NOVA SCOTIA HOUSE OF ASSEMBLY
Wednesday, January 20, 2016
Department of Internal Services
Department of Municipal Affairs
IWK Health Centre
Printed and Published by Nova Scotia Hansard Reporting Services
Public Accounts Committee
Mr. Allan MacMaster, Chairman
Mr. Iain Rankin, Vice-Chairman
Ms. Margaret Miller
Ms. Suzanne Lohnes-Croft
Mr. Brendan Maguire
Mr. Joachim Stroink
Mr. Tim Houston
Hon. Maureen MacDonald
Hon. David Wilson
[Ms. Pam Eyking replaced Ms. Margaret Miller]
Ms. Kim Langille
Legislative Committee Clerk
Mr. Gordon Hebb
Chief Legislative Counsel
Ms. Nicole Arsenault
Assistant Clerk, Office of the Speaker
Department of Internal Services
Mr. Jeff Conrad, Deputy Minister
Ms. Sandra Cascadden, Chief Information Officer/Associate Deputy Minister
Department of Municipal Affairs
Mr. Dan McDougall, Deputy Minister
Mr. Harold Pothier, Fire Marshal
Ms. Anne Partridge, Executive Director, Grants, Programs and Operations
IWK Health Centre
Ms. Tracy Kitch, President and CEO
Ms. Mary-Ann Hiltz, VP, Quality and System Performance
Mr. Marc LeBlanc, Interim Director, IWK Technology Programs and Services
HALIFAX, WEDNESDAY, JANUARY 20, 2016
STANDING COMMITTEE ON PUBLIC ACCOUNTS
Mr. Allan MacMaster
Mr. Iain Rankin
MR. CHAIRMAN: Good morning, I call this meeting to order. Today we have with us the Departments of Municipal Affairs and Internal Services, and the IWK Health Centre. I would ask everyone before we begin to make sure your phones are on silent so that we don’t have interruptions.
We’ll begin with introductions, starting with Mr. Maguire.
[The committee members and witnesses introduced themselves.]
MR. CHAIRMAN: Thank you everyone for being here. Mr. Conrad, I’ll let you begin with some opening comments.
MR. JEFF CONRAD: I’m pleased to have been invited this morning by the committee to address these issues, I’m glad to be here. I’m very pleased to have Sandra with me this morning, she has been very instrumental in much of the work leading into the issues we’ll be discussing this morning.
Every day in our work we face the complexity of the information technology world we find ourselves in and the rapid pace of change that’s going on. I’m pleased to say we’re making progress since the June 2015 Auditor General’s Report. We’ve moved from what was then a 30 per cent implementation completion rate at the time of the report to a 60 per cent completion rate today so I’m pleased with the progress we’re making.
We recognize the importance of the Auditor General Reports and we continue to work towards meeting the recommendations, many of which help us better serve and protect our clients’ IT needs. Implementation of these recommendations in this time of rapid change is an ongoing challenge for us and we’re working to address the recommendations and also merging opportunities and challenges.
One good example of progress on an AG recommendation is the one that we establish a secondary data centre to manage our business continuity requirements and the potential risks associated with having only one physical data centre. Following the Auditor General’s Report, we did some research that demonstrated that for us a cloud-based technology approach for a secondary data centre is an industry best practice that is emerging. By taking this approach, IT services will most cost-effectively and securely recover core services in the event of a disaster of service interruption. We plan to meet this recommendation in an innovative way because we take the security of information and our ability to react very seriously.
I do want to note that Information, Communications and Technology Services has a number of innovative client service delivery improvement initiatives underway - the work that will help us stand up our new shared services model through information technology and management. This is a journey that includes transforming the technical environment that we work in, our client relationship management processes, service delivery and governance. Our efforts will help us respond more quickly to the needs of clients and provide them with quality services that take full advantage of emerging and innovative technology.
The work required to address the Auditor General’s need has been conducted in the context of these changing initiatives and priorities. I’d like to close by thanking my team for all the really hard work they do every day on behalf of clients and Nova Scotians. I welcome questions from the committee.
MR. CHAIRMAN: Thank you. Mr. McDougall.
MR. DAN MCDOUGALL: Thank you, Mr. Chairman, and good morning. Anne Partridge has introduced herself. Anne is the Executive Director of Grants, Programs and Operations at the Department of Municipal Affairs and the Office of the Fire Marshal is part of Anne’s area of responsibility.
Anne joined the department a year ago. She came to us from the Department of Labour and Advanced Education where she had provided leadership on planning and implementation of the Auditor General recommendations, before she joined us at the Department of Municipal Affairs.
We’re fortunate to have Anne to work with us on our executive team. She brings continuity to the file but more than that, she brings enthusiasm, common sense and leadership. In short, Anne gets things done. You will see that our recommendations since June have risen to a 72 per cent completion rate from 44 per cent six short months ago.
Next, Harold Pothier is the fire marshal. Harold has served ably in the position of fire marshal for the past five years, but he has over 40 years’ experience engaged in the fire service. Nova Scotia is truly fortunate to have such a dedicated and passionate champion for public safety. Harold treats the job as a vocation. It’s a pleasure working with him. Plus he’s a Leafs fan.
The Office of the Fire Marshal promotes fire protection, fire prevention, and public safety in Nova Scotia. The Office of the Fire Marshal works with government and municipalities to reduce the loss caused by fire by using education, enforcement, and engineering. The Office of the Fire Marshal is responsible for establishing and interpreting Nova Scotia’s Building Code standards and regulation. Homeowners, architects, engineers, building inspectors, and contractors rely on the Office of the Fire Marshal to ensure that construction and renovations in Nova Scotia meet fire and life safety requirements.
The Office of the Fire Marshal was last before this committee four years ago, and there have been a number of changes in that time, including the move to the Department of Municipal Affairs in April 2014. The fire marshal does not operate in isolation. Our municipalities are critical partners in advancing our fire and building safety agenda. Municipalities oversee and support fire services in their communities. They work collaboratively with the Office of the Fire Marshal in areas like fire education, inspection, and investigation, and are accountable for the enforcement of the Building Code in regulation.
In achieving the Auditor General’s recommendations, we are working actively with all 51 of our municipalities. Through our relationships with these municipal governments, the Union of Nova Scotia Municipalities, and the Association of Municipal Administrators, the Department of Municipal Affairs is well positioned to make improvements in collaboration with these partners. By the end of this year, I believe we will be able to show positive outcomes for all the recommendations.
I’ll conclude by saying that Nova Scotia has a strong fire safety record. In the last three years, the Fire Marshal’s Office has conducted over 3,300 inspections of buildings under their jurisdiction, including 534 schools. In 2014-15, 2,131 fires were reported. That’s a reduction of almost 11 per cent from two years before. The number of fire fatalities and the monetary loss due to fire reported during the same period has also declined.
This is not something any of us should take for granted. Challenges remain, especially for many of our smaller and rural municipalities. I am encouraged by our success in addressing these challenges, and we will continue to work with our municipal partners to make our buildings safer and healthy for all Nova Scotians.
Thank you, and I look forward to our discussions.
MR. CHAIRMAN: Ms. Kitch.
MS. TRACY KITCH: Good morning, Mr. Chairman and members of the standing committee. Thank you so much for the invitation and the opportunity to speak on the status of the recommendations made by the Office of the Auditor General, specific to the security of health information systems audit that was conducted at the IWK Health Centre in 2012.
As introduced earlier, I’m joined this morning by Mary-Ann Hiltz, our vice-president of Quality and System Performance, and by Mark LeBlanc, our interim director of IWK Technology Programs and Services, who have provided very strong leadership on this file. From our perspective, the audit was very valuable for us as a health centre and, I think, for us as a province as we look at IT systems in health care.
At the time of the Auditor General’s audit, the IWK fully supported all of the recommendations made by the Auditor General, and in fact had already started working on many of the recommendations prior to the release of the report. Over the last three years, the IWK has made significant progress on all of the recommendations, and though in the June 2015 release it identifies five of the recommendations as being complete, all of the recommendations are in progress and many are close to completion.
For many, there is a small amount of work remaining, and for some of them, they are shared responsibilities and accountabilities that are shifting as a result of the health care restructuring, and we’re working in collaboration with both the Nova Scotia Health Authority, government, and the Internal Services Department to really think about how we create opportunity to review these recommendations from broader provincial landscape versus site-specific.
This audit was a significant undertaking for our teams, and the information gathered and the recommendations put forward were at the time, and continue to be, very valuable in supporting our efforts to improve both our processes and our controls on protecting personal health information contained in computer systems.
A number of key system improvements have been implemented as a result of the recommendations from the November 2012 audit, and these were quite significant. On the migration of 156 of our 170 servers to the provincial data centre, which represents 96 per cent of our servers - currently only three active clinical systems remain housed at the IWK, and these systems will be migrated to the provincial data centre at the end of the fiscal year. On the establishment of a secondary data centre, which was mentioned earlier - we’re working closely with ISD on the second data centre project to further improve IWK’s disaster recovery systems and processes.
Security patching is now a standard operating procedure performed monthly. There are new monthly procedures that are reviewed, including data sign-in sheets, data centre environment checklists, and data centre pre-approved access lists. We’ve implemented a weekly procedure to disable the user accounts of terminated and dormant employees. Staff and physicians practise downtime procedures the third Wednesday of each month as part of our regularly scheduled downtime procedures. A Sharepoint dashboard has been implemented to track all IT-related projects, managing and monitoring risks through those projects from start to completion. Employees renew their confidentiality agreement annually through the online learning module.
The provincial Personal Health Information Act went into effect in 2013, which strengthened the importance of the protection of personal health information through broad organizational education provided on that. The role of the IWK’s privacy manager has been increased, and we’ve supported and dedicated FTE allocation to that role. We’ve completed an external review of our privacy impact assessment processes and have improved our PIA processes as a result.
We’ve developed an internal privacy best practice committee that is multi-disciplinary and includes patients and families, and staff and physician privacy champions have been identified through the organization. We’ll continue to align our password policies with the NSHA so that we have one standard, agreed-upon approach to this practice. The IWK will be moving to the new provincial service desk software to enhance incident response and problem management processes.
We accept all 25 recommendations. I want to support the Auditor General’s comments in the June 2015 report identifying the attributes of successful implementation of recommendations. Managing IT risks consists of a series of linked actions within and outside the organization. It’s an iterative and ongoing undertaking by our senior management team, and over the past year, in the role of CEO, I’ve ensured that there is reporting to our board on all matters of AG auditing activities. In this case, these recommendations will report through our audit committee and will be part of our enterprise risk management framework going forward with a specific focus on process controls and integrity and reliability of those processes.
