How to Manage a Privacy Breach with Confidence

Posted on January 12, 2021 by Jean Eaton in Blog, Services, Training, Upcoming events/workshops No Comments

How to Manage a Privacy Breach with Confidence

The new mandatory privacy breach notification provisions to the Health Information Act (HIA) takes effect on August 31, 2018.

Custodians will be required to notify the Office of the Information and Privacy Commissioner (OIPC) and the Minister of Health, privacy breaches with risk of harm.

If you haven’t updated your privacy breach management policy, trained your staff, and prepared your reporting procedures yet, let me help you with done-for you templates and training!

If you're a healthcare practice manager, owner or privacy officer who really needs to know how to respond to a privacy breach but doesn't have a step-by-step plan ready to implement, then here's the answer you've been looking for…

Introducing the “4 Step Response Plan” on-line education with quick and helpful content so that you will properly manage a privacy breach. This is critical to the continued success of your business.

Privacy Incidents Happen!

60% of small and medium business owners go out of business within 6 months after a privacy and security breach. Patients, clients, employees and business partners trust you to keep their private and sensitive information confidential and secure.

Mandatory privacy breach reporting is quickly becoming a legislated requirement – and many businesses are not prepared!

Not recognizing and not notifying a privacy breach quickly and properly could result in fines and even jail time for the business, healthcare provider, employee, or vendor!

Learn NOW how to respond a privacy breach – Don’t get caught scrambling when a privacy breach happens.

The biggest mistake in managing a privacy breach is not recognizing the privacy breach.

The second biggest mistake is not knowing what to do about it.

Many healthcare practice managers, owners and privacy officers can’t get past the idea that simply hoping that you won’t have a privacy breach is not a good business strategy!

But nothing could be further from the truth!

What people are saying about the ‘4 Step Response Plan’

Well it happened! We recently had a privacy breach. It was an ‘oops’ but never the less a privacy breach. I had started the 4 Step Response Plan – Prevent Privacy Breach Pain but thought I had time to go through it. Unfortunately not. Your course has been a godsend with all the information and forms that I need to work through this privacy breach and notifying process. Nancy D

Results Oriented Learning

The 4 Step Response Plan will help you with prevent privacy breach pain and give you the tips, templates, training, and tools that you can use right away to prepare your privacy breach response plan:

Learn to

Recognize a privacy breach.
Understand why a privacy breach is a significant problem.
Understand the cost of a privacy breach and why you need to be prepared now.
Use the 4 Step Response Plan to develop a privacy breach management plan.
Prevent a privacy breach from happening again.

… and much, MUCH more!

When you have a privacy breach you must recognize the breach, contain it, notify the affected individuals, and prevent it from happening again. When you have this plan you will have confidence that you have identified and managed your areas of risk and dramatically reduce the risk of a privacy breach. Your staff will recognize a privacy breach early and respond quickly. You will manage the breach with minimum of risk to your patients, clients, and your practice.

In the world of privacy breaches ‘If’ has become ‘When’. Will you be ready?

The 4 Step Response Plan includes

6 interactive lessons
60 minute training webinar
Video introduction to each lesson
Template policies and procedure NEW! Updated Privacy Breach Management Policy
Scenarios and examples
Downloadable resources, checklists and templates New! Privacy Breach Reporting Form to make it easy for you to meet your notification requirements.

BONUS – Discussion Group (not Facebook!)

Exclusive to registered participants – collaboration with others to help you solve problems and Jean will be there to answer your questions and encourage your progress.

BONUS – Q&A With Jean

Monthly incident response training using recent real-world reported privacy breaches and mentoring with live Q&A with Jean to help you overcome obstacles so that you can get your privacy breach management plan finished!

BONUS – Privacy Breach Awareness Training for YOUR Employee’s Orientation

Video (8 min) – “Can You Spot the Privacy Breach?”
Learning Resources Guide to download
Post Test
Certificates of Completion

This on-line education program may be eligible for Continuing Professional Development credits with your professional association.

