TELUS EMR Mobile PIA PIA - 08.12... · 2020-05-01 · software and processes in place at the...

TELUS EMR Mobile PIA Privacy Impact Assessment

Table of Contents

PIAs for Clinics ................................................................................................................ 3

Project Summary ............................................................................................................. 4 Data Elements ................................................................................................................. 5

Exposed ....................................................................................................................... 5 Patient Appointments / Calendar ............................................................................... 5 Patient Demographics ............................................................................................... 5

Patient Medical Information ....................................................................................... 5 Patient Encounters .................................................................................................... 5 Patient Search ........................................................................................................... 6 Address Book ............................................................................................................ 6

Collected ...................................................................................................................... 6

Patient Photo ............................................................................................................. 6 Other ......................................................................................................................... 6

Project Information Flow .................................................................................................. 7 KinLogix ....................................................................................................................... 7

Legend ...................................................................................................................... 7 Med Access .................................................................................................................. 8

Legend ...................................................................................................................... 8 PS Suite ....................................................................................................................... 9

Legend ...................................................................................................................... 9 Wolf ............................................................................................................................ 10

Legend .................................................................................................................... 10

Services ..................................................................................................................... 11 Legend .................................................................................................................... 11

Data Access .................................................................................................................. 12

Access Patient Information ......................................................................................... 12 Role based Access to Health Information by clinic staff ............................................. 12

Pairing Workflow ........................................................................................................ 14 Device Security Measures and Safeguards ............................................................... 15 Audit Log .................................................................................................................... 15

Additional information we store in the Mobile Activity Logs ..................................... 15 Information not logged ............................................................................................. 16

Incident and Responses ................................................................................................ 17 Loss of control of the device ....................................................................................... 17

Compromise of Device Credentials ............................................................................ 17 Unauthorized Registration of Device .......................................................................... 17

Verification and Validation ............................................................................................. 18 Appendix ....................................................................................................................... 19

TELUS EMR Mobile Clinic Terms and Conditions...................................................... 19 TELUS EMR Mobile End User Agreement ................................................................. 20 TELUS EMR Mobile Clinic Terms and Conditions (FR) ............................................. 22 TELUS EMR Mobile End User Agreement (FR) ......................................................... 23

PIAs for Clinics Clinics (depending on the province in which they are situated) are responsible for maintaining an up to date Privacy Impact Assessment (PIA) for the combination of software and processes in place at the clinic. TELUS cannot make these updates on behalf of a clinic, as each clinic’s processes and software (including 3rd party software) are unique. Adoption of TELUS EMR Mobile, like any other change to the IT landscape at a clinic, may require an impact to the PIA. The TELUS EMR Mobile team cannot provide any specific advice on completing a clinic PIA. The TELUS EMR Mobile team maintains an internal PIA document for TELUS EMR Mobile that we use to ensure that we are adequately covering security, privacy, and all other software-oriented aspects that could cause a security or privacy breach. The TELUS EMR Mobile team is happy to share this document to aid in the creation of clinic PIAs, however it must be noted that this document may or may not be good enough from a clinic PIA, and does not substitute for a thorough, clinic-specific PIA performed and documented by the clinic.

Project Summary The TELUS Mobile EMR application (“Mobile App”) is a mobile application that allows medical practitioners access to a subset of data in their Electronic Medical Record (“EMR”) system to facilitate activities and care delivery via their smart phone or tablet. This application represents an extension of the EMR system already in production at the clinic and is leveraged only by authorized Medical Practitioner users of the EMR. No sensitive data is ever stored on the device and a secure connection is made with the EMR data. The following EMR applications are currently supported:

