Optional Workshops: April 17th, 2007

Morning Workshops 9:00am – 12:00pm

Workshop A
Who's Responsible? - Governance and the EHR

Who gets access to the EHR? What do they get access to? Who will make these decisions? These are just a few of the questions that people ask as the EHR initiative moves forward. They are questions related to overall governance of the EHR.

This workshop will explore two aspects of governance in the EHR, information governance and operational governance. It will provide participants with an inventory of information governance topics and a description of operational governance elements that need to be considered as EHR developments begin to take shape. It will provide participants with the opportunity to discuss their experiences, to debate ideas and to explore strategies for moving governance discussions forward and for establishing mechanisms to address EHR governance issues.

Infoway recently released a White Paper on Information Governance. The workshop will draw heavily from that work as well as from the work done during development of the Privacy and Security Conceptual Architecure.

Your Workshop Facilitators:

Joan Roch, is the Chief Privacy Strategist at Canada Health Infoway with responsibility for ensuring that privacy issues are being addressed by Infoway in its overall support electronic health record developments. Joan has over 30 years experience in program policy and information management and for the last 10 years has focused on health information and privacy. Her work has included managing and re-engineering social programs, program and policy development, and information systems development, in the social service and health information sectors. Prior to joining Canada Health Infoway, Joan was an independent privacy consultant and previously was the first Chief Privacy Officer for the Canadian Institute for Health Information.

Stanley Ratajczak, Director Privacy and Security, is responsible for the development, adoption, promotion and evolution of Infoway’s privacy and IT security architecture. He also leads a team if IT Security and Privacy experts in assisting jurisdictions in the development of interoperable privacy and IT security solutions within Infoway funded projects. Mr. Ratajczak has over 25 years of IT security experience, in the financial industry sector. Prior to joining the corporation, he was the Senior IT Security Architect for the National Bank of Canada. In this role, Mr. Ratajczak was responsible for performing threat risk assessments, IT security audits and the design of IT security and privacy architectures for e-commerce, digital cash and e-banking solutions, including corporate PKI and smart card systems.

Workshop B
How to be a FOIP/ LAFOIP Coordinator

This is a beginner level workshop focusing on organizational considerations for establishing and maintaining an access and privacy program in a government institution or local authority. This will be of most interest to those who are new to the area and are struggling to know where to begin, where to turn for help, etc.

Your Workshop Facilitator:
Duane Mombourquette is Executive Director of the Access and Privacy Branch of Saskatchewan Justice. In this role he provides advice and leadership on access and privacy issues, develops and delivers training to public sector employees and develops tools for the public sector to use in their access and privacy work. Previously, Duane was with Saskatchewan Health, first as a policy analyst and later as Director of Strategic Planning and Information Policy. Prior to that, Duane spent almost ten years as an archivist with the Saskatchewan Archives Board.

Afternoon Workshops 1:00pm – 4:00pm

Workshop C
Conducting Privacy Impact Assessments (PIAs)

This workshop will provide you with an overview of the PIA process and will provide participants with hands-on experience in conducting a PIA. The objectives of this workshop are to:

  • Understand the PIA process
  • Identify when PIAs are required
  • Identify who should be involved in the PIA process and discuss strategies for gaining and maintaining organizational support for your PIA program
  • Conduct a personal information flow analysis and chart the workflow
  • Conduct a privacy risk analysis
  • Choose a risk mitigation plan
  • Chart next steps

The workshop will follow an interactive, non-legal approach to demystifying the PIA process. Privacy Impact Assessments are required by policy for public sector organizations in several jurisdictions. The PIA is fast becoming a best-practice tool for both the public and private sector in assessing risks to personal information management. Join us for a great session that will empower you to implement a PIA policy in your organization.

Your Workshop Facilitator:
Rick Klumpenhouer, Manager Consulting Services, Cenera. Rick has over 20 years experience in various aspects of information management, archives, and privacy. He holds a Masters degree in history from the University of Western Ontario and a Masters in Archival Studies from the University of British Columbia. He was Executive Director of the Legal Archives Society of Alberta from its founding in 1990 to 1997. He was Coordinator, Records Management later Information Management and Privacy at the Calgary Health Region between 1997 and 2002, when he joined Denham and Associates as a privacy consultant. He has been with Cenera since September 2003.

Rick has a wide range of experience in developing, supporting and implementing archives, records management and privacy programs in all levels of government and the private sector, and has particular expertise in health care sector privacy. He has completed or participated in consulting and research projects for major oil and gas companies, federal government departments, universities, health care providers, schools, and non-profit agencies from the Yukon to Sweden has presented widely on the topics of privacy, security and information management. Rick is especially committed to developing privacy and security tools and programs that integrate with organizational information management systems based on a functional model.

Workshop D
In the Door, Out the Door: The A to Z's of responding to an access request

This workshop will focus on the basic procedures used to process an access request - everything from creating a log to track progress, to developing a cost estimate, to severing the records, to seeking the appropriate approvals before the records are disclosed. This workshop will be beneficial to anyone new to the world of processing access requests, but may also be a helpful refresher for the experienced coordinator.

Your Workshop Facilitator:
Sherri Fowler has worked for the Saskatchewan Government since 1995. From 2000 to Spring 2006, she served as the Freedom of Information and Records Management Co-ordinator for Saskatchewan Justice and several boards and commissions, which Justice supports administratively. Sherri added the newly formed Department of Corrections and Public Safety to her portfolio in 2001. During this time, Sherri processed hundreds of Freedom of Information Requests and trained departmental staff on their access and privacy obligations.

Sherri joined the Access and Privacy Branch a year ago and has been enjoying providing access and privacy advice, developing training and awareness and working on various other projects to raise awareness of access and privacy within the public sector in Saskatchewan.