As you can see, the health centre is actively working to fulfill our commitment. We take this mandate and this responsibility very seriously to enhance the protection of patient electronic health information, as outlined in the Auditor General’s Report. I look forward to taking questions from the committee, and thank you for your invitation to attend today.
MR. CHAIRMAN: Thank you. We’ll begin with Mr. Houston, of the PC caucus, for 20 minutes.
MR. TIM HOUSTON: Thank you for the introductory comments. As we moved along, we went from a 60 per cent implementation up to 72 per cent - I thought you were going to blow the doors off with something higher up there. But if you were to put a number on it, where would you say you are at the IWK in terms of acting on the recommendations of the AG?
MS. KITCH: That’s an excellent question. We track, through documentation, the progress to good progress to nearly complete to complete. As a percentage, I’ll defer to Mary-Ann to give that answer. (Interruption)
MR. CHAIRMAN: Just for people who haven’t been here before, I do have to recognize you so the microphone comes on. Ms. Hiltz.
MS. MARY-ANN HILTZ: As you know from the report, five are considered complete as per the latest Auditor General’s review. I would say of the remaining 20, we would have 70 per cent of them that are very close to being complete, and the remaining 30 per cent, I would say, would be about halfway. We’ve made tremendous progress, and I’d be happy to elaborate on any of those if you’d like me to.
MR. HOUSTON: I’m sure you’re probably going to get that chance. (Laughter)
In terms of implementing the recommendations, I’m thinking specifically of the IWK, having read the special note. In terms of the barriers to acting on those recommendations, what has been the largest barrier? It would seem like from reading the note that there are so many people and organizations involved. Maybe you can speak to that.
MS. KITCH: From our perspective as we look at the recommendations, I wouldn’t necessarily identify them as barriers. I would suggest that many of them were significant undertakings of both collaboration and time. So the moving of servers, the secondary data centre, the disaster recovery planning - the data centres alone and the number that we moved took up to two years to complete that work. If you look at the three-year timeline, I would suggest that the energy and prioritization was put onto efforts and recommendations that took a significant amount of time. So I wouldn’t suggest it was a barrier.
Then finding and looking at the opportunities certainly that presented themselves through the health care restructuring to look at some of the recommendations from a different lens also led to some delay in the implementation.
MR. HOUSTON: As we sit here today, who is accountable for acting on these recommendations? Is it the IWK? Is it Internal Services? From your perspective, who would you say its job it is to get these done now?
MS. KITCH: From my perspective as CEO, when you are thinking about internal threats to personal information within a health system, the institution continues to assume responsibility and accountability on the recommendations. There are some that, in terms of disaster recovery and certainly data centres and some of the opportunities to look at provincial standards, it would be shared work and shared responsibility to identify those standard operating procedures going forward.
My position would be that we continue to assume responsibility from our health centre perspective on all 25.
MR. HOUSTON: Okay, thank you. Obviously technology can move pretty fast sometimes so I wonder if sometimes we’re just catching up to where things maybe should have been a couple of years ago. I guess we’ll only know in time.
I do have a question; last year there was an announcement about the updates to the medical records system - the one patient/one record. Is that something you’re moving towards?
MS. KITCH: Yes, we are. We are moving in partnership with government and the Nova Scotia Health Authority. It’s an important enabling technology platform in terms of sharing patient information; it’s also a significant investment for the province. Taking the time to think about the right systems - the right processes and the right outcomes we want to achieve - is very important and we’re fully supportive of that work.
MR. HOUSTON: How far away would that be, would you say?
MS. KITCH: I don’t have the absolute answer to that question but our teams over this year have continued to work on important stages and processes of getting to that point. So the things we’ve worked on this year would be identifying required specifications that would need to be met as we go to tender on an electronic patient record, and I think more importantly from a health system perspective, thinking about the transformation in both our processes and how our people interface with electronic technology to support the right outcomes of a health information system. Those are the things we’re focused on this year through a structure and a steering committee that involves both government, NSHA and the IWK.
MR. HOUSTON: So it’s still at pretty early planning stages, I would say.
MS. KITCH: Correct.
MR. HOUSTON: So is the planning stage, would that be 2016 and 2017? Is it a couple of years of planning? Do you have any sense of the timeline for that?
MS. KITCH: If I can defer to Mary-Ann who is sitting on the Project Management Committee.
MS. HILTZ: And if I can defer to Sandra Cascadden, but I won’t yet. (Laughter) There is a pause in what we’re calling Phase Zero is where are in the OPOR project. Again Sandra is more expert than I am but I can tell you that we have paused temporarily for government to regroup around some of the capital pressures they are facing across the Department of Health and Wellness.
The idea is that we’re going to get back on track very quickly. As I said, Phase Zero is about procurement, and as Tracy has outlined, that’s about understanding the specifications that we’re going to need. We have every hope that we’re going to move forward within the next few months, but Sandra may want to speak to that.
MR. HOUSTON: That’s okay for now. One patient/one record progress paused at Phase Zero, temporarily maybe. I was curious as to where that was. You didn’t get too far on that one just yet, I guess. I think it has been a year since it was announced. I think it has the potential to be a good project, so hopefully the pause comes off at some point.
You mentioned planning to see how people interact with the technology, and most people will do that on their mobile device or at their desk, at their workstation. In the update, it mentions that workstations are being upgraded at the IWK to Windows 7. Do you have any estimate on how many systems are currently not on Windows 7?
MS. HILTZ: I would have to defer to Marc LeBlanc for that number.
MR. CHAIRMAN: Mr. LeBlanc.
MR. MARC LEBLANC: I haven’t got an actual detailed number, but percentage- wise we’re very, very high. We’d be in the high 90s to 98 per cent done. The ones that are not done are specific to a certain application that will not run on anything but Windows XP at this point, so we’re working with our suppliers to update those if at all possible. If that’s not possible, we have isolated those devices so that we reduce the risk of compromise because they’re running on older technology.
MR. HOUSTON: So there’s maybe 10 per cent of the workstations that would be on XP or Windows 2000?
MR. LEBLANC: I would not say 10 per cent. I would say it was probably about 2 per cent or 3 per cent that would be Windows XP.
MR. HOUSTON: Okay, and where that’s the case, you’ve kind of taken additional security measures?
MR. LEBLANC: We have done so, yes.
MR. HOUSTON: Just in terms of a general question, the transition to Internal Services, did I hear by the end of the year? Is that when you expect that transition to be complete?
MS. KITCH: That’s the timeline we’re working on, yes.
MR. HOUSTON: I will come back to Internal Services now. I guess just in terms of a general comment, we’ve had different departments here before the Public Accounts Committee and have come across lots of different computer-type security issues; the Department of Community Services is one that comes to mind. The Auditor General kind of focuses on risky areas. Some of the findings of the Auditor General surprised me that in this day and age there would be this level of weaknesses in passwords and things like this. Did some of these Auditor General findings surprise you?
MR. CONRAD: Audits are always finding things in terms of the go-forward. We recognize that we always have work to do. There’s lots of change in terms of reorganization, structural change, changing of systems. We’re pretty vigilant in trying to keep people trained up going forward on things like secure passwords and all of that.
I’ll defer to Ms. Cascadden to talk perhaps in a little bit more technical detail.
MR. HOUSTON: I guess I’d ask a very specific question, then. We have a 60 per cent implementation rate on what I would consider to be some very serious findings of the AG. When can we expect that to get up closer to 100 per cent?
MR. CHAIRMAN: Ms. Cascadden.
MS. SANDRA CASCADDEN: Thank you. Very similar to the IWK, a number of our recommendations are in the area of 80 per cent or 90 per cent complete, but we can’t put the word “complete” next to those recommendations. When you look at things like the secondary data centre, which you might consider an important recommendation, over the last number of years, we’ve been taking some really, really important steps, but all of those steps are still not enough to completely close the recommendation. That would be the same for multiple recommendations. Even though the recommendation says not complete, there is a lot of work that has gone on in the background, so we have not ignored the recommendations. But rightfully so, if we have not completed all of the recommendations, then we have to continue working to make sure that we can complete them.
MR. HOUSTON: I would say maybe a lot of these recommendations, especially with the move of more of the IT stuff to Internal Services, would it be fair to say that these recommendations have fallen to you? What is the accountability structure for making sure these recommendations get acted upon?
MR. CHAIRMAN: Mr. Conrad.
MR. CONRAD: The transfer or the moving to Internal Services part of the question, there’s a fairly specific process that involves the two leads - myself as deputy and the deputy of another department, or myself and Ms. Kitch for example, have to agree on who owns the recommendation and how to move that.
Some of the environments where now we may see recommendations that were made as a single recommendation that have multiple parts to them. So something moves from RMV and the program part of it needs to stay with Service Nova Scotia and the IT part needs to move with us. That’s a bit of a give and take in terms of teasing those things apart and then agreeing on formal transfer. Many of the pure IT sides of those recommendations would, in fact, eventually move to Internal Services. We’ve moved some as a result of the April 1st takeover of IT units from other government departments into our department. As we make the transition with the IWK, the Nova Scotia Health Authority will do a similar process of trying to figure those out.
Inside the department, the process to manage - like others, we paid attention to the Auditor General’s Report. In fact I thought it was very proactive of him to put in for us this time some best practices in terms of how departments do a better job of managing reports. Inside the department we’ve done a couple of things. We have regular reporting to our executive table now, in terms of implementation progress inside of the department. Inside of ICTS, Sandra has appointed a person to be the lead that reports in to her executive team and manages the IT part of those recommendations on a regular basis.
We’ve just recently added a new position in our department overall with responsibility for corporate services and policy. That person is going to be putting in place kind of a broader manage across the full department, any recommendations that may go beyond ICTS. So we are trying to follow up on those best practices recommended by the Auditor General. It takes a bit of time to get there but I found that very helpful, in terms of the audit, to actually lay out for us a path that helps us move that forward.
MR. HOUSTON: In terms of the accountability structure with the movement between departments, is there a master spreadsheet that has the recommendation that says who owns it, and would that be done at the deputy minister level - hey, this is my department - just to avoid the confusion? Does that type of chart exist?
MR. CONRAD: We have an internal tracking system called TAGR, Tracking Auditor General Recommendations. It tracks a spreadsheet-style environment of all recommendations that have been made in the last number of years, across all departments. So yes, that system identifies who the responsible department is, what the stage of completion is, and we update that on a regular basis.