Self-paced And Self-learning – All Lessons Are Available Right Away – No Waiting To Get The Content That You Need Most!

Get Started Right Now!

Not having your privacy breach management policies and procedures in place will

make it harder to respond to a privacy breach
mis steps – opens you up to fines, sanctions, and re-work that will cost you time and money
blind-sided by mandatory privacy breach reporting requirements

So if you’re a privacy officer, practice managers, healthcare providers, or a clinic manager who needs to know how to respond to a privacy breach but doesn't have a step-by-step plan ready to implement you need to act on this right now.

When you have your privacy breach response plan in place you will have confidence that you are prepared to respond to the breach with confidence.

Get the step-by-step help to customize your policies and training and

You will save time and save money.
Your staff will recognize a privacy breach early and respond quickly.
You will respond to the breach with a minimum of risk to your patients, clients, and your practice.

Click the Button Below to Get Started Right Away!

You will be re-directed to Stripe to make your purchase by credit card or debit.
Your receipt will indicate payment has been made to Information Managers Ltd.
Your confirmation and receipt will be provided to the email address that you complete your registration.
Use your best email address – you don't want to miss access to all the resources!

What people are saying about the ‘4 Step Response Plan’

Jean L. Eaton Your Practical Privacy Coach

Jean L. Eaton, BA. Admin (Healthcare) CHIM, CC is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal information, particularly in primary health care settings.

Jean provides solutions that are practical and effective for today’s healthcare providers so they can implement privacy by design and best practices to protect privacy, confidentiality, security of personal information.

Jean specializes in making practical recommendations for 1000’s of independent health care providers and comply with privacy legislation while improving efficiency in their practice management. Jean is a consultant and speaker on the topic of privacy breach management, including ‘virtual privacy officer’ on demand.

She is the privacy awareness training facilitator to hundreds of medical clinics and healthcare practices and organizations that support independent healthcare businesses and privacy officers across Canada and the US. With over twenty years of experience, I have the knowledge and tools to help your business improve your information privacy practices.

I’m delighted to share this with you now in this course.

So go ahead, click the order button right now and you're well on your way to privacy breach management plan success!

Here Is My Personal Guarantee

Email Jean with your questions.

Jean L. Eaton is the host of the Privacy, Confidentiality and Security Workshops for Your Healthcare Practice © series.

4 Step Response Plan, incident response, online education, prevent privacy breach pain, privacy breach, privacy officer training, training

Worrying About How To Respond To A Privacy Breach?

Posted on January 4, 2021 by Jean Eaton in Blog

Confidently Respond to a Privacy Breach…You'll Sleep Better at Night!

Privacy incidents happen!

60% of small and medium business owners go out of business within 6 months after a privacy and security breach. Patients, clients, employees and business partners trust you to keep their private and sensitive information confidential and secure.

Properly managing a privacy breach is critical to the continued success of your business.

Mandatory privacy breach reporting is quickly becoming a legislated requirement – and many businesses are not prepared!

Not recognizing and not notifying a privacy breach quickly and properly could result in fines and even jail time for the business, healthcare provider, employee, or vendor!

Learn NOW how to respond a privacy breach – Don’t get caught scrambling when a privacy breach happens.

The biggest mistake in managing a privacy breach is not recognizing the privacy breach.

The second biggest mistake is not knowing what to do about it.

Many healthcare practice managers, owners and privacy officers can't get past the idea that simply hoping that you won't have a privacy breach is not a good business strategy!

But nothing could be further from the truth!

If you want to confidently and properly manage a privacy breach but you don’t have a step-by-step action plan ready to implement, here's the solution you've been looking for… Your Practical Privacy Coach has prepared this FREE 60 minute webinar to introduce you to the 4 Step Response Plan.

Join us on Thursday, January 14th, 2021

12 Noon MT

Worried About How To Respond To A Privacy Breach?

