Standard. Enterprise Architecture Dispensation. 1. Statement. 2. Scope. 3. Dispensation Requests QH-IMP-402-13:2014. 3.1. Approach

Similar documents
NSW Data & Information Custodianship Policy. June 2013 v1.0

Information Integrity & Data Management

Guideline. Enterprise Architecture Guide. 1. Purpose. 2. Scope. 3. Related documents. 4. Enterprise Architecture Guide

Digital Continuity Plan

OFFICIAL. NCC Records Management and Disposal Policy

UNSOLICITED PROPOSALS

Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission

Information Management and Protection Policy

Information Governance Policy

Operations. Group Standard. Business Operations process forms the core of all our business activities

Information Management Advice 39 Developing an Information Asset Register

Department of Infrastructure and Planning: Governance Framework for Infrastructure Delivery Special Purpose Vehicles

Information Management Responsibilities and Accountability GUIDANCE September 2013 Version 1

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers

A. This Directive applies throughout DHS, unless exempted by statutory authority.

Information Management Advice 50 Developing a Records Management policy

POLICY MANAGEMENT FRAMEWORK

Corporate Information Security Policy

NATIONAL GUIDELINES FOR THE ACCREDITATION OF NURSING AND MIDWIFERY PROGRAMS LEADING TO REGISTRATION AND ENDORSEMENT IN AUSTRALIA

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

QUALITY MANAGEMENT SYSTEM MONITORING (TAFE)

Department of the Premier and Cabinet Circular. PC030 Protective Security Policy Framework

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT OVERVIEW

Governance Document Management Framework

Information and records management. Purpose. Scope. Policy

APPLICATIONS WILL NOT BE ACCEPTED BY A THIRD PARTY

Queensland recordkeeping metadata standard and guideline

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

PSPPROC506A Plan to manage a contract

Information Governance Policy

Delegations of Authority - Local Health Districts and Specialty Health Networks

Public Records (Scotland) Act Healthcare Improvement Scotland and Scottish Health Council Assessment Report

Definitions: Policy: Duties and Responsibilities: The Privacy Officer will have the following responsibilities and duties:

Information Governance Policy

Policy (Board Approved)

Guide to the National Safety and Quality Health Service Standards for health service organisation boards

BSB60407 Advanced Diploma of Management

POLICY CONTRACT MANAGEMENT POLICY POLICY STATEMENT

Align Technology. Data Protection Binding Corporate Rules Processor Policy Align Technology, Inc. All rights reserved.

Information Governance Strategy. Version No 2.0

Policy Document RECORDS MANAGEMENT POLICY

RISK MANAGEMENT FRAMEWORK

Electronic Health Record Privacy Policies

Data Protection Policy

Privacy and Cloud Computing for Australian Government Agencies

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

Data Protection Policy

Guideline 1. Cloud Computing Decision Making. Public Record Office Victoria Cloud Computing Policy. Version Number: 1.0. Issue Date: 26/06/2013

FMCF certification checklist (incorporating the detailed procedures) certification period. Updated May 2015

JOB DESCRIPTION POSITION DETAILS REPORTING RELATIONSHIPS SUPERVISOR 1 FUNCTIONS OF THE POSITION 2 ORGANISATIONAL CONTEXT. Chief Financial Officer

Internal Audit (policy & procedure)

RTO Delegations Guidelines

INFORMATION GOVERNANCE POLICY

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

Scope The data management framework must support industry best practice processes and provide as a minimum the following functional capability:

Information Governance Policy

To outline the process for creating and maintaining health and safety documentation for the JCU Health, Safety Management System (HSMS).

NSW Government. Cloud Services Policy and Guidelines

National Institute for Health Research Coordinated System for gaining NHS Permission (NIHR CSP)

Information Security Policy

Second Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013

Nomination, Remuneration and Human Resources Committee Charter

Report to Parliament No. 4 for 2011 Information systems governance and security. Financial and Assurance audit. Enhancing public sector accountability

If a worker has an accepted claim with WorkCover, they may access a range of entitlements including:

Privacy Incident and Breach Management Policy

Human Services Quality Framework. User Guide

UNCLASSIFIED UNCONTROLLED-IF-PRINTED. Public

Information Governance Policy

AUDIT AND RISK MANAGEMENT COMMITTEE CHARTER

Position Description

Department of Defense DIRECTIVE

Insurer audit manual

Customer Feedback Management Policy

IT SECURITY POLICY (ISMS 01)

COLLEGE BOARD: HUMAN RESOURCES COMMITTEE TERMS OF REFERENCE (TOR)

POLICY TOOLKIT2ND TEMPLATE MAP. Template Map. Detailed Map. Quick Reference Map. Introduction and user information.