It’s actually the information that’s in that system that we release to the Office of the Auditor General that allows the Auditor General to then go in and make calls. So we’ll put in our report that we believe this recommendation to now be complete, and we’ll release that information to the Auditor General as part of a download at given times. Then they’ll go in and review the report, look at the detail, and they may call to interview the department, to talk about what exactly will be done and determine whether or not they agree. But yes, there’s a master system that tracks that.
MR. HOUSTON: That’s a system that the Auditor General is familiar with? Okay, thank you.
So the governments I’m sure can’t operate without computer systems in this day and age. Every record, every piece of information is on a computer somewhere. We had in the media recently this case of the hard drive from the military that was misplaced. Is that something that could happen with provincial data?
MS. CASCADDEN: We, over the last number of years, have put in a number of processes around asset management. I’ll give you an example of one of the processes associated with hard drives that come out of the data centre, which would have a significant amount of information as it pertains to government business.
Those hard drives stay in the data centre and they are stockpiled in the data centre until we have a certain volume. Then they are all documented and serial-numbered, and we take that information - one of our senior people goes to the company that actually shreds the hard drives. They transport the hard drives to a shredding company and we watch the hard drives being shredded and then get the documentation and confirmation back from the shredding company. For those types of activities we have really, really robust processes to manage those types of things.
When it comes to the personal devices, what we have been doing is we have been implementing inscription on every hard drive so if something happens to a device - it gets lost or stolen or somebody does pull a hard drive out - those hard drives are encrypted. We also have technology that if a device is stolen or misplaced, the first time it is connected to the Internet, our systems will find that device and then wipe that device remotely. So we have a number of processes in place.
MR. HOUSTON: I think we heard about that wiping technology recently in the Legislature.
Now in terms of the hard drive serial numbers, have you ever had one go missing?
MS. CASCADDEN: At this point, not that we’re aware of.
MR. HOUSTON: So that’s a log that somebody reviews and somebody would actually say hey, where’s this hard drive, it’s not in this vault here? Okay.
Just a couple of things I’m curious about, in terms of the types of information that’s maintained in the system, would Internal Services have a database of all office space, I guess, in the province? They’d have that on a computer system somewhere?
MR. CONRAD: There is a pretty wide variety of systems, as you can imagine. But yes, there is a custom internal program that tracks office space for provincial government offices; primarily leases. We’re less in the database actually on stuff we own, but more on the leases.
MR. HOUSTON: At a push of a button, would you be able to see what leased office space is occupied and what’s unoccupied?
MR. CONRAD: We’re able to see by lease, not by within a lease. Our database, for example, will show us a lease has been vacated for one reason or another. We can see the end date of the lease, who the occupant is and all that. We can’t go in and say within the lease that every single cubicle within that space is fully occupied on a given day; that’s not within our ability.
MR. HOUSTON: Sure, I appreciate that. Maybe you can tell us how much unused office space there is that the province is currently leasing?
MR. CONRAD: I don’t have that information with me; it’s pretty small. It seems to me that I saw a report a number of months ago - I think at that point we had perhaps one or two things like visitor information centres that weren’t currently being used, but it’s relatively small. I can have that provided by Transportation and Infrastructure Renewal, if the committee would like.
MR. HOUSTON: That would be good to see that.
MR. CHAIRMAN: You still have about another minute, Mr. Houston.
MR. HOUSTON: Along the same theme, there was in the media recently, maybe a little while ago, about unused phone lines at the federal government level that were being paid for across Canada; millions of dollars. I also wonder if that same thing might exist here. Would it be Internal Services that would have an indication of how many phone lines are being paid for and stuff?
MR. CONRAD: That would be inside of Internal Services. We did a project last year with our telecom folks to have a look at mobile phones that had low usage. It’s easier for us to see in terms of - because we get charged by the minute for those phones and we actually eliminated a number of phones that were identified as having either zero usage or low usage.
It’s not always a pure indicator because sometimes we have things like backup phones that are only used in time of emergency so the fact that they are unused isn’t always a pure indicator but we did go into a project whereby we eliminated, I believe, over 100 phones from the system last year.
MR. CHAIRMAN: Order, thank you. We’ll move to Ms. MacDonald and the NDP caucus.
HON. MAUREEN MACDONALD: Thank you very much. I can’t help but think about this topic and how we, as legislators, spend a lot of time thinking about the financial resources of the province, how they are managed and the choices that are made. Really the value of the personal information that institutions hold on our citizens is probably as important, if not more important in some respects. So this is a very important topic in terms of all the data that you folks in your different departments and entities have, and the importance of trading that in a way that protects people in the province. It’s a huge responsibility.
I understand that Ms. Kitch has limited time with us this morning - is that accurate? I’m very interested in pursuing the IWK situation in particular, so I’m going to start my questions with you.
I have the IWK Health Centre action plan on the AG recommendations. I want to ask about this action plan in response to the Auditor General and recommendations from back in 2012. When was it developed? When was it done?
MS. KITCH: I’m going to ask Ms. Hiltz to speak to that, as this was initiated prior to my arrival.
MS. HILTZ: It has been an iterative process. At the time the recommendations were first provided from the Auditor General’s Office in November 2012, we had an opportunity to respond then and develop an action plan . . .
MS. MACDONALD: I understand that. My question is very specific - when was this specific document prepared?
MS. HILTZ: Within the last year.
MS. MACDONALD: And it was provided to the Auditor General at that time?
MS. HILTZ: I believe so. That is, for the most part, a cut and paste from the TAGR database that we spoke about previously. That is what was submitted to the Public Accounts Committee.
MS. MACDONALD: So according to the Auditor General, the IWK has only complied with 20 per cent of the recommendations. The Auditor General had 25 recommendations, and 20 per cent of them have been completed, which means 20 are still not complete. This document indicates that - this is the special note that my colleague referred to - the delays in making substantive progress are because of the amalgamation of the health authorities. So I’m curious about that.
There are two things I’m curious about. This document says that there were delays in making substantive progress. It was prepared a year ago. Today, you indicate that significant progress has been made. Over the last year, you’re telling this committee that what we have here has changed, and of those 20 remaining recommendations, significant progress has been made on them. Is that correct?
MS. HILTZ: Yes, that’s correct.
MS. MACDONALD: My other question - the government has made a great to-do about amalgamation of the nine district health authorities, but the IWK was to be its own district health authority. I think the public perception is that we have two health authorities. So I’m wondering why it is that the implementation of these recommendations was delayed - significantly delayed - because of the other nine district health authorities. Can you explain that to us, please?
MS. KITCH: Thank you for that question. As referenced earlier in the comments, there are a number of recommendations where it is beneficial, we believe, to work in partnership with the Nova Scotia Health Authority and government on creating some provincial standards. As we look at the action plan, it would be where we can be developing standardized processes to keep policies up to date. We want to do that in collaboration so that we’re using consistent policies, where appropriate, across the province.
There are other examples where, as we look at password protection and improving password protection, we would like that to be consistent between both health authorities, as we recognize that often clinicians will work on multiple sites as they deliver care. So there’s benefit in that regard.
There are other recommendations, as we talked about earlier, regarding the migration of data centres - thinking about that on a provincial landscape is beneficial. That’s just a few examples of where we did wait to think about the benefit of implementing these recommendations on a larger scale, rather than just institutionally.
MS. MACDONALD: Thank you for that. I’m not having any difficulty with the need for collaboration on some provincial standards; I think that’s probably quite sensible in a lot of ways. But I also think that it’s extraordinarily important for a district health authority like the IWK not to become paralyzed in terms of acting on some really important recommendations waiting for the new health authority to get their act together on some of these things.
I look specifically at Recommendation 3.22, for example, “IWK Health Centre should, on a sample basis, periodically audit application logs to determine if users are accessing information that is not required as part of their job responsibilities.” Now, it seems to me that that is a really important feature of protecting personal health information in our health care system, and while it would be wonderful to have everybody meeting the same common standard, waiting for the new health authority to develop their new policies and procedures might not necessarily be in the best interests of patients at the IWK, to be perfectly frank.
My question now is, what is the barrier to completing the remainder - to have these recommendations finally implemented? What are the things that are standing in the way right now of making these recommendations compliant, and when can we expect - in terms of hard numbers - a time frame that they will be met? How much longer do we have to wait to see those 20 recommendations implemented?
MS. KITCH: Thank you very much for your comments. I would like to support your perspective, and the position we are taking at the IWK, that on many matters of overseeing the risks associated with internal threats of personal information, we are not waiting on the Nova Scotia Health Authority. Examples such as periodically auditing application logs - that is something that we are doing. We’re 75 to 85 per cent complete on that Recommendation 3.22, and certainly from my perspective as a CEO reporting to the board on matters of risk, this report is something we’re taking very seriously.
I can’t give you a definitive timeline today of 100 per cent completion. As I said, I believe the managing of risks related to IT is an iterative process that at some point in time may have a status report of “complete,” and we will need to continue to work on them to improve and monitor for risks. Our plan at this point, as we table and monitor and track the process of these recommendations at a senior management level, is to take them to the audit committee of our board of directors this coming May. After we get through our February meetings of business planning, it is scheduled on our macro agenda to review our enterprise risk management framework, of which this would be one piece. So we will have an updated progress report at that time.
MS. MACDONALD: You’ve made reference to that one specific recommendation that I cited - the percentage of work that has been completed on that. I’m assuming that you have a calculation for each one of these work-in-process recommendations that we do not have. It would be very useful for our committee to be able to actually see where that work is, where that stands. It would have been nice to have had it for this morning because then we could have had a better conversation, I think, about what needs to be done and what the challenges are in getting that done.
I want to ask you a question about one patient/one record work. I’m not sure who exactly is best positioned, maybe several people, to respond to this. I want to ask about why there’s a pause, what is the rationale for the pause, and is that purely because of financial pressures around capital investment in updating and constructing one patient/one record IT system?
MS. KITCH: Mr. Chairman, I think that my colleague with Internal Services and Health and Wellness may be best to speak to that.
MR. CHAIRMAN: Mr. Conrad.
MR. CONRAD: I could speak at the level I know; it may need a follow-up question for the Deputy Minister of Health and Wellness.
It’s a number of things. The current situation is that as I understand it, across the capital plan of government, we are trying to assess the variety of competing interests in capital. So it’s beyond just looking at one patient/one record but really looking at all of the required capital infrastructure projects across government over the next number of years and assessing where one patient/one record fits in against all those other things. We’re trying to make sure - and again, perhaps Finance and Treasury Board or Health and Wellness could speak more comprehensively - that we have the right structure to get the most important projects done in the right order and make sure that where there are interactions between multiple projects, we’re able to make sure we take advantage of those. As well, making sure that we’ve got the right technology assessment and the right process to get us to a good answer.
