Intracompany Data Access Audit
WORKING DRAFT — Not yet verified with end-users
Inventory of software systems through which NACS (parent/consultant entity) personnel can access subsidiary facility data, including patient data, census data, financial data, and employee records.
Entities In Scope
North American Client Services Inc. (NACS)
NAHS North, Inc.
NAHS Holding, Inc.
All subsidiary facility LLCs/Inc.
Data Classification Legend
Patient / PHI
Census
Financial
Employee / HR
Operational
Loading verification progress...
Tier 1 — Critical: Patient / PHI Access
PCC Suite
System Owner: Rogi Poblete
PointClickCare — Point of Care, ChartPic, Skin & Wound, Secure Conversations. Primary EHR platform across facilities. Contains full patient records, clinical documentation, wound assessments, and care plans.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| VP of Clinical Services | Multi-facility clinical dashboards, patient records | |
| VP Risk Management | Incident reports, clinical risk data | |
| CQI Services / CQI Surveyor | Quality metrics, survey readiness, compliance data | |
| Chief Regulatory Officer | Regulatory compliance dashboards | |
| Clinical Project Specialist | Clinical project data across facilities | |
| EHRSMRA | EHR administration, system-level access |
PCC is the highest-risk system. Access is role-based within PCC itself, but we need to confirm which NACS corporate accounts exist, what facility-level data they can see, and whether any have org-wide admin. Confirm with Rogi Poblete.
CareTracker
System Owner: Rogi Poblete
Oracle CareTracker. Legacy — Records Only. No longer in active clinical use. Retained for historical records and data retention compliance.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| VP of Clinical Services | Legacy — records access only | |
| VP Reimbursement | Legacy — records access only |
CareTracker is no longer in active clinical use but is retained for historical patient data and data retention compliance. Legal should confirm retention obligations and whether active accounts still exist.
NetHealth Therapy
System Owner: Sheri Masuda
Therapy/rehab management software. Facility scope: All. Contains patient therapy records, treatment plans, and rehab documentation.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| VP Rehabilitation | Multi-facility rehab dashboards, patient therapy data |
Confirm with Sheri Masuda which NACS roles have accounts and what level of patient-identifiable data is visible at the corporate level.
Waystar
System Owner: Joelle Moore
Revenue cycle management / clearinghouse. Handles claims, billing, and reimbursement data which includes patient identifiers tied to billing.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| VP Reimbursement | Claims data, billing across facilities | |
| Patient Services Consultants | Claims processing, patient billing | |
| AR Consultants | Accounts receivable tied to patient billing |
PC Ace
System Owner: Joelle Moore
Medical billing software. Contains patient identifiers in the context of Medicare/Medicaid billing.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| VP Reimbursement | Billing data across facilities | |
| Patient Services Consultants | Billing entry / review |
Tier 2 — High: Financial & HR Data
Dynamics Great Plains
System Owner: Marc Johnson / Jon Andrews
Core ERP / accounting system (includes Management Reporter and Integration Manager). Facility scope: All. Financial data for all subsidiary entities flows through GP. EOL approaching — likely migrating to NetSuite.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Controller | Full financial data, all entities | |
| Treasurer | Treasury / cash management, all entities | |
| SR Accountant | General ledger, journal entries | |
| Accounting Specialist | Transactional accounting data | |
| Treasury Analyst | Cash flow, banking data | |
| Director AP | Accounts payable across entities | |
| AP Assistant | Invoice processing |
GP likely has the widest financial cross-entity visibility of any system. If migrating to NetSuite, the same access mapping exercise will need to be done there. Greenshades (1099 processing) is a GP add-on and also touches financial data across entities.
Blackline
System Owner: Marc Johnson
Financial close management. Used to reconcile accounts across entities during month-end close.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Controller | Full reconciliation data | |
| SR Accountant | Account reconciliation |
UKG Pro
System Owner: TBD
Human capital management — payroll, benefits, HR records. Facility scope: All entities. Contains employee SSNs, compensation, disciplinary records, benefits elections.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Payroll Manager | Payroll data, all entities | |
| Payroll Specialist | Payroll processing | |
| Payroll Associate | Payroll processing | |
| Human Resources Director | Employee records, all facilities | |
| Benefits Manager | Benefits enrollment data, all facilities | |
| Workers Comp Manager | Workers comp claims, all facilities |
UKG is the most sensitive HR system. Need to confirm system owner and whether facility-level data segregation exists within UKG or if NACS roles see everything.
ADP
System Owner: Sheila Pelletier
Payroll, timekeeping, HRIS. Facility scope: All. May overlap with or feed into UKG — confirm whether both are active and how data flows between them.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Payroll Manager | Payroll across all entities | |
| Human Resources Director | HRIS data, all facilities |
Emburse
System Owner: Nancy Le
Expense management / reimbursement. Contains employee expense data and approvals across entities.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Controller | Expense approvals, all entities | |
| Director AP | Expense processing |
Empyrean
System Owner: Laura Prince
Benefits administration. Facility scope: All. Employee benefits elections, dependent info, life events.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Benefits Manager | Benefits data, all facilities | |
| Human Resources Director | HR benefits oversight |
Thomas & Company
System Owner: Sheila Pelletier
Unemployment claims and EDD hearing notifications. Facility scope: All. Contains employee termination and claims data.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Workers Comp Manager | Claims data, all facilities | |
| Human Resources Director | Employment disputes, all facilities |
Lease Query
System Owner: Marc Johnson
Lease management. Contains lease terms, financials, and obligations for facility properties across entities.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Controller | Lease financials, all entities | |
| Treasurer | Lease obligations |
Tier 3 — Moderate: Operational & Shared Infrastructure
ShareFile
System Owner: Mark Walton
HIPAA-compliant file transfer and storage. Facility scope: All. Could contain any type of data depending on what users upload — financial reports, HR documents, or even patient-related files.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Treasurer | Financial document sharing | |
| General Counsel | Legal documents |
ShareFile is a wildcard. It's HIPAA-compliant by design, but the data inside depends entirely on user behavior and folder permissions. Needs a folder-level access audit.
