Audit and Compliance Checks
Software organizations and users must sign legal agreements with the Ministry of Health prior to accessing its health information exchange systems. Among other conditions, these agreements give the Ministry of Health consent to audit the software organization and its points of service users. The terms and conditions in those agreements provide remedies the ministry can take in situations where organizations and users are found to be non-compliant with the agreements.
Software Organization Compliance
The Ministry of Health can request the organization to disclose relevant information and inspect the organization's or the subcontractor's place of practice during the onboarding process and after the organization's system is in production. The audits can include, but are not limited to:
- An inspection of any location where the organization or the subcontractors provide services related to the integrated system; and
- Inspection of any relevant information management policies or practices.
During an audit, these would be reviewed to determine compliance with the agreements.
If an organization does not comply with the terms and conditions of the agreements or Conformance Standards:
- The practitioners and their personnel will not be permitted to use the integrated system or access the ministry health information exchange (HIE) systems;
- The software organization will immediately stop all access to, or use of, provincial data; and
- The ministry may revoke all access to the HIE systems made through, or in connection with, the organization's system.
If a user does not comply with the terms and conditions of the agreements or if the ministry determines that the system is being used inappropriately, the ministry may terminate any and all access for the user and their supervised persons to the health information exchange systems.