Again, as we look at the changing landscape that we’re in - when do we own a system, when do we lease a system, when do we house it ourselves, when do others house it - we’re trying to make sure that the way we go to market to get those things is the appropriate method both in terms of capital and operating. It’s really a broader kind of conversation about how we manage a multitude of opportunities and challenges versus just this one, as I understand it.
MS. MACDONALD: Can I ask what the cost of the one patient/one record IT system is?
MR. CONRAD: I don’t believe at this point we would have a specific number in terms of the ongoing costs. It’s one of the things we’re trying to assess in terms of again how we access it, how we procure it, what it looks like. All of those things will impact the cost, which is one of the things, again, that we’re trying to get a little tighter answer on in terms of this current assessment of it compared to other capital costs.
MS. MACDONALD: Can you tell me what the process looks like to establish a cost for an IT system like this or an upgrade of an existing system? What’s the process that you use? Do you go out and hire a company, go through a tendering process?
MS. CASCADDEN: The process usually starts with identifying the need, so which application you’re going to be looking to replace. Then you have a functionality conversation: what do you need the system to do? That usually involves engaging those who will be using the system. Depending on the size of the system, that could be a fairly lengthy and robust process.
Once you have some of those functionality requirements, you can do a couple of things for a procurement process. You can go out and you can do a request for information to see what the vendor communities have to offer that will solve your problem as you’ve defined it, plus the functionality that you’re looking for. At that point you can get a high-level estimate of what the costs would be.
You can also ask the vendor communities what the different ways are that you could procure the system - so could you completely buy it, own it and operate it? Or are there new ways of putting it to the cloud, kind of going in more of a leased mode? You do a lot of investigation before you actually go out to the RFP process.
A number of times you bring in experts to work with you who do pan-Canadian surveys to see what other jurisdictions are doing in that particular area, to get a sense of what the cost would be for doing projects like this, and you try to find jurisdictions of a similar size. You kind of do all of that to get a sense of how large an initiative is. Depending on the size of the initiative, and I’ll say the maturity of the market that you’re looking for a solution from, you can decide to take very, very different paths.
So if you’re looking for a solution that’s in a very mature market, you may have a really good sense of what the price is because it’s solid. If you’re looking for a solution and you’re looking for a solution that can be delivered in a different way, then you would be less confident in the pricing so you’re going to do a little bit more due diligence around it. There are some fairly robust processes but the processes can be slightly different, depending on the type of system, the complexity of what you’re looking for.
MS. MACDONALD: Has any of that occurred on the one patient/one record system?
MS. CASCADDEN: Yes, actually there was a very in-depth survey done, a pan-Canadian survey - not only pan-Canadian, but looking at what has happened from a North American perspective. We were working with a consulting company that provided us a very good idea of what a system like this could look like from a cost perspective. Then there are different models you can apply. So like I said, you could lease, you could own and operate, or you could do something in between - that whole continuum. We do have a very detailed survey on having a good sense of what something like this would look like.
MS. MACDONALD: When you say you could lease, is that different from doing alternate system delivery and privatizing systems when they need to be upgraded or a new system is introduced, and is that a piece of the evaluation?
MS. CASCADDEN: When I say “lease”, yes, it is actually looking at buying, owning and operating systems differently. Again, that’s along a continuum as well. You could go out and look for someone just to run the hardware but you still run everything associated with the application, so you’re in full control of privacy, you’re in full control of updates, you are in full control of everything as it pertains to the application; or you could decide that there’s another model that you would actually like someone to run the hardware and the application for you, for which then you are responsible for making sure users get access to the system in the right way, making sure that you could add devices that you need to add. In a health example, as a lab would add a new analyzer, you would still retain your own people to add that analyzer, you would still retain your own people to do the monitoring and reporting and creating of accounts, and making the decisions about the strategy of the system.
Whether you go full owned and operated or you go into more of a - it could be a cloud-based solution is what a lot of people . . .
MR. CHAIRMAN: Order, thank you. Sorry to interrupt but we have run out of time there.
We’ll move on to the Liberal caucus and Mr. Rankin.
MR. IAIN RANKIN: I’ll continue on with the same types of questions. We’ve heard there has been considerable progress from the IWK and the Department of Internal Services in terms of the ones that aren’t complete, you have a lot of them that are nearing completion so that’s a positive thing. I guess I’ll ask that from the other group that’s here, Municipal Affairs, I understand you are at 72 per cent of the remaining 28 per cent of recommendations, could you comment on the progress, and if you’re nearing completion, if you have a rough estimate of how close you are to completing those?
MR. MCDOUGALL: Thank you for the question. Of the remaining seven recommendations, four of them pertain to the work that we’re doing with municipalities. We’ve established a working group or common platform to look at the options and solutions for those recommendations. The Union of Nova Scotia Municipalities, the Association of Municipal Administrators, and the Fire Services Association are members of that committee.
That platform established and started work. We haven’t established a time frame. We’ll do that together with those organizations. Three pertain to work within the Department of Municipal Affairs and one pertains to our information technology system. We’re substantially complete and anticipate that in 2016-17 we’ll have that recommendation completed. One pertains to quality assurance and the other pertains - I think to follow up on deficiencies. We anticipate that they’ll be completed in fiscal year 2016-17.
MR. RANKIN: I appreciate those challenges. I think that they are very real. But in terms of finding consistency across the departments, there was some explanation from Internal Services of how they execute on these action plans. So I guess, remaining with your department, is that consistent? Do you have a point person who tracks the action plan, and is it someone within your department who develops that action plan? Is it the same person who tracks it, ultimately? I know that the deputy and even on to the minister, they’re the ones who are accountable, but I guess I’d just like to learn how that works and if the importance of these recommendations is disseminated all the way down to the front line, if everyone in the department recognizes where the department is, and how that’s tracked.
MR. MCDOUGALL: Thank you. Yes, it would be tracked centrally, I’ll say, for any recommendation from the Auditor General in this particular circumstance. My colleague Anne Partridge is tracking the recommendations to make sure that the team is aware of the status of all the recommendations, so yes, it is tracked centrally.
MR. RANKIN: Is there any coordination between the departments of how that works? Like when the deputies all meet together, do you discuss these types of things to figure out where other departments are, to share some of these best practices?
MR. MCDOUGALL: We all would use the TAGR system that was referenced earlier. I’m not sure which office - perhaps one of my colleagues . . .
MR. RANKIN: No, that’s fine. Is the TAGR system the only tracking system you use, or do you have something that’s more on a micro level that actually sets . . .
MR. MCDOUGALL: We have an internal tracking system. Perhaps I’ll have Anne touch on a little more detail.
MS. ANNE PARTRIDGE: We have our own internal action plan, if you will. We’ve actually had it since day one. We do try to update - so I think a good example of that would be when we looked at where we were in the Spring and saw that we had a number of recommendations that were outstanding. We looked at what was outstanding, and a good example is the policy and procedure one - even though I was responsible for that, I couldn’t develop that without a policy analyst, as well as people from Harold’s group to help develop the policies.
I think that goes more to your earlier question. We do track it. I’m ultimately responsible for it and report to the deputy, but it is very much shared with the group in the Fire Marshal’s Office, as well as other people in the department, to make sure that we are moving forward.
MR. RANKIN: Is there any incentive given to employees to try to get them to understand these types of things, or - not really?
MR. MCDOUGALL: We know that the team members in the Office of the Fire Marshal consider public safety as the highest priority in the department. The incentive is in the work that they do, knowing that Nova Scotians are protected from fire risks. There’s no specific incentive other than, I guess, the recognition that the work is completed and we’ve implemented all of the recommendations.
MR. RANKIN: I know my time is limited, so maybe I could just ask one question to the fire marshal in terms of looking at buildings that are commercially set up, different businesses opening, is there any proactive approach to communicating with that said builder or business before the completion date to ensure that they are following the fire guidelines that are presented? In terms of resources, at the end of the day, you would probably save resources, and the business would too, rather than coming after the completion of the building and saying that certain procedures or certain aspects of the building aren’t totally up to code or are not ideal. I’m just wondering, is there any proactive approach within the Office of the Fire Marshal?
MR. CHAIRMAN: Mr. Pothier.
MR. HAROLD POTHIER: The construction and building of any property or premises within the province is a municipal administrative requirement. We do work collaboratively with the municipalities, the building officials, to address concerns as they’re identified and to overcome them, hopefully prior to the end of construction.
MR. CHAIRMAN: Mr. Stroink.
MR. JOACHIM STROINK: My question is for Ms. Kitch. Some people in this room might not know your history or how long you’ve been at the IWK. Maybe you can just give a little bit of a background of when you arrived, where you came from, and all that kind of stuff.
MS. KITCH: Yes, I’m a health care leader. I’ve been in health care for 30 years, a nurse by background. I graduated from McMaster University and did my master’s degree at the University of Toronto. I had the great honour and privilege of assuming the role of president and CEO at the IWK Health Centre in September 2014. Prior to that, I held a number of executive positions at acute care institutions in Toronto.
MR. STROINK: I guess you inherited quite an AG Report. From what I’ve seen, under your leadership and your team, you’ve made significant progress on this. Can you share, in your own words, how, with your leadership, you’ve managed to push this forward quite substantially over the last year or year and a half?
MS. KITCH: I’d like to recognize that in 2012, when the audit was completed, the leadership team took the recommendations very seriously and began to act on them. I do think that under my leadership there has been an opportunity to advance our commitment to accountability at all levels of the organization for recommendations of this matter. Creating those structures and processes at all levels of the organization with senior management, the CEO, and the board has certainly been something we’ve been very focused on in order to advance the work of recommendations of this nature.
MR. STROINK: With that, some of the IT security vulnerabilities discovered in the AG Report under this new leadership from yourself, how have those been rectified, in your words and maybe your colleagues’ words, in a much more systematic and timely manner than maybe in the past?
MS. KITCH: Understanding our accountability and responsibility as a health authority within the new health care structure, when that happened in April of last year, that was one piece that certainly supported and underscored the importance of our leadership in accounting for and responding to the recommendations, if I’ve answered your question on that. Then as the structure was defined, being able to identify those partners that we needed to work with and collaborate with on advancing the recommendations that are more provincially based. Once those structures and individuals and partners were identified, I think that certainly helped to accelerate the work on some of the provincial opportunities.