Register for Your FREE LIVE Workshop

When you have a privacy breach you must recognize the breach, contain it, notify the affected individuals, and prevent it from happening again. When you have this plan you will have confidence that you have identified and managed your areas of risk and dramatically reduce the risk of a privacy breach. Your staff will recognize a privacy breach early and respond quickly. You will manage the breach with minimum of risk to your patients, clients, and your practice.

Learn to

Recognize a privacy breach
Understand why a privacy breach is a significant problem
Understand the cost of a privacy breach and why you need to be prepared now
Introduce you to the 4 Step Response Plan
Prevent a privacy breach from happening again

… and much, MUCH more!

If you are a privacy officer, practice manager, healthcare provider, or a clinic manager who wants to confidently and properly manage a privacy breach, then this webinar is for you!

In the world of privacy breaches ‘If' has become ‘When'. Will you be ready?

If you want to confidently and properly manage a privacy breach, join us for the webinar.

This Webinar Includes:

Live webinar
Q&A with Jean Eaton, Your Practical Privacy Coach when you join the webinar live
Access to the replay for a limited time
PDF cheat sheets
Infographic – 4 Step Response Plan
BONUS – Privacy Breach Awareness Training for YOUR employee's orientation. Includes Video – “Can You Spot the Privacy Breach?”, Learning Guide, Post Test, and Certificates of Completion

This webinar may be eligible for Continuing Professional Development credits with your professional association.

Get Started Right Now!

So if you're a privacy officer, practice manager, healthcare provider, or a clinic manager who wants to be confident and prepared to successfully respond to a privacy breach you need to act on this right now.

Your staff will recognize a privacy breach early and respond quickly.
You will respond to the breach with a minimum of risk to your patients, clients, and your practice.
When you have this plan you will have confidence that you have identified and managed your areas of risk and dramatically reduce the risk of a privacy breach.

What people are saying about the ‘4 Step Response Plan'

“I like the common sense approach to privacy…this isn't rocket science

but sometimes we, as professionals, need to be reminded of the fundamentals of our jobs.

This was very helpful in that regard.”

“Very practical information to start a privacy policy/procedure.”

“Excellent presentation.”

“Useful examples and excellent delivery.”

“Great presenter. Well spoken and full of knowledge.”

Jean L. Eaton, BA. Admin (Healthcare), CHIM, CC is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal information, particularly in primary health care settings.

So go ahead, register right now before it is too late!

We're Proud To Be Data Privacy Day Champions!

Respecting privacy is a smart strategy for inspiring trust and enhancing reputation and growth in your business.

When you know how to recognize a privacy breach, know how to prevent a privacy breach, and you are prepared to respond quickly to a privacy breach, you are protecting your practice and your patients' health information.

#PrivacyAware, Health Information Act, mandatory privacy breach reporting, prevent a privacy breach, privacy breach, respond to a privacy breach

Do You Use Employee Privacy and Security Policy and Procedure Checklist Templates?

Posted on December 21, 2020 by Jean Eaton in Blog

Why Do You Need Policy and Procedure Checklists for Onboarding and Exiting Employees?

There is much excitement when we welcome a new hire to our team and there are many administrative tasks that need to take place to get this individual up and running. An employee policy and procedure checklist will help!

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed to protect patient privacy as required by our professional colleges and privacy legislation. Otherwise, you face all sorts of risks, including privacy breaches and other legal problems.

To ensure that onboarding a new employee is a smooth transition, it is imperative to follow a practical checklist procedure to make sure no important steps are missed. There are also many other managerial benefits to adopting this high-quality process:

Better job performance and satisfaction
Greater commitment to protecting privacy in the organization
Reduced stress and better staff retention

Employee Privacy and Security Policy and Procedure Checklist

Policies and procedures are reasonable safeguards to protect the personal and health information entrusted to us. But polices and good intentions alone are not enough; we also need to take action to ensure our policies are understood and are being followed by all our employees.

