Yes, CognisantMD has completed or participated in the following privacy/security audits for Ocean:
- Assessment by St. Michael's Hospital (July 2013)
- Assessment by Sunnybrook Health Sciences Centre (April 2014)
- Threat Risk Assessment (TRA) by MNP (May 2016; summary available by request).
- Privacy/Security Assessment by TELUS (Sept 2016)
- Privacy/Security Assessment by Shoppers Drug Mart (April 2018)
- CognisantMD Privacy Impact Assessment (PIA), audited by MNP (June 2018; see attached)
- Threat Risk Assessment (TRA) by MNP, revised to incorporate Cloud Connect (October 2018; see attached*).
Note that this is not an exhaustive list; other healthcare organizations have done assessments in which we have either not been be directly involved or have been asked not to disclose.
* - As per industry best practice, we do not publish or send full TRA documents electronically. The TRA documents published here are summaries prepared by MNP expressly designed to provide sufficient information to stakeholders without disclosing specific recommendations. Stakeholders who have a legitimate need to review the full TRA document may do so on site in our Toronto office after signing a non-disclosure agreement.