MR. STROINK: I guess with that comes the amalgamation of all the health care and the importance of making sure that you’re aligned with the other side of the equation, sort of thing. I think that seems to be a very key, fundamental process going forward. I commend you in recognizing that and taking the time to ensure that everything will flow. In this, there must be some bit of a challenge there and complexity in implementing that kind of a process. Can you just share a little bit of the complexity there in ensuring that the two sides are aligned perfectly?
MS. KITCH: It’s a good question. Some of the complexities would arise around identifying perhaps what would be unique needs, based on the populations we serve and the different systems we may be working within, based on populations. So it’s being able to balance different perspectives of delivering care to the adult population, versus women and children and youth.
I think there are many principles and fundamentals that we’ve talked about earlier that they are absolutely shared around internal threats, IT risks, security, integrity and processes and controls. As we look to provincial standards, it’s important that our leadership really identifies perhaps those standards or opportunities where we need to think about internal threats and risks of security from the lens of caring for children and youth in this province.
MR. STROINK: Great, I’ll just leave it at that. Thank you for your time today.
MR. CHAIRMAN: Ms. Eyking.
MS. PAM EYKING: My question would be for the fire marshal and the Department of Municipal Affairs; it’s kind of a two-fold question. The Office of the Fire Marshal is responsible for administering the Nova Scotia Fire Act and in order to address its responsibilities under the Act, the OFM has established three major areas and programs, which would be education, enforcement and engineering. I’m just wondering what exactly the DMA is planning to do with regard to the OFM’s education initiative.
MR. POTHIER: Yes, since the recommendations have come forward we’ve established an education plan that we plan on moving forward, and we dedicated the resources to carry that out.
MS. EYKING: I’m just wondering, is there anything specific to the First Nations communities, as far as the education plan goes, or is it just an overall general plan across the province?
MR. POTHIER: It is an overall general plan for the province that would include First Nations. If the request is there - we have limited capabilities on First Nations premises at the present time, so we’d have to collaborate with the First Nations people to work that process through.
MS. EYKING: Do you see any areas where we could improve on that education plan?
MR. POTHIER: Education is continually changing and we’ll always be improving on the plan as new material and technology comes forward, so we’ll be addressing it on a regular basis. We are currently working with the seniors and the youth in a variety of programs to enhance where there are challenges.
MR. CHAIRMAN: Ms. Lohnes-Croft. You have until 10:14 a.m.
MS. SUZANNE LOHNES-CROFT: Earlier in the remarks, I heard that the Fire Marshal’s Office moved in 2014 to Municipal Affairs. Where was the Office of the Fire Marshal prior to that?
MR. MCDOUGALL: The Office of the Fire Marshal was in the Department of Labour and Advanced Education.
MS. LOHNES-CROFT: Was there a specific reason why it was moved over to Municipal Affairs?
MR. MCDOUGALL: The Department of Municipal Affairs positions us well to work on some of the primary responsibilities that we have. For example, we have fire inspections that the province completes; schools would be an example. I referenced earlier that we’ve completed over 500 inspections of schools in the last three-year cycle. Municipalities also have responsibility for fire inspection so we’re well aligned to work together. For example, a municipality may reach out to the Office of the Fire Marshal and ask for assistance or advice on inspection of a building or property.
Fire suppression is the responsibility of municipalities - we would know that as the fire departments that exist around our province. The Department of Municipal Affairs is kind of a first point of contact with local government. We have a municipal advisory team that would work closely with elected officials, administrators and staff of municipalities. That advisory group has positioned the Office of the Fire Marshal well to look at the opportunities and challenges related to fire suppression, any advice and assistance we could provide with the Department of Municipal Affairs so I think it positions us well to advance the public safety priorities that Nova Scotians have, whether it’s initiatives that the province has leadership and ownership of or initiatives that municipalities have ownership of and we can contribute to.
MS. LOHNES-CROFT: So you would say this was a good move? The fire marshal would say this is a good move, better collaboration, and better communication?
MR. POTHIER: Yes, from our perspective, it better aligns us to deal with our stakeholders that we deal with on a regular basis. We now have a better opportunity to have open discussions with them and move forward on these issues.
MS. LOHNES-CROFT: I represent many communities in rural Nova Scotia, and recruiting volunteers is a real issue. Retaining and recruiting is really challenging now. I’m just wondering, can the fire marshal and the Department of Municipal Affairs comment on how they are ensuring that rural communities have the resources they need to implement their fire services?
MR. MCDOUGALL: Perhaps I’ll start. We recognize that there are challenges for the recruitment of volunteers for the fire service, so we work closely with the municipalities’ fire services and indeed individual fire departments. We’ve developed some training tools, and there are also recruitment tools available that we would share with municipalities and the fire service. Again, the decision-making or collaboration platform that I referenced with the UNSM and AMA will be used as a way to define new opportunities, new approaches, to ensure that Nova Scotians are safe with respect to fire service.
MR. CHAIRMAN: Mr. Pothier, would you like to comment?
MR. POTHIER: Yes. Over the years, we have researched recruitment and retention practices and best practices across the nation. We have provided those to the fire service. They are available, several programs, and we’ve just released another program as recently as this Fall. We are continuing to look at pilot programs that are being done throughout other areas. In particular, one right now is being done in Saskatchewan. They’re piloting a recruitment program that can be introduced into the school system. We’re looking forward to seeing how that pilot works out and possibly making that available for consideration here.
MS. LOHNES-CROFT: How is that information relayed to each individual fire department? You have municipalities and you have towns. You’re not just working with one municipal unit in a particular area. I have a couple of towns, and I have a municipality that I deal with. Does that information go out to the town councils or the fire chiefs? Who gets this information about the tools that you have to offer?
MR. POTHIER: Currently, those tools are held by the Fire Service Association of Nova Scotia. We feel that this new alignment, this new platform, will give us a better opportunity to serve and get the word right out to the municipalities.
MS. LOHNES-CROFT: Okay, thank you very much.
MR. CHAIRMAN: Time is just expiring; there’s just about five seconds left. We’ll now move back to Mr. Houston.
MR. HOUSTON: I’m listening to all the comments this morning, and I’ve got to be honest; I don’t know whether to be happy or sad. We’re talking about recommendations that the AG made in 2011 and 2012. When he looked in June, three and four years after some of those recommendations, there was a pretty low implementation rate - pretty sad about that. Now here we are just a few months later, and the implementation rates are skyrocketing. I’m trying to be happy about that, but I’m also trying to be conscious about where we go next. We’ll see, I guess, on that.
In terms of the IWK, a lot of the recommendations had to do with disaster recovery. That’s pretty important, I’m sure especially around disaster recovery for IT systems. There’s a lot of information, and without that information, it would be hard to operate the facility. So as we sit here today, is the IWK confident that it could recover from an IT disaster, and how long would such recovery take?
MS. KITCH: Thank you for that question. As referenced earlier, as we moved the data centre, certainly the disaster recovery plan must ensure alignment with both Internal Services as well as ourselves, and certainly the impact of moving to a shared disaster recovery plan is important, understanding our shared responsibilities. That current work sits within our all-hazards committee that looks at emergency preparedness and how we respond to these kinds of threats and risks and events. I’ll defer to Ms. Hiltz to give more specifics on that.
MR. CHAIRMAN: Ms. Hiltz.
MS. HILTZ: We’re actually very encouraged about our positioning around disaster recovery because of the opportunity that we’ve had to move our local data centre at the time of the audit - the IWK’s data centre is the data centre that was audited - we have moved 96 per cent of our servers to the provincial data centre. In the meantime we have also identified a secondary data centre somewhere within the central zone and that is in addition to working with the province on their provincial secondary data centre, so we are redundant to 96 per cent.
We have policies, processes, and practices on bringing the systems back up. There is an order of priority once the core network is established on how we bring them up and we are very confident on where we are today, versus where we were.
This has been a very iterative process, as Ms. Kitch described previously. It’s gradual. You have to work with the clinical teams, you have to plan that server transfer because it contains clinical data, it supports clinical applications, so it is a long process and part of our level of completeness or close to completeness - we feel we’re about 4 per cent away - is just related to the labour and complexity and planning that goes into moving those servers.
MR. HOUSTON: So it sounds like in terms of disaster recovery preparation, it’s pretty much there, depends on the disaster, maybe.
MS. HILTZ: Correct.
MR. HOUSTON: What would you say to somebody who said wow, after four years, almost five years since the Auditor General first recommended this, to be almost there - can you give me some perspective on that? It’s hard for me to get my head around it, to be honest.
MS. HILTZ: What I would say is that it is very complex work and health care systems are incredibly complex. When you think of the 170 servers that support hundreds of applications and multiple clinical systems, it is work that takes time. It has to be planned . . .
MR. HOUSTON: But I mean - in fairness then, I’ll leave that one. I don’t even know if a company like Google existed five years ago - look at what happens in the real world in terms of the movement of things. It’s hard to justify like four or five years to respond. If we’re almost there then that’s better than we were six months ago and certainly better than we were years ago. I guess I’ll leave that one at that and see where it goes.
I know we’re short on time for the IWK stuff, I think.
MR. CHAIRMAN: Ms. Kitch.
MS. KITCH: Late yesterday the examiner agreed to move my time, so I’m not . . .
MR. HOUSTON: Okay, fair enough as I do want to go back to the one patient/one record and that is a system that a year ago was announced, with some optimism and fanfare, let’s say, about how much of an improvement that would be. To now hear today that that’s on hold, for however long to be determined, I would ask Ms. Kitch, what’s your personal reaction to that? Are you excited to have that system ultimately and would you be disappointed that it’s on pause? How did you feel when they came back to you and said by the way, we’re at Phase Zero and we’re paused on that?
MS. KITCH: Phase Zero, as referenced by Ms. Cascadden and the work that goes into that, is probably the most important fundamental building block to really move forward with the benefit realization of a health information system and an electronic platform. Personally, when I heard the news, I understand that these decisions aren’t made in isolation; they were made, as referenced earlier, looking at multiple demands and competing priorities.
My perspective is that it is providing us some more time to do the key important work that needs to be done around understanding the requirements. What are the outcomes we want to achieve from what may be one of the highest IT investments we make in this province? I don’t know that by data or by evidence, but I would suggest IT investments in health care are quite expensive. From my perspective, I would rather that we take the right amount of time to get it right than move fast and get it wrong.