Training new and existing staff on privacy and security best practices is instrumental in making your healthcare practice a success and maintaining its fine reputation. Following a systematic approach to welcoming a new employee, transitioning an existing employee into a new position, or offboarding an employee who is exiting will guarantee that valuable privacy and security training and accesses are completed.

Read this Privacy Breach Nugget that explains what can happen if you don’t have these good practices in place. Do You Know Where Your Policies And Procedures Are?

New Employee Orientation / Onboarding

New employees are a welcome addition to any team and there is a vast amount of training that needs to take place from general procedures on how to handle phone calls to signing confidentiality oaths to becoming familiar with all policies and procedures, in addition to learning the everyday job duties for their own position.

Since privacy is good for business, we do not want to miss any important opportunities to train our new staff on privacy and security best practices. Using the Employee Privacy and Security Checklist will help facilitate training discussions and document the authorized accesses of each employee.

Existing Employees / Annual Review

The checklist will also act as a tool for each employee at their performance review. Provide positive feedback and observations of an employee’s successes in protecting personal information. Discuss opportunities for improvement, too. This is also a good time to review an employee’s current authorized role-based accesses and determine if any changes are needed to match the employee’s current job duties.

Ensure that the employee still has ‘tokens’ that they were given at the time of their hire, like identity badge, keys to the clinic or Alberta Netcare RSA fob.

Privacy and security best practices dictate that confidentiality oaths should be signed on an annual basis and annual privacy awareness and security refresher training should also be provided to all employees. In the event of a privacy incident or breach, it is imperative that a healthcare practice can prove by their documentation that regular privacy and security training is provided to their staff.

Transferring / Exiting Employees

When an employee transitions into a new role or is terminated, review and update the privacy and security checklist to ensure that access and permissions are appropriately modified or terminated.

Custodian Responsibility

Custodians have an obligation to ensure reasonable safeguards to protect the privacy and security of health information. This includes having appropriate policies and procedures in place, as well as demonstrating and documenting that you have implemented your plans. This is a requirement of professional college standards of practice and privacy legislation like the Health Information Act (HIA).

See the article Do You Know Where Your Policies And Procedures Are? to learn what can happen to you if you don’t have your employee training process well documented

The Employee Privacy and Security Checklist will make it easy for you to ensure your new hires, existing employees, and transferring or exiting employees are privacy and security compliant.

Download the FREE Report - Employee Privacy and Security Policy and Procedure Checklist Template

Your practice also needs to have policies and procedures that set out how you ensure the privacy, confidentiality, and security of the health information you collect, use, and disclose. Don't know which policies and procedures you need? Download the Privacy and Security Policies and Procedures Checklist below!

Show Me the Policy and Procedure Checklist!

Practice Management Success

If you are a member of Practice Management Success, login and access the webinar replay, and the policy, procedure, and checklist template.

Not a member? Join today!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies And Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

When we know better, we can do better…

Jean L. Eaton is constructively obsessive about privacy, confidentiality, and security expecially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

checklist, clinic, health care, healthcare, medical, policy, Practice Management Success, privacy, procedure, template

Do You Know Where Your Policies And Procedures Are?

Posted on December 14, 2020 by Jean Eaton in Blog

Do You Know Where Your Policies and Procedures Are?

This is a cautionary tale.

And it could save you a lot of embarrassment – even legal issues.

The way a healthcare provider collects, uses and discloses personal health information (PHI) is critical to an efficient healthcare practice.

It’s also required by legislation and professional college regulations and standards.

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed. Otherwise, you face all sorts of risks, including privacy breaches and other legal problems.

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed. #PoliciesClick to Tweet

Don't let this happen to you!

Everyone in a healthcare practice — including front office staff, wellness practitioners and physicians and other custodians — must be aware of and follow these policies and procedures.

These policies and procedures also become the foundation of your privacy impact assessment (PIA).