• KinLogix EMR

• Med Access EMR

• PS Suite EMR

• Wolf EMR Practitioners frequently need to access information from outside the clinic property. Often the restrictive networks present in hospitals and other medical facilities create barriers to accessing critical patient information required for timely care delivery. By leveraging a cellular or Wi-Fi network securely, authorized TELUS EMR Mobile users (“Users”) can access this critical information when it is required. Additionally, at the point of care, practitioners might require a photograph of a patient condition to augment the patient’s text-based medical chart. The TELUS EMR Mobile app leverages the native camera capabilities of the device to facilitate capturing a photograph and uploading to the patient chart in the EMR. Photographs captured via the Mobile App are not stored on the device, but are uploaded via 256 bit HTTPS/SSL encrypted connection and deleted from the device after upload. Practitioners also require Patient contact information to facilitate required communication with patients. TELUS EMR Mobile users can dial directly from their mobile device to phone numbers stored in the EMR, improving convenience and reducing transcribing errors for dialing. Additionally, practitioners can access Patient addressing information to generate a map or directions to addresses (Patient, Pharmacy or Medical Consultant) stored in the EMR. Custodians are obligated to maintain the privacy and confidentiality of identifying health information to the greatest extent possible, within reason, as part of collecting, using, storing, disclosing, and disposing of said information in the course of providing health services and carrying out duties and responsibilities related to same or as necessitated by obligations under, for example, legislation or professional guidelines.

Data Elements

Exposed The following data elements will be accessible as read-only by the application user.

Patient Appointments / Calendar

o Appointments � Appointment Date � Appointment Time

o Notes associated with the booking (Reason for Visit) o Schedules within the clinic o Provider ID o Service facility / Location

Patient Demographics

o Title o First Name o Last Name o “Goes By” Name o Date of Birth (DOB) o Gender o Language o Contact information

� Phone number(s) � Address

o Chart ID o PHN o Patient Notes

Patient Medical Information

o Active Problems o Current Medications o Allergies o Past Procedures o Risks o Vaccinations o Family History o Personal History

Patient Encounters

o Patient Visit Notes o Consults o Created by User

� Created Date and Time

o Edited by User (if applicable) � Edited Date and Time

o Visit Encounter Date and Time

Patient Search

o Patient Name o PHN o Date of Birth o Gender

Address Book

o Clinic Address Book � This contains contact information for other physicians of different

specialties as well as facility contacts. This includes specialists, pharmacies, nursing homes, etc. This data is maintained by the individual clinic.

Collected The following is the data we collect using the Mobile Application.

Patient Photo

We allow the capture of photographs using the Mobile App that uploads to the patient chart. Photographs captured via the Mobile App are not stored on the device, but are uploaded via 256 bit HTTPS/SSL encrypted connection and deleted from the device after upload.

Other

o Device Hardware information � IMEI � OS � Model � Name

o User specific preferences (saved on Device) � Tutorial viewed (Yes/No) � Connectivity for each paired clinic � Clinic ID � User ID � Clinic security policy (PIN length, inactivity timeout) � Cryptographic Identifier (user_token) which, in concert with

credentials enables access � Which calendar to display � Last scheduled viewed

Project Information Flow The way the Mobile Application connects to the various data sources depends on the EMR the user is paired with.

KinLogix

Mobile AppHTTPS

Firewalls / Load Balancer

KinLogix SQL

Cluster

KinLogix

Unstructured Data

EMR Services

Legend

QIDC = Quebec Data Center HTTPS = HTTP Secure EMR = Electronic Medical Records SQL = Structured Query Language

Med Access

Med Access

Instance

(Local or DC)

Mobile AppHTTPS


EMR Services

CIDC Firewalls / Load Balancer

HTTPS

Legend

CIDC = Calgary Data Center HTTPS = HTTP Secure EMR = Electronic Medical Records SQL = Structured Query Language

PS Suite

PSS Instance

(Local or DC)

Mobile AppHTTPS


EMR Services

SSH Server

QIDC Firewalls / Load Balancer

SSH Tunnel

Legend

QIDC = Quebec Data Center HTTPS = HTTP Secure EMR = Electronic Medical Records SQL = Structured Query Language SSH = Secure Shell

Wolf

Mobile AppHTTPS


Wolf SQL Cluster

Wolf Unstructured

Data

EMR Services

Legend

CIDC = Calgary Data Center HTTPS = HTTP Secure EMR = Electronic Medical Records SQL = Structured Query Language

Services

Mobile App

HTTPS


Admin SQL

Database

EMR Services

EMR

Legend

HTTPS = HTTP Secure EMR = Electronic Medical Records SQL = Structured Query Language

Data Access To pair to TELUS EMR Mobile, users must already have an account created on one of the EMR platforms that we support. The user will only have access to health information maintained in the EMR system they are paired to. Our application respects any data restrictions imposed on the user by the EMR. To activate EMR Mobile on a clinic, a clinic administrator must first accept our Terms and Agreements from the EMR administrative settings. Once complete, this will activate the Mobile Dashboard which allows users to pair their devices.