Google Workspace
System Owner: Anthony Trujillo / Geremia Doan
Productivity suite (Drive, Gmail, Sheets, Meet, Chat). Classified as operational, but may contain financial or HR data depending on user sharing behavior — requires folder-level audit.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| All NACS roles | Varies by sharing permissions — no centralized access control |
Google Workspace audit tool already exists on NorthPoint (/software/google-workspace-audit/). Use it to identify which NACS accounts have access to shared drives containing facility data.
DocLink
System Owner: Whitney Raiford
Document management. Stores AP invoices, contracts, and financial documents linked to GP.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Controller | Financial documents | |
| Director AP | Invoice documents |
Relias
System Owner: Sheila Pelletier / Anthony Trujillo
Healthcare training and compliance education. Contains training completion records and compliance status for employees across all facilities.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Human Resources Director | Training compliance, all facilities | |
| CQI Services | Compliance training status |
Active Directory
System Owner: Tom Jarrell
Microsoft Active Directory / Group Policy. Directory services and policy management. Contains all domain user accounts, group memberships, and network access permissions across facilities.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Regional Director of IT | Domain admin, all facilities | |
| Network Admin | Network/user management | |
| Database Admin | Server/data access | |
| Help Desk | User account management |
AD is the backbone of network access. NACS IT staff with domain admin privileges can access any facility server, file share, or application that uses AD authentication.
NinjaOne
System Owner: Anthony Trujillo
IT endpoint management and remote access. Can see all managed devices across facilities and remotely access them.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Regional Director of IT | All endpoints, all facilities | |
| Network Admin | Endpoint management | |
| Help Desk | Remote support access |
Remote access tools like NinjaOne provide indirect access to any data on managed endpoints. If a facility workstation has patient data open, remote access = PHI exposure.
Ubiquiti Protect
System Owner: Anthony Trujillo / Geremia Doan
Security camera system. Contains video surveillance footage from facility premises.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Regional Director of IT | Camera feeds, all facilities | |
| Exec Dir Physical Plant Services | Facility cameras |
Video surveillance in healthcare facilities can capture patient identifiable information. Camera access should be documented in the context of HIPAA physical safeguards.
SentinelOne / Coronet
System Owner: Geremia Doan / Francis Ferma
Cybersecurity / endpoint protection. Management consoles provide visibility into all protected endpoints and security events across facilities.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Regional Director of IT | Security dashboards, all facilities | |
| Network Admin | Endpoint security events |
Tier 4 — Low: Benefits Platforms & Misc
Empower / Payflex / ESOP / M Benefit
Owners: Mark Walton, Laura Prince, Sheila Pelletier, Monique Nguyen
Benefits platforms. Facility scope: All. Employee financial/benefits data. Typically admin portals are restricted to specific HR/finance roles.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Treasurer | Plan-level financial data | |
| Benefits Manager | Employee enrollment data |
Indeed
System Owner: Sheila Pelletier
Recruiting platform. Contains applicant data, job postings across facilities.
| NACS Role/Title | Access Level | Verified |
|---|---|---|
| Human Resources Director | Job postings, applicants | |
| Regional Marketing Director | Recruitment marketing |
Next Steps
1. Verify with system owners. Each system owner listed above needs to confirm: which NACS-titled accounts exist, what facility-level data those accounts can access, and whether any org-wide admin accounts exist.
2. Confirm entity boundaries. For each system, determine whether data is segregated by subsidiary entity or if NACS roles see a unified view across all entities.
3. Review Business Associate Agreements (BAAs). For systems containing PHI (Tier 1), confirm BAAs are in place with each vendor.
4. Audit ShareFile and Google Drive. These are unstructured storage — folder-level permission audits are needed to determine actual data exposure.
5. Document IT remote access. NinjaOne, AD admin, and remote desktop access provide indirect PHI access. Legal should determine if this requires specific documentation.
6. Establish ongoing controls. Work with legal to define access review cadence, onboarding/offboarding procedures for cross-entity access, and a formal data access policy.
2. Confirm entity boundaries. For each system, determine whether data is segregated by subsidiary entity or if NACS roles see a unified view across all entities.
3. Review Business Associate Agreements (BAAs). For systems containing PHI (Tier 1), confirm BAAs are in place with each vendor.
4. Audit ShareFile and Google Drive. These are unstructured storage — folder-level permission audits are needed to determine actual data exposure.
5. Document IT remote access. NinjaOne, AD admin, and remote desktop access provide indirect PHI access. Legal should determine if this requires specific documentation.
6. Establish ongoing controls. Work with legal to define access review cadence, onboarding/offboarding procedures for cross-entity access, and a formal data access policy.
Loading...
Loading matrix...