Information Management: A common approach

Clinical Trials - Insurance and Indemnity

ECM Governance Policies

LOBLAW COMPANIES LIMITED MANDATE OF THE BOARD OF DIRECTORS

CONTRACT MANAGEMENT FRAMEWORK

WEST MIDLANDS POLICE Force Policy Document

Drinking Water Quality Management Plan Review and Audit Guideline

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

Information Security Policy

INFORMATION GOVERNANCE POLICY

Data Governance Policy. Version October 2015

Table of Contents. 1 P a g e

Information Governance and Management Standards for the Health Identifiers Operator in Ireland

Disclosure of pre-existing conditions under the Workers Compensation and Rehabilitation Act 2003

Financial Adviser Regulations Discretionary Investment Management Services and Custody

HEWLETT-PACKARD COMPANY BOARD OF DIRECTORS NOMINATING, GOVERNANCE AND SOCIAL RESPONSIBILITY COMMITTEE CHARTER

Claims Management Policy

Align Technology. Data Protection Binding Corporate Rules Controller Policy Align Technology, Inc. All rights reserved.

Employer commencement as a self-insurer

Transcription:

Enterprise Architecture Standard QH-IMP-402-13:2014 1. Statement This Standard describes the dispensation process (Enterprise Architecture Health Service Directive (HSD) and Enterprise Architecture Policy ) to ensure all areas within the scope of this standard are aware of the evaluation and consideration of dispensation requests within Health Services Information Agency including governance arrangements. 2. Scope Compliance with this standard is mandatory. This standard applies to all employees, contractors and consultants within the Department of Health divisions and commercialised business units. This standard applies to all Hospital and Health Services applications for dispensations from the Enterprise Architecture Health Service Directive. 3. Requests 3.1. Approach 3.1.1. types This standard outlines the steps to seek dispensations for the following separate categories: 1. Enterprise Architecture HSD Hospital and Health Services requesting a dispensation from the mandatory requirements of the Enterprise Architecture Health Service Directive 2. Enterprise Architecture Policy Department of Health requesting a dispensation from the mandatory requirements of the Enterprise Architecture Policy. 3.1.2. Health Services Information Agency responsibilities To manage dispensations, Health Services Information Agency (HSIA) shall allocate responsibility to: appropriate governing bodies to oversee dispensations The Coordinator to: - maintain dispensation registers and regularly report dispensation register metrics to the appropriate governing bodies - process dispensation application requests - monitor approved dispensation conditions including reporting requirements. 3.1.3. Indicative timeframes The following timeframes are an estimate of the timeframe for accessing a dispensation request. Actual times will depend on the complexity of the request. Urgent requests can be processed accordingly and reviewed out of session if necessary. Action Registration Assessment Governance Review Notification Timeframe Within 1 working day Within 5 working days Within 14 working days per governing body Within 1 working day post governance review

3.2. Requesting a dispensation from the Enterprise Architecture Health Service Directive 3.2.1. High Level Process Flow As per the Enterprise Architecture Health Service Directive, Hospital and Health Services shall seek formal dispensation from compliance with the mandated ICT applications, technologies and services. 3.2.2. requirement To determine the dispensation requirement the Hospital and Health Service (HHS) shall: discuss the dispensation requirement with the HSIA Business Relationship Manager for the HHS if a request is required, complete a HSD Business Case detailing the dispensation requirement have the business case appropriately approved by internal HHS governance submit the request to the Chief Health Information Officer, Department of Health through formal correspondence. Note: The elements of the Business Case that are required for assessment are outlined in the Definitions table. 3.2.3. Register request The submitted HSD Business Case request shall be recorded into the Enterprise Architecture Register and allocated a unique reference identifier. 3.2.4. Assess requirement Each request shall be assessed by the appropriate subject matter experts, in consultation with the HHS, and other stakeholders (including Information Security Unit, and Commercial and Business Services). This assessment shall include an evaluation of the impact of the request on Queensland Health from a supportability, maintainability and fiduciary perspective. Any issues or risks that arise during evaluation shall be negotiated with the submitting Hospital and Health Service. At the completion of the assessment, the assessor will provide a written recommendation to the relevant governing bodies for consideration. The recommendation/s shall include any outstanding issues and risks together with conditions on granting the dispensation. 3.2.5. Governance review Each HSD Business Case request and recommendations shall be submitted to, and considered by the Architecture and Standards Board. 3.2.6. Record result The outcome of the governance review shall be recorded in the minutes of the Architecture and Standards Board and notified to the respective Coordinator to record in the Enterprise Architecture Register. 3.2.7. Notify submitter The Coordinator shall notify the outcome of the dispensation request to the submitter via formal correspondence from the Chief Health Information Officer including the approval conditions, compliance and reporting requirements. 3.2.8. Review/report Approved HSD dispensation requests shall include a date of review, at which time the dispensation and its conditions shall be re-assessed by Health Service Information Agency with the result of the assessment being provided to the Architecture and Standards Board and communicated to the Coordinator. Version: 1.2 Page 2 of 7