That’s why, in this Privacy Breach Nugget, we’ll review a privacy breach investigation report from Alberta's Office of the Information and Privacy Commissioner (OIPC). Whether you have a new practice, or an existing practice, we have a number of services and resources designed to help you manage your practice in a way that not only meets legal requirements, but is streamlined and efficient, and keep your information secure.

What Happened

This report started with an employee suspected of accessing health information for an unauthorized purpose.

It started with at the clinic with a conflict between the employees and the employer.

An employee (Employee A) was on leave from her position at the clinic. Her access to the electronic medical record (EMR) was suspended during her leave.

Employee A wanted to access patient information to support her dispute with management. Over two months, Employee A used Employee B’s credentials to access patient records.

This action is in contravention of the Health Information Act (HIA) sections 27 and 28.

This is where this case becomes even more convoluted and, in fact, a better case study of what not to do.

Employee Dispute

Understanding the Health Information Act

The Health Information Act (HIA) requires the custodian (the physician, in this case) to take reasonable steps to maintain administrative, technical, and physical safeguards to protect patient privacy as required by sections 60 and 63 of the HIA, and section 8 of the Health Information Regulation.

In November 2013, the clinic submitted a privacy impact assessment (PIA) to the OIPC prior to its implementation of an electronic medical record (EMR).

The PIA included written policies and procedures.

The letter to the OIPC accompanying the PIA was signed by two physicians, as well as Employee A who was the privacy officer at that time.

The physician named in the investigative report is not the current custodian at the clinic. The physician was hired in 2015 and therefore not a member of the clinic in 2013 and not involved in the initial PIA submission.

During the investigation, both employees indicated that the policies and procedures to protect patient privacy were in a binder in the clinic, but it was never used or shared with the staff.

Oaths of confidentiality may have been previously signed by the employees, but the documents could not be produced during the investigation.

Section 8 (6) of the Regulation states the ‘custodian must ensure its affiliates are aware of and adhere to all of the custodians administrative, technical, and physical safeguards in respect of health information.’

It’s common practice for clinics to require employees to sign confidentiality agreements and ensure that they receive patient privacy awareness training with regular updates.

But in this investigation, the employees said they never received privacy awareness training.

Privacy-Breach-Nugget-023-Policies-Procedure-Manual

Show Me Policy and Procedure Checklist

Access To Patient Information

The employees also stated it was common practice at this clinic for individuals to not log off of their EMR account on the computers at the reception desks. It was common practice for other employees to access an open session to quickly perform a task in the EMR.

The investigator concluded that the physician was in contravention of the HIA section 63(1) which requires custodians to establish or adopt policies and procedures that would facilitate the implementation of the Act and regulations.

These specific findings were made:

The custodian failed to ensure the clinic employees were made aware of and adhered to the safeguards put in place to protect health information in contradiction contravention of section 8(6) of the regulation.
The custodian was in contravention of section 8(6) of the regulation which requires custodians to ensure that their affiliates are aware of and adhere to all of the custodian’s administrative, technical, and physical safeguards with respect to health information. It’s important to note any collection use or disclosure of health information by an affiliate of a custodian is considered to be the collection, use, and disclosure by the custodian.
The custodian failed to ensure the employee and the other clinic staff adhered to technical safeguards as required by section 60 of the HIA and section 8(6) of the regulations.

Privacy Breach Nuggets You Need to Know

Privacy breaches are in the news every day. The more you know how breaches can affect you allows you to be more proactive to prevent privacy breach pain.

Get Your Privacy Documents In Order

To protect yourself and your practice from patient privacy breaches (and massive fines, see the conclusion to this article), follow these steps.

Find your policies and procedures and review them with all staff and custodians. Make sure you document that this has been done.
Review and update your privacy awareness training and ensure all staff, including custodians, have completed this recently. Make sure you have this documented, including certificates of attendance if available.
Oath of confidentiality documents should be signed by all of all clinic staff and custodians and maintained in a secure location.
Review your privacy impact assessment and ensure all of your current custodians have read this and understand it. Visit this post for more information to help you determine if you need a PIA amendment.