Access Patient Information This project will: 1) Display information from the clinics EMR, in accordance with EMR security and use

2) this information to make health care decisions

3) Leverage the capabilities of the native device to initiate a phone call to a patient or

provider using the native telephony capabilities of the device

4) Generate a map to an address of patient or provider maintained in the EMR

leveraging the native capabilities of the device

5) Capture a patient photograph and upload it to the EMR to augment text data

captured regarding patient condition

Role based Access to Health Information by clinic staff Users of TELUS EMR Mobile will only have access to health information maintained in the Clinic’s EMR system as required to perform their assigned duties. The following table is an example of these positions and their information access needs. Please note that each clinic may set up their access rights differently.

Position & Job Title

User Role Type of access (Read, Write, Edit)

Description of information this user can access

Receptionist Reception Read/View - all data elements, all patient records; prescriptions Create/Write/Edit – all notes, immunizations and treatments

Demographics, scheduling, visits, tasks, encounter notes

Medical Office Assistant

Administration / Health Professional

Read/View - all data elements, all patient records; prescriptions Create/Write/Edit – all notes, immunizations and treatments

Demographics, scheduling, visits, tasks, encounter notes

Clinic Manager

Administration

Read/View - All medical data is hidden; all other data is viewable Create/Write/Edit - Messages only Access to billing

Demographics, scheduling, visits and tasks, reports, billing System access management

Physicians Doctor Read/View - all data elements, and all patient records Create/Write/Edit – all including prescriptions

Clinical care information – notes, labs/ DI, allergies, immunizations, referrals, billing System access management

POS Vendor Helpdesk / Technical Support

Help Desk Support

Read/View – same as user they are assisting (remote control their session) Create/Write/Edit – same as user they are assisting (remote control their session)

(see above user roles)

Pairing Workflow

Device Security Measures and Safeguards We have implemented several measures to mitigate risk if a user was to have their device misplaced or compromised.

• PINs can be set on the administrative dashboard to be either 4 or 6 digit PINs.

• The Mobile app will lock after 5 unsuccessful login attempts o One must login to the EMR to reset their PIN if this happens

• Our App inherently forces users to have 2 factor authentication (must have the registered device & know the PIN).

• Our App will timeout if the user is inactive for 2 minutes and return to the login page.

• Devices can be deactivated or unpaired from the EMR administrative dashboard.

• Administrators can review all devices paired from the dashboard and deactivate them if necessary

Audit Log TELUS EMR Mobile writes an audit trail using each EMR’s built-in audit log. We track the following events:

• Login • Access to Patient Chart

• Photo Uploads For each event, we track:

• Time

• User

• Device

• Patient (if applicable)

Additional information we store in the Mobile Activity Logs

In addition to the events we store in the EMR audit logs, we also log the following in our Mobile Activity Logs.

• Device o Carrier

This information is not available to the end user, but can be available upon request.

Information not logged

The following is information is accessible through the TELUS EMR Mobile app that we do not log. Please note that the user must be logged in to access these features.

Part of Application Data Accessed

Home • Patient Last Name

• Patient First Initial

• Patient Appointment Type

• Patient Appointment Time • Patient Arrival Status

Patient Search • Patient Name

• DOB / Age

• PHN • Gender

Calendar • Patient Last Name

• Patient First Initial

• Patient Gender • Patient Appointment Type

• Patient Appointment Time

• Clinic Calendars

Address Book • This accesses the clinic’s address book which may contain

o Doctors Names o Doctors Clinic Phone o Doctors Clinic Address o Other facilities

� Pharmacies � Nursing homes � Etc.

Incident and Responses

Loss of control of the device As access to EMR Mobile is constrained to registered devices, loss of control of a registered device should create a trigger to investigate further with the following workflow: If a user loses control of their device, they must immediately:

• Log into the EMR and deregister their device

• Contact the Clinic Administrator to conduct a review of the System Audit Logs to determine if information has been accessed by the mobile device during the period when the user lost control of the device before it was deregistered

Compromise of Device Credentials If a user is concerned that their credentials have been compromised, they will need to consider whether their device has been outside of their control for any period. If so, please see ‘Loss of control of the device’ and follow that workflow.