MR. HOUSTON: I certainly appreciate those comments. I didn’t hear that the first time around. The first time around, what I heard was not that we were pausing so we’re more prepared; I heard we were pausing because we don’t have any budget for it. Those are two different things in my mind.
At the time of the announcement last year, it was announced as a $1.25 million planning phase to be completed in eight to 12 months - which we’re solidly in now; we’re pretty much at the end of that - and at the end of that time period to have a negotiated contract for an actual solution. We don’t have those things. Are you aware of whether the $1.25 million is gone? Was that spent?
MS. KITCH: I don’t have that information. I believe that Ms. Cascadden and ISD may be able to speak to that more accurately.
What I would say, just to clarify, is that the competing priorities on resource and finances is one issue that presented as we entertained the pause. I would say the opportunity that the pause created was to look at some fundamental processes and structures and requirements to continue to do that work, perhaps in a different way. But though we’ve had a pause, the teams have not stopped working on proceeding . . .
MR. HOUSTON: Okay, then the one patient/one record system was meant to either be - and I’m not clear on this - a replacement of two systems or instead of two systems. Those two systems were the physicians’ order entry system - is that a system that exists, the physicians’ order entry system?
MS. KITCH: It is one application within a health information system . . .
MR. HOUSTON: Okay, and at the time, when the one patient/one record - it said that system was a $7.2 million system. It also had a second one, which was called the emergency department information system, which was $8.3 million. So those two systems, $15 million - I don’t know whether that’s per year or not. Do you know?
MS. KITCH: I don’t have the answer to that. Ms. Cascadden may.
MR. CHAIRMAN: Ms. Cascadden.
MS. CASCADDEN: Those two systems, the clinician/provider order entry system and the emergency department system, neither one of those systems existed, and we didn’t do any implementation, but those had been budgeted in previous budget years.
MR. HOUSTON: So that was a plan, but that plan was scrapped and superseded by the plan for a one patient/one record system?
MS. CASCADDEN: That’s correct. We believed investing in the one person/one record system was a better investment than investing in multiple small systems that don’t truly pull the whole province together. We were really looking at replacing three really large systems with the first phase of the one person/one record project, which would be the three hospital information systems - what the district health authorities had before they amalgamated, plus what Capital Health has and what the IWK has.
MR. HOUSTON: So those three systems exist as we sit here today?
MS. CASCADDEN: Yes, those three systems exist, and they exist in different phases and stages of their evolution.
MR. HOUSTON: Right. Presumably, since there has been one project to replace them, which would have seen two systems I guess - physicians’ order entry - then that got scrapped, and then another project to replace them with the one patient/one record. That’s two efforts at replacing these three existing systems. I guess it’s fair to say that these three existing systems are inefficient. Would you also call them ineffective?
MS. CASCADDEN: The three systems - the first challenge from an efficiency perspective is that they are three systems. A patient can travel all over the province receiving care and their information can reside in any one of the three systems and it’s very difficult for a clinician to get access to the information in the other system, so there is an efficiency perspective for sure.
There’s an age-of-system issue as well with those information systems. When we looked at what would be the best direction to go in, continuing to invest in three separate systems . . .
MR. HOUSTON: So what is the investment in those three systems? What is the annual cost to run those?
MS. CASCADDEN: The cost to run the three systems is somewhere around $32 million annually to run those three systems from a maintenance perspective.
MR. HOUSTON: Okay, so that’s a lot of money; that has been identified as a lot of money and a need to replace it. Now the need to replace it has been paused. I’m just wondering, that’s kind of - I was trying to figure out how short-sighted it was to pause. When I hear a number like $32 million per year, presumably if the replacement system would cost fractions of that, so it kind of gives me an idea that it’s penny-wise and pound foolish to put a replacement system like that on pause, particularly when you think about how much more effective the replacement system would be at delivering health care in this province.
To do that, make that type of decision under the guise of capital restrictions and not having money to do it, it strikes me as silly. I’m hopeful that maybe you can tell me why it’s not or give me some insight as to why it would make sense to make that type of a decision.
MS. CASCADDEN: I mean there are fiscal realities in the province. The whole process to replace hospital information systems is extremely complex . . .
MR. HOUSTON: Let’s say if that’s $32 million a year - and I don’t know, maybe a new system is $16 million a year - that’s a pretty quick payback. It doesn’t make sense to try to say, well the fiscal realities don’t allow that investment, and just continue to spend an additional incremental, whatever amount, up to $32 million a year. I really struggle with that.
MR. CHAIRMAN: Order, time has expired. We’ll move to the NDP caucus and Mr. Wilson.
HON. DAVID WILSON: I want to thank my colleague, he’s definitely asking some important questions, especially around IT and information systems that provide and support the health care sector of the province.
I talked to many Nova Scotians who are concerned at times about the information that government departments have, especially health information, and that they want to make sure there are protections and that that information is secure. I hear that on an ongoing basis, I heard it when I was the Minister of Health and I continue to hear it, that people want to ensure that the information that is on the government systems is protected. Maybe Ms. Cascadden - should Nova Scotians be concerned with that or are you confident that the systems we have in place and the changes that we’re seeing as we move forward when technology changes as rapidly as it does, that that information is secure and it is protected?
MS. CASCADDEN: I believe both in the health sector as well as within government that we have a good group of IT professionals who take their jobs very, very seriously and that they do the absolute best they can in order to protect the information that we maintain on the citizens and the businesses of the province.
We do have really good tools that we use, we have excellent processes in place. Is there an opportunity to be better? Absolutely, and that’s actually what the Auditor General helps us do as part of the audits that we go through.
We also self-audit. We do bring in companies that do some testing and then provide direction to us on to where we have to harden our systems or harden our servers and things like that. We do have those processes in place. We do have people watching the front door to see what’s going on, and making sure that the door’s locked when it needs to be locked and open when it needs to be open.
MR. DAVID WILSON: And those individuals are within the province, within government. I know over the last number of years jurisdictions across Canada - and of course, I include our province - have brought legislation in to make sure that that information is protected and to try to reduce or eliminate breaches of that information being released, especially in health care. I deal a lot with health care, because that’s where I hear the most concern from.
Recently we just heard that the government over a year ago decided not to invest in increasing the number of pathologists in our province but to send those tests out of the province - actually, out of the country, to a private clinic in Minnesota, I believe, in the U.S. Are you confident that those protections are in place so that that information, especially health information of Nova Scotia’s citizens, is protected? As you said, we have gatekeepers at the door - we don’t have them in Minnesota. How confident are you that there are protections in place to secure that health information when it leaves our province and our country? Have you had any discussion with ensuring that that happens?
MS. CASCADDEN: Thank you. I’ll speak to this to a high level, and maybe the IWK - I can speak to it from a health perspective. Certainly there are technology protections that we can put in place that ensure that when someone from outside our system comes into our system to access things, they come in through a very narrow pipe that is specifically defined for that transaction. We can lock it down from that perspective, so they can’t go anywhere they’re not supposed to go, and that information can’t go outside of that pipe either. We have to grant people access to our systems through user names and passwords, and we can turn those accesses on and off and monitor those accesses.
There are different things you can do from a technology perspective that would ensure that information, as it moves between two places, is secured and is kept private. That would include encrypting the data as it transmits over the lines, if you wanted to know something specific about how they might have done it within that system.
MR. DAVID WILSON: No, that’s good, and I’m glad that that’s there. I think that reflects why we need up-to-date legislation in Nova Scotia, and I feel confident that we have that. I know that we worked on it, and previous governments worked on ensuring that the legislation and the laws that we have in our province do just what you’ve mentioned.
But the fact is, our laws that oversee Nova Scotia don’t support what another jurisdiction would do. I’d feel more confident and comfortable if it was in another province across Canada, because they have similar legislation. One of the first things I heard about information was when I was first elected, and the changes in legislation dealing with companies in the U.S. And of course under U.S. law there’s a piece of legislation that was brought in after 9/11, the Patriot Act, which allows the U.S. Government and law enforcement to go in and look at any information they choose without the knowledge of that individual or that company.
Not to say that they’re going to run and see all the information about Nova Scotia residents that is at a clinic in Minnesota, but they can if they choose. How do we protect that information from being seen by people that I would say Nova Scotians would not want other people to see without their permission? The Patriot Act would eliminate any jurisdiction coverage or laws that we have in Nova Scotia. Has there been any discussion on your side or within government, about what implications there are with legislation outside our borders, especially the Patriot Act, when we have information and tests, private information, going to a clinic in the U.S.?
MS. CASCADDEN: A couple of things. One is, within Canada, the two strongest pieces of legislation are actually on both sides of the country, B.C. and Nova Scotia. We have the strongest legislation.
When we grant people access to the system, it does not mean the data actually moves from point A to point B. In the instance where you may have someone who requires access to your system, and they happen to be in the States - believe me, we’re fully aware of the U.S. Patriot Act, and we do also prefer information to remain in Canada. But we do work with many companies and many organizations that are U.S.-based companies.
What we do is, we don’t transfer data to the United States. They come in, and they can look at our data, but it never actually moves into the States; that’s one level of protection. If the data isn’t in the United States, things can’t happen from a state perspective, because they actually can’t come across the boundaries unless they’re working with other legal entities in Canada. So we’re fully aware of the U.S. Patriot Act, and we look at every solution if there’s a request for someone to access it through the States.
We have a number of information systems where we have to rely on U.S.-based companies and experts to help us support those systems. We actually turn on and off their access and grant them access at very specific times for them to conduct business. If they try to get into the system outside of those times, the system is locked down.
MR. DAVID WILSON: That’s fair. I’m glad that that’s there. But the request may not come. That’s what’s in the Patriot Act, that they can look at that.
Some information must be generated in that clinic. Do they send the tests back? I know this might be more of a detailed question, but do they send the results of that testing back to Nova Scotia before they actually figure out exactly what the results of those tests are? There has to be some information that’s generated within the U.S. that could potentially be open to the Patriot Act. I just want to make sure that this is an option that has been looked at, and if it has been, what concerns are there? Should the government inform Nova Scotians that there’s potential for an outsider to see their information that is generated in a clinic that doesn’t have to follow our rules.
I understand they can’t get access to more of their information, but should the government ensure that people understand fully that there’s a potential there? Would you agree that there is a potential that some information could be looked at because it’s generated and the tests are done outside our jurisdiction?
MS. CASCADDEN: What I would say is that if we have been using pathologists to read the results that reside in our system, those results still reside in our system and are not replicated down in the United States, so they do not reside in the States.
As well, when they are generating a report associated with those lab results, they would be doing that work inside of our system, so they would not be generating information that resides in the States; they would be generating their responses to information that still resides in our system. Nothing actually resides in the United States because they’re accessing and conducting business from our information system.