Monitor

This incident occurred in 2016. The OIPC office did not recommend any additional sanctions against the clinic, physicians, or employees.

To get templates of policies and procedures for your healthcare practice, be sure to sign up for the Practice Management Success Membership

New Amendments To The HIA

This case might have turned out differently today.

New amendments, as of 2018, provide a provision for fines under the HIA ranging from $2,000 to $200,000.

The public — and our patients — expect and trust us to make sure that their personal health information is kept secure and confidential.

It’s our responsibility to make sure we have these administrative, technical, and physical safeguards in place and are maintained in a consistent fashion.

When you've done the hard work to implement your patient privacy policies and procedures and your privacy impact assessment, make sure you continue your journey and keep these documents up-to-date and current. To help you, sign up for the Practice Management Success Membership.

There are many patient privacy breaches in the news each day, and you never know when it could happen to you.

The more you know about the breaches and how they can affect you allows you to be more proactive to prevent privacy breach pain. If you need to prepare your privacy breach management plan, start your on-line training 4-Step Response Plan right away!

If you need templates of policies and procedures for your healthcare practice, be sure to sign up for the Practice Management Success Membership. These tips, tools, templates, and training will help you save time and money to develop and maintain policies and procedures in your healthcare practice.

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

Click Here To Register for the FREE Training Video "Can You Spot the Privacy Breach?"

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies And Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

Safeguards: The What, Why, and How

When Do You Need a PIA Amendment?

When is a Privacy Breach a Privacy Breach?

References and Resources

Alberta Office of the Information and Privacy Commissioner. Investigation Report H2019-IR-01 Investigation into alleged unauthorized accesses and disclosures of health information at Consort and District Medical Society Clinic. May 21, 2019. https://www.oipc.ab.ca/media/996888/H2019-IR-01.pdf

#PrivacyBreachNugget, Alberta, clinic, custodian, health, Health Information Act, healthcare, HIA, medical, Patient privacy, physicians, Policies and procedures, Prevent privacy breaches, privacy, privacy breach, Privacy Impact Assessment, reasonable safeguards, templates

Why You Need Policies and Procedures

Posted on December 7, 2020 by Jean Eaton in Blog

Why You Need Health Information Policies and Procedures

Maybe you’ve heard you need written policies and procedures for your health information, but you’re left asking yourself why it’s so important?

The truth is, without written policies and procedures, you open a healthcare practice up to a whole host of problems, including major legal issues.

In fact, every business needs good practices that apply to your:

Information that you collect from patients/clients
Website
Email
Business practices including electronic (or paper) patient records, and computer network
Financial information
Billing, collection, and payment processing

Within the healthcare industry, there are additional legislation requirements that require specific written health information policies and procedures.

The Health Information Act (HIA) and the Personal Information Privacy Act (PIPA)

As we mentioned, when a custodian collects health information, you must follow the Health Information Act (HIA) in Alberta.

Like most other private businesses in Alberta, private healthcare practices must also comply with the Personal Information Privacy Act (PIPA).

The colleges of regulated health professionals (like the Alberta Dental Association and College (ADAC) and the College of Physicians and Surgeons of Alberta (CPSA), require dentists and physicians to meet the standards of practice which includes compliance to HIA and PIPA legislation.

In addition, the college has other standards of practice that you must meet, including policies and procedures for the collection, use, disclosure, and access of health information.

So, let’s explore further why written policies and procedures are so essential, as well as what can happen without them, and why healthcare practices may not think they need them in the first place.

Benefits of Policies and Procedures

One of the most critical benefits of having policies and procedures in place is that they’re good for business.

Here’s how:

They contribute to consistent, efficient workflow.
You can figure it out once, write the procedure, tweak it to make it better, and then repeat the same procedure again and again.
They help you make better business decisions, like buying supplies, choosing services, and selecting vendors.
They help support your accreditation efforts.
On-boarding employees the right way with no missed steps is much easier with policies and procedures in place.