Unauthorized Registration of Device All devices registered for use with the EMR must be approved in advance by clinic administrators. Clinic administrators will be notified by the system when new devices are registered. If the device was not approved in advance, the clinic administrator may log into the EMR and review that the device is appropriately registered. If the Clinic System Administrator finds a device has been inappropriately registered, they may review the system audit logs to ensure no personal health information has been accessed inappropriately.

Verification and Validation TELUS EMR Mobile has undergone several internal security audits. In 2014, there was an internal audit held reviewing the authentication and authorization of all web service calls. Prior to that, there have been Fortify code scans done on the services codebase. Most recently, a security audit was completed in July 2016 by the TELUS Security Solutions team to determine if our Mobile EMR web services had any security weaknesses or misconfigurations which could be used to gain access to any sensitive information. Their assessment found that the application was well secured with only one low risk issue discovered. This issue has since been fixed.

Appendix

TELUS EMR Mobile Clinic Terms and Conditions

TELUS EMR MOBILE CLINIC TERMS AND CONDITIONS

Clinic is to activate the TELUS EMR Mobile functionality (“EMR Mobile”) within a

TELUS Electronic Medical Records Solution (the “Solution”). EMR Mobile is governed

by the same terms and conditions as the ones contained in the contract applicable to

the Solution (the “Contract”), subject to the variations and precisions set out herein. By

clicking the “Accept” button below, you represent that you have been authorized by all

parties to the Contract (collectively, “you”) to accept on their behalf the following terms

and conditions. If you have any questions or comments regarding the following terms

and conditions, please contact TELUS EMR Technical Assistance Centre.

EMR Mobile is offered to you without additional charges but is subject to your full

compliance with the Contract, including any payment obligations contained therein.

TELUS reserves the right to discontinue EMR Mobile at any time by giving you a thirty

(30) days prior written notice. EMR Mobile must not be activated for or used by users who

are not authorized users of the Solution and must immediately be uninstalled when a user

ceases to be an authorized user of the Solution.

EMR Mobile is not designed or intended to be used, directly or indirectly, as a medical

device. EMR Mobile is offered for the convenience of its users to access a portion of the

information contained in the Solution. Users should use the desktop / laptop portion of the

Solution when circumstances require to review information that is not accessible through

EMR Mobile, such as when recommending a treatment. Make sure that all users are

aware of such limitations and the content of these terms and conditions.

You are responsible for immediately deactivating any lost or stolen device on which EMR

Mobile is installed. If you need assistance in deactivating a device, contact TELUS EMR

Technical Assistance Centre.

TELUS support obligations set out in the Contract do not extend to the devices (for

example, tablets, handsets) used by users to access the EMR Mobile, even if such

devices were sold to you by TELUS or one of its affiliates. All service levels and penalties

contained in the Contract, if any, do not apply to EMR Mobile.

TELUS EMR Mobile End User Agreement You are about to have access to the TELUS EMR Mobile application (“EMR Mobile”), which connects to your TELUS Electronic Medical Records Solution (the “Solution”), be it: Wolf EMR, PS Suite EMR, Kinlogix EMR, or Med Access EMR. The following describes terms and conditions that are applicable to the use and access of EMR Mobile. By clicking the “Accept” button below, you confirm your acceptance with the following terms and conditions. If you have any questions or comments regarding the following terms and conditions, please contact the TELUS Technical Assistance Centre that supports your Solution at the number below. Kinlogix EMR: 1-855-880-9589 Med Access EMR: 1-888-781-5553 Opt.4 PS Suite EMR: 1-800-265-8175 Opt.1 Wolf EMR: 1-866-879-9653 Opt. 1 To install and use EMR Mobile, you must be an authorized user of the Solution. If you cease to be an authorized user of the Solution, you must immediately uninstall EMR Mobile. TELUS reserves the right to discontinue EMR Mobile at any time by giving you a thirty (30) days prior written notice. EMR Mobile is not designed or intended to be used, directly or indirectly, as a medical device. EMR Mobile is offered for your convenience to access a portion of the information contained in the Solution. You should use the desktop/laptop portion of the Solution when circumstances require to review information that is not accessible through EMR Mobile, such as when gathering information to recommend a treatment. Do not install EMR Mobile on a device that you share with a third party, colleague or family member. EMR Mobile will request you to re-authenticate after a short period of inactivity. You are responsible for maintaining the confidentiality of your authentication credentials at all times. You are responsible for immediately reporting to your EMR administrator any lost or stolen device for immediate deactivation. You are responsible for complying with all applicable laws, by-laws and regulations that apply to your use of EMR Mobile, including laws related to privacy, health information, and the practice of medicine. EMR Mobile allows you to capture photos and upload them in the Solution. Before photographing patient identifiable images, please ensure you have captured appropriate consent. If you experience difficulties or require information regarding your use of EMR Mobile or the contract applicable to the Solution, please contact your EMR/Clinic administrator. Your use and access of EMR Mobile are made “as is”, without any additional warranty, support or representations. TELUS shall not be liable for any direct, indirect, consequential, punitive or exemplary damages in connection with EMR Mobile. Notwithstanding the foregoing, TELUS’ entire and cumulative liability in connection with EMR Mobile shall not exceed an amount of $1000 CAD. TELUS support obligations