The other thing that we do have to do, according to our legislation, is disclose to the Minister of Justice any activity associated with having access to information systems from any U.S. entities in support of our system. We generate an annual report that says, for example, that a certain system had to be supported by a U.S.-based company because we were having problems with our database, and so we had to rely on those resources in the States to support the database.
MR. DAVID WILSON: Is that publicly available, or is that just something that’s within government and is not seen by people? Who might have access to it?
MS. CASCADDEN: I know we report to the Minister of Justice. I’m not sure what happens after that.
MR. DAVID WILSON: Thank you. I appreciate it because it’s something that I haven’t heard anybody discussing.
I know I don’t have much time, but I can’t let this go by without having a few questions for the fire marshal. I know that there have been 25 recommendations; 11 of them have been completed, and you’re working on the other 14. I was going to get into some detail with that but I wanted a quick question on volunteer firefighters.
I know that recently in Halifax there have been discussions around paid and volunteer but I think even the paid firefighters know how important volunteers are. When you leave the urban centre you realize how important volunteers are in rural Nova Scotia.
I’ve worked quite hard over the last number of years - I was a volunteer firefighter, and paramedic - to ensure that first responders are protected and have the support of government, and tried to improve services. One of the areas that I’ve been more recently working on is around PTSD and the coverage under WCB and trying to get a policy change there that would help and support anybody who has access to WCB, but the big concern is volunteer firefighters who don’t have access to WCB.
Are you in discussions and are you aware of the concern out there around volunteers and gaining access to coverage under WCB and maybe just a quick comment on that?
MR. MCDOUGALL: Thank you for the question. We would certainly agree that the volunteer fire service is essential to fire protection throughout Nova Scotia. There are over 300 volunteer fire departments that exist and give their time to ensure their neighbours and their communities are safe.
We are aware of the issue. Workers’ Compensation resides with the Department of Labour and Advanced Education so we’re not active on that.
MR. DAVID WILSON: But you’d be more than willing to - and maybe this is directed to the fire marshal - would you be more than willing to be engaged and a partner in any kind of committee or organization or discussion as we go forward?
MR. CHAIRMAN: Order, I do apologize. We’ll move to Mr. Maguire for 14 minutes.
MR. BRENDAN MAGUIRE: Thanks for coming today. My questions are to Internal Services. The report states that the Chief Information Officer has started a project to create a comprehensive disaster recovery plan - what is the current state of the project? Is it possible to give us an adequate time frame for when this will be complete? What steps are being taken to mitigate some of the known risks to the provincial data centre?
MS. CASCADDEN: In this Auditor General’s Report a number of the recommendations are intertwined with each other so we have created a disaster recovery plan, but that disaster recovery plan also hinges on a secondary data centre. What we’ve been doing is we’ve been kind of working our way through each one of the processes.
We’ll start with kind of the secondary data centre in that we are looking to see which information systems actually need to go inside the secondary data centre and when we know which systems can be replicated, we know what the disaster recovery plan looks like for those systems.
We’ve also taken the time during this process to recognize and identify the top information systems that need to be up and running pretty much 7/24, 365. We have taken those top five systems and we have already put them in a second data centre and they are already running in the second data centre, those top five systems. So we have a disaster recovery plan for those top five systems.
Then we keep stepping our way through the process. That’s why a number of the recommendations are not marked “complete” because it’s peeling the onion layers back and working through the whole disaster recovery plan which is part of the secondary data centre process as well.
What we’ve done as part of a disaster recovery plan is that we’ve also done tabletop testing, and that tabletop testing goes to validate the plans we have in place. We have put in a number of templated documents, we have worked with the various departments and asked the departments what their requirements are for the disaster recovery plans for their systems.
We can’t determine which systems are important or not important and what the timelines for restoration have to be so we have to have conversations with every department. That takes a long time, but once we have them, then we have that piece of the disaster recovery plan in place, so it’s multi-layered, multi-faceted.
On the secondary data centre itself we are working our way through, putting together an RFP for the secondary data centre. Before we did that we actually had to decide what our overall strategy was. In the last number of years a number of options have presented themselves that we had to take into consideration, so instead of looking for just a bricks and mortar data centre we are looking for more of a hybrid approach where we do need some bricks and mortar but we’re also going to use other technologies, like cloud-based technologies to solve the problem.
You put all that together and you start moving toward the completion of your whole disaster recovery plan, but it’s like peeling the layers of an onion back and we’re working our way through all those layers.
MR. MAGUIRE: You mentioned cloud-based systems so is it safe to say that those are more cost-efficient than bricks and mortar? What risks actually do you run using a cloud-based system?
MS. CASCADDEN: According to the literature and the experts, cloud-based systems actually can give you somewhere between 10 per cent and 20 per cent savings running the cloud-based systems because you don’t have to put in all of the infrastructure and the redundancies that you would normally have. Once you purchase a cloud-based system, it is the responsibility of that cloud-based provider to provide the disaster recovery for that system that you are procuring. There are potential cost savings for systems.
Not all systems can go to the cloud so part of our assessment as we’re moving through our whole disaster recovery plan - which also includes a secondary data centre - is, which of those systems are actually best fit for the cloud because they are low-risk from a privacy perspective, a threat risk assessment, and an information management perspective. So again, we look at each one of the systems and assess the risk of putting the system in the cloud.
We also assess where the cloud is. Is it in Canada? Is it all over the world? We assess that risk as well as the risk for the information system. So there are pros and cons to cloud-based systems. Not everything can or should go into a cloud-based system. We have a framework and a methodology to work through which systems are best positioned to go to the cloud and which ones really shouldn’t or even can’t go to the cloud.
MR. MAGUIRE: I’m assuming you are running more than one operating system. You said you are running XP in some places and you are upgrading Windows 7 - I’m sure there’s some Linux in there and some Apple and things like this. This is a complicated process, it’s not as easy as just snapping your fingers and saying this is all getting done. Thousands of users, thousands of applications and probably millions of pieces of information. You are confident that you are moving in the right direction?
MS. CASCADDEN: We are confident that we are moving in the right direction. Like I was saying, we actually are putting processes in place and frameworks in place that we can document how we made the decision to take something to the cloud or not. Basically it will be evidence-based decision-making about the directions we will be taking as it pertains to our information systems.
MR. MAGUIRE: Just one last question to do with the operating systems. I’m just wondering what percentage of operating systems are running XP - I think you said 2 per cent - and what are the barriers that are preventing you - it’s a 15-year old system, right? You are running a very old system and it’s safe to say that the operating system producers, while it doesn’t move as fast as hardware, they’ve made some leaps and bounds in software.
I’m wondering what the barriers are that are preventing you from upgrading from XP to Windows 7 and also, what triggers a software upgrade in the government? Is it a time thing? Is it an application thing? I’m assuming that if you are running Windows XP with some of the new software out there, it’s very hard to get compatible software that’s new, right? I don’t know who that would be to - he perked up in the back.
MR. CHAIRMAN: Mr. LeBlanc, would you like to take a stab at that one.
MR. LEBLANC: I perked up, you were looking at me. The biggest barrier we have on the health system is the applications themselves, the health applications that will not allow you to run anything but Windows XP. So if you upgrade your desktop to Windows 7, you would no longer have access to that application you need to do your work. That’s unacceptable. That is the biggest barrier.
We’re working with vendors. Some vendors are aggressively moving to that. As you said, it’s a very old system, and you’d think “aggressively”, it would be done by now. But in clinical applications, there is a huge amount of work that has to go to get the application certified for use in clinical situations. So it does take a long, long time for upgrades to come, and some vendors are working on completely new applications, a new platform, and we’ll take it when we can get to that point.
As I said before, we have mitigated those systems that are still running on XP as best we can, so that they are not vulnerable to those exploits that are still available.
MR. MAGUIRE: The question is, and this just popped into my head here - some of these recommendations that you’re given, are you at the mercy of software developers? You have these companies that are making one piece of software for clinical use, and it costs millions and millions of dollars to upgrade these pieces of software from XP to Windows 7 and keep up with the ever-changing OS market. So are you kind of at the mercy of some of these software manufacturers?
MR. LEBLANC: We are for systems, yes, because they have to be compatible with the hardware that we have. As you said, the hardware sometimes moves very quickly, and the operating systems are moving more rapidly than they were 10 or 15 years ago, and keep changing, so it’s very hard for manufacturers to keep up.
Also, with the number of systems that we have, and the complexities, you have to make sure that they’re all compatible with each other and continue to run. So it is very complex, and is one of the factors in doing updates.
MR. CHAIRMAN: If there are no further questions, we’ll now offer an opportunity for brief closing comments, beginning with Mr. Conrad.
MR. CONRAD: Thank you, Mr. Chairman. I’d just like to say two things. One, thanks to all the staff from my department who work so hard on these issues on a day-to-day basis. You can tell from the questions of the members that they take this very seriously, and I want to show you that we do the same.
I guess the other thing I’d like to comment on is a question that was asked about follow-up in general, and the timelines and that sort of thing. I would say that over the last year - I chair the Nova Scotia provincial audit committee for deputy ministers, and over the last year the Auditor General and I have had a number of occasions to meet and talk - and your chairman, Mr. MacMaster, has written and called me on a number of occasions - to talk about how we improve the success of follow-up in future years. We’ve worked pretty actively on trying to get ahead of these things, trying to get earlier in the process to make sure we’re doing follow-up better, to try to take these things with the seriousness which we know they mean.
So I would assure the members that the message is very clear. My boss, the Clerk of the Executive Council, has been pretty clear with deputies over the last number of months that she sees this as a high priority, and she’d like to see our performance improve over the coming year. It’s a topic of much interest to us as well, so we’re working hard at that.
Thank you for your questions today.
MR. MCDOUGALL: I’d like to echo Jeff’s comments and thank the Municipal Affairs team for all the work that has gone into the success that we’ve had in accelerating our achievement of the recommendations, and thank Jeff for elaborating on the answer asked earlier.
Perhaps just one final point - there was a question about education. One of the most essential pieces of education is for Nova Scotians themselves. We’re accelerating our use of social media to educate Nova Scotians. Perhaps you’ve caught the little campaign we had recently about “hearing the beep where you sleep.” So I’d echo that it’s not just the fire service, not just municipalities and government - it’s each individual Nova Scotian who can ensure that their families and their neighbours are safe. So thank you for the opportunity to respond to your questions.
