>> TheKey.com >>>> >>>> >>>> >>>> On Mon, Jun 2, 2025 at 5:58=E2=80=AFPM Terrence Vetter >>> terrence.vetter@thekey.com> wrote: >>>> >>>>>