applicable to the rest of the Solution do not extend to the devices (for example, tablets, handsets) used to access EMR Mobile, even if such devices were sold by TELUS or one of its affiliates. All service levels and penalties applicable to the rest of the Solution, if any, do not apply to EMR Mobile. While you have downloaded EMR Mobile from the Apple App Store, you understand and agree that Apple is not a party to hereto and has no liability hereunder or in connection with EMR Mobile. To the extent applicable, Apple may be a third party beneficiary to the above terms and conditions.

TELUS EMR Mobile Clinic Terms and Conditions (FR)

CONDITIONS D’UTILISATION du DME Mobile - CLINIQUES

Vous êtes sur le point d’activer la fonctionnalité TELUS DME Mobile (« DME Mobile»)

dans votre solution de dossier médical électronique KinLogix (la « Solution »). Le DME

Mobile est régi par les mêmes conditions que celles décrites dans le contrat applicable à

la Solution (le « Contrat »), mis à part les modifications et précisions énoncées aux

présentes. En cliquant sur le bouton d’acceptation ci-dessous, vous déclarez que vous

avez été autorisé par toutes les parties au Contrat (collectivement « vous ») à accepter

en leur nom les conditions suivantes. Si vous avez des questions ou des commentaires

portant sur ces conditions, appelez le centre d’assistance technique du DME KinLogix.

L’utilisation du DME Mobile vous est offerte sans frais supplémentaires, mais est

conditionnelle à votre plein respect du Contrat, notamment des obligations de paiement

qu’il mentionne. TELUS se réserve le droit d’interrompre le service DME Mobile en tout

temps, sur avis écrit de trente (30) jours. L’application DME Mobile ne doit pas être

activée pour des personnes autres que des utilisateurs autorisés de la Solution ni utilisée

par de telles personnes. Elle doit être immédiatement désactivée dès qu’un utilisateur

cesse d’être un utilisateur autorisé de la Solution.

Le DME Mobile n’est pas prévu ni conçu pour être utilisé, directement ni indirectement,

comme un instrument médical. Le DME Mobile est offert à ses utilisateurs afin de leur

permettre d’accéder à une partie du contenu de la Solution. Les utilisateurs doivent

utiliser un ordinateur de bureau ou un ordinateur portable pour accéder à la Solution

lorsque les circonstances exigent qu’ils consultent la partie de celle-ci qui n’est pas

accessible par l’intermédiaire du DME Mobile, par exemple, lorsqu’ils doivent

recommander un traitement. Assurez-vous que tous les utilisateurs sont au fait de telles

limitations et du contenu des présentes.

Vous êtes responsable de désactiver immédiatement tout appareil perdu ou volé sur

lequel DME Mobile est installé. Si vous avez besoin d’aide pour désactiver un appareil,

communiquez avec le centre d’assistance aux utilisateurs de DME de TELUS.

Les obligations de TELUS énoncées dans le Contrat relativement au soutien ne

s’étendent pas aux appareils (par exemple, les tablettes ou les téléphones) utilisés pour

accéder à DME Mobile, même si de tels appareils vous ont été vendus par TELUS ou

une de ses sociétés affiliées. L’ensemble des niveaux de service et des pénalités

énoncés dans le Contrat, le cas échéant, ne s’appliquent pas au DME Mobile.