MS. KITCH: My closing remarks are also just to extend my sincere gratitude and thanks for inviting us here today. I think it’s a very important process to really hold our improvements to account. I, too, in my first year had the opportunity to meet with the Auditor General in terms of his role in the number of reports that he’d commissioned related to health, and certainly the IWK. I believe it’s a very valuable resource for us within health care to continue to make improvements in many of our processes. I believe the IT controls to protect personal health information are some of the more important or most important processes that we need to be vigilant about and diligent with. Our commitment really going forward is to continue to ensure that we have the appropriate internal infrastructure and process from senior management to the CEO to the board in terms of acting on recommendations and maintaining those actions at a pace and scale that ensure we achieve the kind of outcomes that are required in a timely fashion.
Thank you so much for inviting us here today.
MR. CHAIRMAN: Thank you to everyone for being with us today. We do have some committee business.
There was some correspondence that we’ve received. If anybody has any questions, please let myself or our committee clerk know. We have correspondence from Nova Scotia Business Inc., the Department of Finance and Treasury Board, the Department of Transportation and Infrastructure Renewal, and the Halifax Regional School Board. Are there any questions on that correspondence?
Last year, we began a process of endorsing the Auditor General’s recommendations. This year, we have the opportunity to do the same. I would like to ask for a motion to be put forth to endorse all recommendations where the department or agency has agreed to take action contained in the Auditor General Reports. Specifically, this past year, there were recommendations contained in the Bluenose II Restoration Project Report, the February 2015 Financial Report, the June 2015 Report, the November 2015 Financial Report, and the Fall 2015 Report.
Would somebody on the committee like to make a motion? Mr. Rankin.
MR. RANKIN: I’ll move that motion. I’m not going to repeat it because you’ve been pretty thorough with that, but I’ll move that motion.
MR. CHAIRMAN: Just for the record, then, the motion will be to endorse all recommendations where the department or agency has agreed to take action contained in these reports. Mr. Rankin has moved that motion.
Would all those in favour of the motion please say Aye. Contrary minded, Nay.
The motion is carried unanimously.
We have some work being done in our Legislature, outside of the Chamber, for the first two weeks of February. We’ve been asked to move our meetings to the Red Room, across the hall. I wanted to make note of that. The February 3rd and 10th meetings will be in the Red Room.
The record of decision approved by the committee on November 25th referenced specific witnesses. In the case of the advertisement agency procurement process, that was going to be one of our topics - it will be one of our topics. The Deputy Minister of Business and the interim president of Tourism Nova Scotia were approved as witnesses; however, the deputy has resigned, and Ms. McKenzie, the interim president of Tourism Nova Scotia, her contract ended on January 14th. So neither of those people is still active. Our clerk has done some work on this, and she has recommended, based on a recommendation by Ms. McKenzie, that the representative from Tourism Nova Scotia should be Martha Stevens, who is the director of marketing and was the lead on that project. Also, the Deputy Minister of Business is now M.J. MacDonald. She has been appointed Acting Deputy Minister.
Is the committee in agreement that Ms. MacDonald and Ms. Stevens be witnesses? Would all those in favour of the motion please say Aye. Contrary minded, Nay.
The motion is carried. The committee is unanimous in agreement.
Thank you for that. We do have to do that because we have agreed as a committee previously to bring other people before us, so if we’re going to make a change and bring different witnesses, we have to gain agreement.
Chapters 2 and 4 of the Auditor General’s November 2015 Financial Report: the Deputy Minister of Finance and Treasury Board has been approved as a witness and has been requested to appear on February 24th. Deputy McLellan is looking to have permission to instead designate Associate Deputy Minister Byron Rafuse as the witness that day. The deputy is involved in budget deliberations at the time; that will be on February 24th.
Is the committee in agreement that Associate Deputy Minister Byron Rafuse replace the deputy minister for that meeting as the witness?
MS. MACDONALD: Is there an alternative to looking at a date that the deputy himself would be available? My view is that it’s only in a small number of cases where we don’t have the deputy minister. I think the deputy minister is the appropriate person who is responsible for the operations of the department.
MR. CHAIRMAN: Thank you, Ms. MacDonald. Are there any other comments from other members? Mr. Rankin.
MR. RANKIN: I guess that would be appropriate as long as it’s whenever after the budget is passed. We’re going to put through more topics today so we could do that but the reasoning would still remain until the budget is actually through the House, so as long as the committee doesn’t mind waiting three months or so.
MS. MACDONALD: I recognize it’s a busy time in the department but it’s a busy time for everybody in the department, including the associate deputy minister. I’m of the view that we would want the deputy minister to come and we would want the deputy minister to come prior to the budget, if at all possible.
MR. CHAIRMAN: Perhaps I’ll add a comment as chairman, and I don’t usually do this, but I do think it’s important that we don’t begin to set a precedent at the Public Accounts Committee meeting where we no longer bring the leadership of whatever the relevant agency or department is, too, as a witness, for the very reason that it will begin to devalue the work we do as a committee.
We have differing opinions on who to bring and the timing of bringing a witness here. The deputy minister has stated that the earliest point he would be available is in April. This is a decision of the committee. The original decision was to bring the Deputy Minister of Finance and Treasury Board as a witness. We do try to work with departments. I know our clerk today spent a lot of time trying to make sure that witnesses could be here today because sometimes department ministers, deputy ministers, can’t attend. I know the clerk does a very good job of working with the heads of departments to try to find a time that is convenient for them and I see her doing that almost every week, to be quite honest.
Are there any further comments? I did want to put that on the record because that’s from what I’m seeing and as a committee member, that’s what I believe. Mr. Rankin.
MR. RANKIN: Can I ask the clerk, where are we scheduled to with the current topics?
MS. KIM LANGILLE: Approximately to the end of March.
MR. RANKIN: Okay, I mean the only option is to schedule in April, unless you bump somebody else who is already scheduled, right?
MR. CHAIRMAN: Ms. MacDonald, are you in agreement with that?
MS. MACDONALD: Do you have a draft schedule of what is scheduled, so we can have a look?
MR. CHAIRMAN: Just while Ms. Langille is locating that schedule, is there agreement for the committee to sit beyond 11:00 a.m. since I see that it is now 11:04 a.m.? Thank you, there is agreement.
Okay, this is a draft here. So January 27th next week, we have the Department of Health and Wellness and the Nova Scotia Health Authority; February 3rd, we have the Deputy Minister of Executive Council on Ministerial Travel; on February 10th, we have the CEO of the Office of Service Nova Scotia on the Heating Assistance Rebate Program; February 17th, we have rescheduled from last week’s meeting because of the cancellation due to weather, we have mental health, the Nova Scotia Health Authority; on the 24th of February, we have the Deputy Minister and Controller of Finance - of course that’s the meeting we’re talking about right now.
MS. MACDONALD: The topic is?
MR. CHAIRMAN: The topic for the February 24th meeting is a review of the past Public Accounts of the province and Chapter 2 of the Auditor General’s November 2015 Financial Report and Chapter 4 of the Auditor General’s November 2015 Financial Report; those chapters being: the first one references results of Public Accounts audit and review of revenue estimates, and the other chapter is Nova Scotia’s financial condition. That is the meeting scheduled for February 24th that we’re speaking about right now.
After that, on March 2nd we have a request sent for Tourism Nova Scotia and Department of Business to present on the advertisement agency procurement process; that was the other item we discussed earlier. Then I believe the next date is March 30th because on March 9th there is an out-of-town caucus meeting for the Liberal caucus. Then the following week is March Break and for the 23rd there is a vacancy at that time.
MS. MACDONALD: So perhaps we can check and see if the Deputy Minister of Finance and Treasury Board would be available in that March date. I would be happy if he was able to come on that day.
MR. CHAIRMAN: Mr. Rankin, you have a comment?
MR. RANKIN: Just that that would be potentially right around when the budget is released. I have no idea when that will be but I don’t see an issue with putting a motion forward that we include him with the new list of topics and we schedule them as best we can with the clerk. There’s no urgency in bringing him in that I can foresee, so what is the issue?
Here’s my motion: we include his topic, with the deputy being the witness. I’m in full agreement with the deputy minister coming as the witness, but we include him with the topics that we approve today in subcommittee and we schedule as best we can.
MR. CHAIRMAN: We have already approved, as a committee, so the committee has approved that he will come. Perhaps what I could offer committee members is that we will ask the clerk to work with Deputy Minister McLellan to see if he may be able to attend on the 23rd, in the absence of the 24th. If not, I’m sure this issue can be brought up again with the committee.
We can report on progress next week on this and if he’s agreeable to the 23rd, perhaps we have the situation solved. If not, we can continue discussion on it, I’m sure.
I’ll try to keep moving things along here. We are getting to the end. There was an item - Mr. Rankin and I, along with the Auditor General, were in Winnipeg in August to attend the Canadian Council of Public Accounts Committees conference. I wanted to bring a report to you and some items for discussion that we could do in camera on that. Part of the value in us travelling to these conferences is learning about how other jurisdictions work.
I know the Auditor General, as I was just speaking with him yesterday - I shouldn’t be stealing his thunder but I’m sure he doesn’t mind - he is going to be travelling to Thailand later this year and sharing his expertise with them. I believe the government there is paying the expenses, if anybody is concerned about that. So we learn things on these travels so I wanted to have some discussion in camera on that but I want to put that off until a future date because we’ve done a lot today; that was our next agenda item. I’m going to ask our clerk to hold that item for a future agenda.
Our next meeting date is January 27th. We’re going to be starting at 8:30 a.m. with a briefing from the Auditor General on Chapter 3 of the November 2015 Financial Report, that’s on the results of audits in the government reporting entity. Then we will have our meeting at 9:00 a.m. with the Department of Health and Wellness and the Health Authority.
Before we close we are having a subcommittee meeting afterwards to look at future topics. I would like to offer the Auditor General a chance to comment. Mr. Pickup.
MR. MICHAEL PICKUP: Thank you. I just wanted to share with you one quick organizational update and to thank Ms. Ann McDonald, who has been the Assistant Auditor General looking after our financial audit work for the last number of years. She has chosen to take her retirement from the Public Service effective this month, so I want to thank her for her years of service, I believe it was over 25 years of service with the office, to wish her well, and share that with you.
MR. CHAIRMAN: I’m sure, on behalf of all committee members, we’d like to wish her well as well. Please extend that to her. Thank you.
If there are no further comments, we will adjourn briefly, and then we will return as a subcommittee to look at future topics for discussion. Thank you.
[The committee adjourned at 11:10 a.m.]