The submitter shall report to the Chief Health Information Officer against agreed conditions outlined in the dispensation by the due date/s. The Coordinator shall regularly report dispensation register metrics to the Architecture and Standards Board. 3.2.9. Appeals Any appeals to recommendations and endorsements will be referred to the appropriate Architecture and Standards Board. 3.3. Requesting a dispensation from the Department of Health Enterprise Architecture Policy 3.3.1. High Level Process Flow The Enterprise Architecture Framework Standard refers to establishing a formalised dispensation process to enable business areas to seek dispensation from the mandated applications, technologies and services identified in the Department of Health Enterprise Architecture Policy documents. 3.3.2. Identify and document dispensation requirement To determine the dispensation requirement the submitter shall: discuss the dispensation requirement with the use the HSIA Enterprise Architecture Request Template to document: - specific standard, protocol, procedure or position - reason for requesting dispensation - impact on supportability of the ICT environment in granting the dispensation including significant issues and risks - financial impact of granting the dispensation including costs and benefits including significant issues and risks - impact of not granting the dispensation including costs and benefits including significant issues and risks - an agreed timeframe to achieve compliance, if required submit the request to the. 3.3.3. Register request The submitted HSIA Enterprise Architecture Policy Request shall be recorded on the HSIA Enterprise Architecture Register and allocated a unique reference identifier. 3.3.4. Assess requirement Each Enterprise Architecture Policy Request shall be assessed by the appropriate subject matter expert and other stakeholders (including Strategy and Architecture) in consultation with the submitter as necessary. This assessment will include an evaluation and risk assessment of the impact of the request on Queensland Health from a supportability, maintainability and fiduciary perspective. The lead Enterprise Architect will liaise with the submitter to discuss any issues or risks that arise during evaluation together with required actions and timeframes. At the completion of the assessment, the will provide a written recommendation to the Architecture and Standards Board. The recommendation/s shall include any outstanding issues and risks together with conditions on granting the dispensation. 3.3.5. Governance review Each Enterprise Architecture Policy Request and recommendation shall be submitted to, and considered by the Architecture and Standards Board. 3.3.6. Record result Version: 1.2 Page 3 of 7

The outcome of the governance review shall be recorded in the minutes of the Architecture and Standards Board and notified to the Coordinator to record in the Enterprise Architecture Policy Register. 3.3.7. Notify submitter The Coordinator shall notify the outcome of the dispensation request to the submitter via formal correspondence from the Chief Health Information Officer including the approval conditions, compliance and reporting requirements. 3.3.8. Review/report Approved Enterprise Architecture Policy dispensation requests shall include a date of review, at which time the dispensation and its conditions shall be re-assessed by Health Service Information Agency with the result of the assessment being provided to the Architecture and Standards Board and communicated to the Coordinator. The submitter shall report to the Chief Health Information Officer through governing bodies against agreed conditions outlined in the dispensation by the due date/s. The Coordinator shall regularly report Enterprise Architecture Register metrics to the Architecture and Standards Board. 3.3.9. Appeals Any appeals to recommendations and endorsements will be referred to the Architecture and Standards Board. 4. Related legislation and documents Legislation Copyright Act 1968 (Cth) Electronic Transactions Act 2001 Evidence Act 1977 Financial Accountability Act 2009 Financial Accountability Regulation 2009 Financial and Performance Management Standard 2009 Healthcare Identifiers Act 2010 Hospital and Health Boards Act 2011 Information Privacy Act 2009 Personally Controlled Electronic Health Records Act 2012 Public Health Act 2005 Public Interest Disclosure Act 2010 Public Records Act 2002 Public Service Act 2008 Right to Information Act 2009 Supporting documents Enterprise Architecture Framework Standard Enterprise Business Architecture Standard Enterprise Information Architecture Standard Enterprise Applications Architecture Standard Enterprise Technology Architecture Standard Information Security Standard Information System Sustainability Standard Interoperability Architecture Standard Service Oriented Architecture Standard Version: 1.2 Page 4 of 7