TELUS EMR Mobile End User Agreement (FR)

Vous êtes sur le point d’accéder à l’application TELUS DME Mobile (« DME Mobile »), laquelle se connecte à votre solution de dossier médical électronique TELUS (la « Solution »), soit : Wolf DME, Suite SC DME, KinLogix DME ou Med Access DME. Les présentes décrivent les conditions applicables à l’accès au DME Mobile et à son utilisation. En cliquant sur le bouton d’acceptation ci-dessous, vous confirmez que vous acceptez les conditions suivantes. Si vous avez des questions ou des commentaires portant sur ces conditions, appelez le centre d’assistance technique TELUS qui prend en charge votre Solution au numéro suivant : Kinlogix DME: 1-855-880-9589 Med Access DME: 1-888-781-5553, option 4 PS Suite DME: 1-800-265-8175, option 1 Wolf DME: 1-866-879-9653, option 1 Pour installer et utiliser le DME Mobile, vous devez être un utilisateur autorisé de la Solution. Si vous cessez de l’être, vous devez immédiatement désinstaller le DME Mobile. TELUS se réserve le droit d’interrompre le service DME Mobile en tout temps, sur avis écrit de trente (30) jours. Le DME Mobile n’est pas prévu ni conçu pour être utilisé, directement ni indirectement, comme un instrument médical. Le DME Mobile vous est offert afin de vous permettre d’accéder à une partie du contenu de la Solution. Vous devez utiliser un ordinateur de bureau ou un ordinateur portable pour accéder à la Solution lorsque les circonstances exigent que vous consultiez la partie de celle-ci qui n’est pas accessible par l’intermédiaire du DME Mobile, par exemple, lorsque vous devez récupérer des renseignements afin de recommander un traitement. N’installez pas le DME Mobile sur un appareil que vous partagez avec un tiers, un collègue ou un membre de votre famille. Le DME Mobile vous demandera de vous authentifier de nouveau après une courte période d’inactivité. Vous êtes responsable de protéger la confidentialité de vos authentifiants en tout temps. Vous êtes responsable de signaler immédiatement toute perte ou tout vol d’appareil à l’administrateur de votre DME aux fins de désactivation immédiate. Vous êtes responsable de respecter l’ensemble des lois et des règlements applicables à l’utilisation du DME Mobile, notamment les lois relatives à la confidentialité, aux renseignements médicaux et à la pratique de la médecine. Le DME Mobile vous permet de capturer des photos et de les charger dans la Solution. Avant de prendre des photos sur lesquelles il est possible d’identifier un patient, assurez-vous d’avoir obtenu le consentement de ce dernier. Si vous éprouvez des difficultés ou avez besoin de renseignements relatifs à l’utilisation du DME Mobile ou au contrat applicable à la Solution, communiquez avec l’administrateur de votre clinique ou de votre DME. L’accès au DME Mobile et son

utilisation sont offerts « tels quels », sans garantie, ni soutien, ni déclaration supplémentaires de quelque type que ce soit. TELUS ne pourra en aucun cas être tenue responsable de dommages directs, indirects, consécutifs, punitifs ou exemplaires en relation avec le DME Mobile. Nonobstant ce qui précède, la responsabilité entière et cumulative de TELUS en relation avec le DME Mobile ne peut dépasser un montant de 1000 $ CAN. Les obligations de TELUS relatives au soutien qu’elle apporte pour le reste de la Solution ne s’étendent pas aux appareils (par exemple, les tablettes ou les téléphones) utilisés pour accéder au DME Mobile, même si de tels appareils ont été vendus par TELUS ou une de ses sociétés affiliées. L’ensemble des niveaux de service et des pénalités applicables au reste de la Solution, le cas échéant, ne s’appliquent pas au DME Mobile. Même si vous avez téléchargé le DME Mobile sur la boutique App Store d’Apple, vous comprenez et acceptez le fait qu’Apple ne constitue pas une partie aux présentes et n’a aucune responsabilité en vertu des présentes ni à l’égard du DME Mobile. Dans la mesure applicable, Apple peut être un tiers bénéficiaire des conditions précitées.

TELUS EMR Mobile PIA PIA - 08.12... · 2020-05-01 · software and processes in place at the...

Documents

Transcript of TELUS EMR Mobile PIA PIA - 08.12... · 2020-05-01 · software and processes in place at the...