Alberta Health IMIT Assessment

Home / Consulting / Healthcare IMIT Assessment / Alberta Health Services

Alberta Health Customization

Our consulting services use consistent, automated, and efficient sub processes. This allows ThreeShield to focus on your unique concerns and needs with a fully customizable -- yet very efficient -- approach.

Alberta Health Information Management and Information Technology (IMIT) vulnerability assessments and compliance reviews are customized to include Government of Alberta and AHS requirements. Examples of such requirements include the following:

  1. 2015-2020 Alberta Health Services Information Management and Information Technology Strategic Plan
  2. Mobile and Internet information access
  3. Social media
  4. AHS focus areas to balancing privacy and security with access and collaboration:
    • Enabling
    • Collaborating
    • Responding
    • Assuring
  5. Access controls and privacy for order sets, care pathways, and clinical documentation
  1. Alberta Health Information Act
  2. Shared EMR Access requirements
    • Access Request Process
    • Least privilege
    • User access termination
    • Alberta HIA (Health Information Act') training
    • Privacy awareness
    • Segregation of duties
    • Authorizations
    • Privacy Awareness
    • Antivirus
    • Password Management
  3. AHS Records Retention Schedule
  4. AHS Records Destruction Procedure
  5. Cloud migrations and security


Assessment Process

Although fully customizable, a typical engagement includes the following:

  1. Initial scope discussion covering:
    • web sites and Internet-facing systems
    • networks, VPNs, and wireless systems
    • servers, workstations, virtual machines, and operating systems
    • established policies, standards, and procedures
    • business impact assessment, disaster recovery, business continuity plans, and backup processes
    • external systems and service providers
    • compliance needs
  2. Signed agreement with permission to perform vulnerability assessments.
  3. Internal and external vulnerability scans
  4. Partially-automated penetration tests
  5. Execution of proprietary configuration extraction scripts.
  6. Compliance assessment for:
    • Alberta Health Information Act (HIA)
    • Alberta EMR, EHR, CCCIS access requirements
    • AHS Records Rention Schedule
    • privacy and personally-identifiable information (PII)
    • Alberta Personal Information Protection Act
    • C-SOX and SOX financial statement controls
    • corporate policies
  7. Server, Active Directory, databases, applications, and cloud service configurations.
  8. Reporting at the level you need: from highly technical, executive risk statements, and customer assurance.


Ready to protect your business?

GET STARTED TODAY

Customers

 
 “

As the Chief Compliance Officer of a payments entity, I have relied on ThreeShield Information Security to provide risk-based solutions that have satisfied regulators and business partners alike. While our Money Services Business is unique in that it supports commerce within virtual worlds and video game environments, the security standards that we have to meet are the same as they would be for any regulated financial institution.

ThreeShield has employed a dynamic, risk-based approach to information security that is specific to our business needs but also provides comfort to our external stakeholders.

I recommend their services.

-Scott Butler, CCO of Tilia Inc.

” 

ThreeShield Information Security has provided customized IT security tools and consulting to organizations of all sizes, including the following:
1-Page  •   Carrier Corporation  •   Computer Sciences Corporation  •   Deloitte  •   Ernst & Young  •   First Gulf Bank  •   Government of Alberta  •   Hamilton Sundstrand Corporation  •   Hurricane Computer Solutions  •   International Aero Engines  •   KPMG  •   Linden Research (Linden Lab)  •   NASA  •   Note-able Music  •   NORESCO  •   Otis Elevator Company  •   Plateau Systems  •   Pratt & Whitney  •   Red Link SA (Argentina)  •   Segurança da Informação e Conformidade  •   Sikorsky Aircraft Corporation  •   Tilia Inc  •   TOOT'n TOTUM  •   Towers Watson  •   United Technologies Corporation  •   Universidade de São Paulo  •   UTC Power  •   Voxiter Technologies Inc., DBA Gretta.com  •   Whitecap Resources Inc