Systems Integration Standard Enterprise Architecture Development Method Standard Integration Patterns Standard Enterprise Architecture Guide Forms and templates Enterprise Architecture Register Enterprise Architecture Policy Request Template Related documents Queensland Government - A Plan - Better Services for Queenslanders: Queensland Government Response to the Independent Commission of Audit Final Report (April 2013) - Health Sector (Clinical Records) Retention and Disposal Schedule - ICT Strategy 2013 2017 and Action Plan - Queensland Treasury Information Sheet 3.3 Information and Communication Technology (ICT) Queensland Government Enterprise Architecture (QGEA), Department of Science, Information Technology, Innovation and the Arts (DSITIA): - Applicability and authority of the QGEA Guideline - Information Architecture Supporting Classification Definitions White Paper - QGEA Alignment Policy - QGEA Foundation Principles - ICT-as-a-service Policy - ICT-as-a-service offshore data storage and processing Policy - ICT Cabling Infrastructure Policy - Integration Policy - Queensland Government Application Classification Framework - Queensland Government Application Portfolio Framework Detail - Queensland Government Business Process Classification Framework - Queensland Government Enterprise Architecture Framework 2.0 (QGEA) - Queensland Government Information Classification Framework - Queensland Government Information Principles - Queensland Government Information Security Classification Framework - Queensland Government Information Security Policy Framework - Queensland Government Technology Classification Framework - Queensland Government ICT Strategy 2013-17 - Software Currency Policy - Use of ICT facilities and devices policy (IS38) - What is Information Architecture White Paper Queensland Health - Deloitte: Review of Health Services Information Agency - ehealth Strategy 2006 - Queensland Health ICT Governance Framework Department of Health - ICT Strategic Plan 2012-2016 - Assignment of Unique Record Numbers Policy Version: 1.2 Page 5 of 7

- Clinical Records Management Policy - Data Management Policy - Information Security Policy - Intellectual Property Policy - Issue of Information and Statistics HR Policy E6 - Records Management for Administrative and Functional Records Policy - Research Management Policy - Strategic Plan 2012 2016 (2013 Update) - Use of ICT Services Policy 5. Definition of terms used in this standard Term Definition / Explanation / Details Source Contestability Coordinator register Enterprise Architecture Testing the standards and costs of delivering services within government with other providers, including the private sector to ensure the government is obtaining best value for money. Seeking an exemption from the mandatory conditions of the relevant authority instrument. Responsible officer appointed within HSIA to coordinate the receipt, evaluation, submission to governing bodies, notification, monitoring and follow up of applications for dispensations. The following information shall be recorded in the dispensation register for each request: Unique reference identifier short title Short description Requesting person, role, contact details, location Request approver/location details Submission date Which authority instrument (policy or HSD) Specific application, technology or service under request recommendation (Endorsed/Endorsed with Conditions/Declined) Conditions imposed (optional to duplicate from recommendation) Review date Compliance date Architecture and Standards Board (Endorsed/Endorsed with Conditions/Declined) Submitter notified Responsible action officer Action/s due date Status The practice of applying a comprehensive and rigorous method for describing a current and future structure and behaviour for an organisation's processes, information, applications, technology and human resources, so that they align with the organisation's strategic direction. Queensland Government ICT strategy 2013 17 Queensland Government Chief Information Office Glossary Version: 1.2 Page 6 of 7

Term Definition / Explanation / Details Source Enterprise ICT Services Governing Bodies Health Service Directive HSD Business Case Interoperability ICT services or projects that are managed and/or delivered by Health Services Information Agency that are intended for use by any or all of the Department s Divisions and Hospital and Health Services. For the purposes of this standard the meaning of governing bodies includes the Department of Health committees that have responsibility for oversight of Enterprise Architecture and/or Enterprise ICT Services within their Terms of Reference. Section 47 of the Hospital and Health Boards Act 2011 authorises the Chief Executive of the Department of Health to issue Health Service Directives to Hospital and Health Services. Health Service Directives may be issued for the purposes of: Promoting service coordination and integration Optimising effective and efficient use of resources Setting standards and policies for safe and high quality service delivery Ensuring consistent approaches to service delivery Supporting the application of State policies, legislation and agreements entered into by the State. Health Service Directives are brief and focussed on specific requirements of, or outcomes to be achieved by, Hospital and Health Services. The HSD Business Case application shall contain/consider the following elements: Business requirements, benefits and impacts (high level options analysis) Financial/cost: initial investment, ongoing costs, financial impact on Queensland Health for diverting from a mandated application, technology or service Contestability Operational requirements and resources Interoperability Information sharing Information security Issues, risks and dependencies. The ability for a system to securely communicate and exchange data in an accurate, reliable, and meaningful way with another information system so that the clinical or operational purpose and meaning of the data are preserved and unaltered. Queensland Health ICT Governance Framework Queensland Health online Department of Health Interoperability Protocol Version Control Version Date Comments 1.0 05 Nov. 2014 New procedure. 1.1 13 Nov. 2014 Minor editorial amendments. 1.2 10 Jun. 2015 Transferred information to new template as a standard. Version: 1.2 Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information