If you’re looking for even more proof of the benefits of having written procedures, it can also help you avoid:

Internal disputes within your team and external disputes with your patients and clients
Re-work and re-training employees
Poor customer service
Poor reputation
Fines and penalties

Fines And Penalties For Not Having Written Policies And Procedures

You might be wondering why you would face fines and penalties for not having written policies and procedures in the first place.

The HIA requires the custodian – which includes the dentist or dental hygienist – to take reasonable safeguards to protect the privacy and confidentiality of patients’ health information.

Having written policies and procedures is a common, expected, and reasonable safeguard.

Let’s say you have a privacy breach in your practice or an error (like sending a fax to the wrong number or you are a victim of a phishing or ransomware attack).

You can learn more about what makes a privacy breach a privacy breach here.

If you can’t demonstrate that you had the appropriate reasonable safeguards, like written policies and procedures in place, you are guilty of an offence under the law.

It’s illegal not to have policies and procedures when you collect health information.

If you are guilty of this offence, you are liable for a fine of a minimum of $2,000 and not more than $500,000. (HIA section 107(7)).

3 Policies and Procedures Myths

One reason some healthcare practices fail to have written policies and procedures is because they believe they don’t need them.

Often, this is because they’ve fallen prey to the common myths about policies and procedures.

There are 3 of the common myths that stop healthcare providers and their clinic managers from creating written policies and procedures:

It’s Too Hard

While it does take some skill to write clear, easy to read, and easy to understand policies and procedures, it doesn’t have to be heard. In fact, you can even purchase templates to make this easier.

It Takes Too Much Time

Writing policies and procedures does take some time.

But investing the time to create policies and procedures pays off by preventing suffering from inconsistent or broken procedures, using or disclosing health information in error, and having to pay fines, penalties, public relations nightmares, or spending the time required to run a privacy or security investigation.

It’s A Waste Of Time

Here are a few good reasons that prove writing policies and procedures is not a waste of time:

Practical privacy policies and procedures will create a more efficient practice and help you make better business decisions.
The policies and procedures become the foundation of your privacy impact assessment.
Policies and procedures are pre-requisites for other initiatives, like access to Netcare or other community integration initiatives, and privacy impact assessment (PIA). Click here to learn more about PIAs.
You must have them as part of your legislative compliance.
It’s the law. Not having policies and procedures regarding the collection, use, disclosure, and access of health information is illegal.

As you can see, written policies and procedures help ensure consistent office procedures and good communication between team members in your healthcare practice.

In addition to those good reasons, you must have good written policies and procedures about how you collect, use, disclose, and provide access to health information to avoid legal problems, fees, penalties, and other problems.

Not Sure Which Policies and Procedures That You Need?

Show Me Policy And Procedure Checklist

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies and Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

When Do You Need a PIA Amendment?

What is a PIA?

Alberta, clinic, custodian, health, Health Information Act, healthcare, HIA, medical, physicians, PIPA, Policies and procedures, privacy, Privacy Impact Assessment, reasonable safeguards

Healthcare Policies And Procedures

Posted on November 30, 2020 by Jean Eaton in Blog

Healthcare Policies and Procedures: What Are They and Why Do Practices Need Them?

Healthcare policies and procedures are essential tools in EVERY healthcare practice.

We use written policies and procedures to ensure consistent office procedures and good communication between team members, but it doesn’t stop there.

Before we get to the many benefits of healthcare policies and procedures, let’s cover exactly what these terms mean.

Not sure which policies and procedures you need? Click here to find out!

Policies and Procedures Defined

For our purposes today, this is what we mean by these terms:

Policy: A set of ideas or plans that is used as a basis for making decisions.

Procedure: A fixed, step-by-step sequence of activities or course of action.

Both policies and procedures serve several important purposes in a healthcare practice.

