Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Transcription

1 Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance plicy prvides directin and establishes requirements fr managing Fraser Health Authrity s ( FHA r Fraser Health ) infrmatin and data assets acrss the entire infrmatin and data lifecycle frm cllectin, strage, usage and prcessing, thrugh t dispsal and archival. The specific bjectives f this plicy are t: Prmte identificatin, wnership and effective management f FHA s infrmatin and data assets; and Establish FHA s mandate and expectatins with respect t maintaining the quality, integrity, availability and reliability f FHA s infrmatin and data assets. This plicy shuld be read in cnjunctin with Fraser Health s Infrmatin Security plicy, and Access Cntrl plicy and supprting infrmatin security and privacy plicies, standards, prcedures and guidelines. SCOPE This plicy applies t all infrmatin and data assets, including bth structured and unstructured data wned, managed r administered by Fraser Health r administered by a third party n behalf f Fraser Health. This plicy applies t all Fraser Health staff (including full-time, part-time, and temprary staff), physicians, students, vlunteers, business and health-care delivery partners, cnsultants, cntractrs, service prviders, and guest users, wh have been authrized t have access t Fraser Health infrmatin and data assets. Fr the purpses f this plicy, such individuals are cllectively referred t as staff unless therwise specified. POLICY DATA COLLECTION AND OWNERSHIP Fraser Health r Fraser Health s Service Prvider(s) develps and maintains an inventry f all infrmatin and data assets.

2 Page 2 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED Data Steward, Infrmatin wners and custdians are designated fr all infrmatin and data assets. Data Stewards in cllabratin with Owners have the authrity t create and maintain an Infrmatin Classificatin standard. Data wners assign an infrmatin classificatin fr all infrmatin and data assets in accrdance with Fraser Health s Infrmatin Classificatin standard. Data custdians implements prcedures fr secure infrmatin handling, including infrmatin cllectin, strage, prcessing and dispsal and archival as defined in Fraser Health s standards. DATA STORAGE AND RETENTION Infrmatin wners and infrmatin custdians are respnsible fr day-t-day cntent and quality f data within their designated area f respnsibility. Infrmatin wners and infrmatin custdians are respnsible t meet the backup and retentin standards defined in Fraser Health s plicies and related standards within their designated area f respnsibility. Infrmatin wners and infrmatin custdians are respnsible t meet Fraser Health s Security and Privacy plicies & related standards within their designated area f respnsibility. Infrmatin is destryed nce it is n lnger required by Fraser Health and/r has reached the end f its retentin perid. The destructin r dispsal prcess takes int accunt the sensitivity f the infrmatin being destryed. DATA USAGE Fraser Health and/r FHA s Service Prvider(s) implement mechanisms fr validating the accuracy and apprpriateness f data inputs t infrmatin systems. Infrmatin wners and infrmatin custdians will implement cntrls t validate that the use f stred infrmatin is crrect and apprpriate t the business needs f Fraser Health. Infrmatin wners and infrmatin custdians will implement cntrls t measure and mnitr the quality f the data used in business reprting and applicatins.

3 Page 3 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED DATA TRANSFER AND DISCLOSURE Services that prvide access t data cntained within infrmatin systems are cntrlled by Fraser Health. Infrmatin exchange prcedures and cntrls have been established t prtect the exchange and integrity f infrmatin thrugh its lifecycle. Agreements are established fr exchange f infrmatin and sftware between Fraser Health and external parties. DATA AUDITABILITY Infrmatin wners and custdians will ensure peridic audits are perfrmed fr data assets and audit lgs, such as: inventry f data assets data asset wnership changes acceptable use f data assets data pertaining t access cntrl, access privileges, changes t access cntrl and access privileges and test data Prcesses are established t manage access and privileges fr data under each data wner s area f respnsibility. DEFINITIONS Term Infrmatin/Data Owner Data Custdian Infrmatin/Data Asset Definitin Official with statutry r peratinal authrity fr specified infrmatin and respnsibility fr establishing the cntrls fr its generatin, cllectin, prcessing, disseminatin, and dispsal [NIST SP ]. The individual(s) and department(s) respnsible fr the strage and safeguarding f cmputerized data [Infrmatin Systems Audit and Cntrl Assciatin (ISACA)]. Infrmatin and data assets include all Fraser Health data, infrmatin and intellectual prperty.

4 Page 4 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED PROCEDURE ROLES AND RESPONSIBILITIES Rle Respnsibilities Executive Spnsrs Give high level authrity fr the prcess f setting glbal plicies and standards Data Owner Own data Apprve the strategic directin fr data gvernance Supprt the rganizatin t cmmunicate and prmte the gvernance strategy t build cnsensus Review and apprve business plans t be used by the Gvernance Cuncil and Data Stewards t achieve changes t cmply with the strategic directin Authrize additinal funding where necessary fr data gvernance as part f existing initiatives Agree t supprt future reprting frm certified data The executive spnsrs are an executive r senir management level grup that can prmte and preserve data gvernance acrss all functinal areas and strategic initiatives t supprt adptin thrughut the enterprise Apprve data definitins, calculatins and requirements Accuntable fr cnsistency and quality acrss different types f data Apprve changes t existing data t cmply with standards Review and apprve data standard specificatins and revisins t ensure that any key change t data standard is sufficiently understd and its integrated impact is fully assessed Escalate crss-functin data standardizatin decisins t Executive Spnsrs

5 Page 5 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED Data Owners include all data and attribute wners wh have the pwer t make enterprise-wide decisins n that data. Data Stewards Maintain data and prpse new attribute requirements Respnsible fr quality and availability f data Develp plicies and standards t ensure data is bth acceptable and accurate in the applicable business area Have understanding f verall data prcess flw as well as strng understanding f their specific areas Slicit the requirements/cncerns f all stakehlders, acrss the rganizatin, wh use the data Crdinate effrts with ther subject area Data Owners t emply cnsistent enterprise data management plicies, prcedures, gvernance, tls and methdlgies Data stewards reside in the business rganizatin and wrks directly with the Data Owners and the Data Users. A Chief Data Steward will be designated by the VP, Infrmatics & Transfrmatin Supprt t versee implementatin f the Infrmatin and Data Gvernance Plicy. Data Custdians Dcument current data definitins and identify incnsistencies Cnfigure tls used t maintain referential integrity and mnitr data quality Practively prmte cnsistency f data management gals, plicy, prcedures, tls and techniques Perfrm impact analysis fr changes t existing data surces and infrmatin architecture Implement apprpriate infrmatin security Ensure all system, prcess r data changes affecting their data are ntified t the data management cmmunity

6 Page 6 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED This grup sits in the technlgy rganizatin and applies data gvernance plicies and standards t technical envirnments Data Users Identify issues with data quality and escalating t the apprpriate steward / wner Wrk with data wners t determine and validate prper data usage Cmplies with data gvernance plicies in the usage f the infrmatin Ensures the quality and availability f data fr analysis and reprting meets business requirements This grup resides in the business rganizatin and have direct interactin with the data surces REFERENCES Related Fraser Health plicies: Access Cntrl Cnfidentiality and Security f Persnal Infrmatin Infrmatin Security Managing Privacy Breaches