Re: Policies for Application - IT [PRIVILEGED AND CONFIDENTIAL]

--0000000000002ebd910636d4b00f Content-Type: multipart/alternative; boundary="0000000000002ebd900636d4b00e" --0000000000002ebd900636d4b00e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable My apologies.. You are correct. SaaS is the proper terminology Thanks , Terrence On Thu, Jun 5, 2025 at 10:50=E2=80=AFAM Timon Page = wrote: > Hey Terrence > > I am inputting the answers to the Ontario tenders portal form and I just > wanted to clarify something. There is repeated reference to SASS but I am > assuming it is a typo and what you meant was SaaS, correct? > > Best regards, > * Timon Page * > General Manager, Ontario > *Please note my email address has changed:* > timon.page@thekey.com > Mobile: (437) 223-0841 > TheKey.com > > > > On Wed, Jun 4, 2025 at 11:32=E2=80=AFAM Terrence Vetter terrence.vetter@thekey.com> wrote: > >> Hi Nina, >> >> Any thoughts on how you want to answer this? >> >> Tim, >> At a high level HIPAA audits include the below: >> [image: image.png] >> >> Thanks , Terrence >> >> >> On Tue, Jun 3, 2025 at 4:07=E2=80=AFPM Timon Page wrote: >> >>> I agree. What is the auditing process for HIPAA? >>> >>> Best regards, >>> * Timon Page * >>> General Manager, Ontario >>> *Please note my email address has changed:* >>> timon.page@thekey.com >>> Mobile: (437) 223-0841 >>> TheKey.com >>> >>> >>> >>> On Tue, Jun 3, 2025 at 3:32=E2=80=AFPM Terrence Vetter >> terrence.vetter@thekey.com> wrote: >>> >>>> I have to defer to Nina on this section as these questions are >>>> specifically talking about PHIPA and my concern is around Clearcare's >>>> logs and the lack of availability of these logs for us to monitor. >>>> >>>> We cannot audit Clearcare logs and there is no process in place to >>>> monitor and track all access to PHI in Clearcare. >>>> I am not sure how you would like to answer this? >>>> If we answer no on these questions I am afraid of the impact of >>>> submitting this questionnaire. >>>> >>>> >>>> Thanks , Terrence >>>> >>>> >>>> On Tue, Jun 3, 2025 at 9:16=E2=80=AFAM Timon Page >>>> wrote: >>>> >>>>> Morning Terrence >>>>> >>>>> Thanks for this. I have done a deeper dive into section 4: Electronic >>>>> Audit Logging as it seems that the document I sent over from Tala Bar= akat >>>>> wasn't sufficient enough for you to feel confident on answering the >>>>> questions. We do not have an electronic audit process in place at the >>>>> office level. If other offices are performing these, I would very muc= h like >>>>> to know the procedure involved. However, as the vast majority of the >>>>> applications we use are implemented at a corporate level, with admin = access >>>>> restricted, it seems logical that the electronic auditing would be >>>>> performed at the corporate level. Is there not IT auditing done to c= heck >>>>> for network vulnerabilities, adherence to local and federal laws, >>>>> identify data discrepancies and ensure data integrity? >>>>> >>>>> Best regards, >>>>> * Timon Page * >>>>>