Policies and procedures can help you:

Protect your practice with consistency in decision making and implementing routine tasks.
Provide team members direction and guidelines; help avoid micromanaging. Here’s more information on how policy and procedure checklists help with employee privacy and security.
Ensure quality and cost-effective processes.
Well thought out policies and procedures reduce re-work and make for more efficient practices.
Encourage team members to work to their full scope of responsibilities.
Contribute to compliance, including professional standards, HIA, insurance.
Protect your healthcare practice by demonstrating your administrative safeguards.

As powerful and effective as policies and procedures can be, they can also pose certain problems or risks if they’re not implemented properly — or if they don’t exist in the first place.

On that note, if you have policies and procedures in place, it’s also imperative to know where they are. Don’t miss this cautionary tale where I tell you why.

If your policies and procedures are unclear or non-existent, these are some of the risks you expose a healthcare practice to:

Fines and even jail time for the healthcare provider
Increased conflict and potential for misunderstanding within a practice
Increased conflict between employees, misunderstanding, and poor customer service
Poor business decisions and wasted time and money

Simply talking about your policies and procedures is not a good business strategy! You need to have clear healthcare policies and procedures in place if you want to reap all of their benefits.

So, let’s go over what makes a good healthcare policy with a clear and effective design.

Policies ask WHY and WHAT

Policies are the steps to put your goals into action — policies are proactive.

The WHY: Why is this policy needed? It is the general guide for decision-making.

The WHAT: What do you want to show for programs, activities, and services?

Each year, policies need to be reviewed and authorized by the clinic manager, privacy officer, healthcare provider and/or owners. Your team members need the opportunity to review and understand the policies regularly, too.

Review policies to assure that they reflect what the clinic is doing and that the clinic is following the written policy. Changes may need to be completed and approved.

Now, let’s cover what makes for good procedures before we get to how to create your manual.

Procedures ask HOW

The HOW: How you plan to carry out the objectives and details listed in your policies?

Your procedures should include sufficient detail so a new employee can complete a task based on the information provided.

We’ve discussed the objectives of your policies and procedures for your healthcare practice, now here are some useful tips for actually creating your policies and procedures manual:

Include screen prints if computer-based.
Include video explanations.
Format the policy and procedures so that each policy or procedure is a separate, stand-alone document.
Assign a NUMBER to each policy and procure to make it easy to reference in your PIA, or direct your staff to review. You can use any numbering system that you want — I usually use a sequential numbering system.
Headings make it easier to group your information which makes it easier for the reader to review and then focus on the details that they need. Repeat the same headings throughout the policies and procedures to provide consistency across the manual. Use the headings as needed; not all policies or procedures need all the headings.
Cite legislative and standards requirements, like the HIA.

When you’re implementing changes to these policies and procedures or creating them in the first place, be sure to involve key parties. This includes:

Custodian/trustee/business owner
Clinic manager/team lead
Privacy officer

Remember, implementing a new procedure or policy successfully must always include training and discussion with your team.

Which Privacy and Security Policies and Procedures Do YOU Need?

Without well-documented, written policies and procedures, you open your healthcare practice up to a whole host of problems, including major legal issues.

Does your clinic have appropriate policies and procedures?

Not sure which policies and procedures you need? Click here to find out!

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them!

Your healthcare practice needs written policies and procedures to assist you to correctly, efficiently, and confidently collect, use, access, and disclosure of health information so that you can meet your accreditation, privacy impact assessment, and regulatory compliance requirements.

Now For Chiropractic and Nursing, Too!

Starting with a template saves you time and money
Be privacy and security compliant
No special software to buy or learn
Use your existing MS Word and MS Excel office productivity software
One-time fee
On-line support
Available now!

Click the >> arrow to watch a short demo of the robust manual you can create quicker than you thought possible!

Show Me Policy And Procedure Templates!

Different Policy and Procedure versions available for your specific type of healthcare practice

Medical Doctor Health Information Policy and Procedure

Medical Practice

Dental Practice

Chiropractor Health Information Policies and Procedures

NEW!
Chiropractic Practice

Nurse Practitioner Health Information Policy and Procedure

NEW!
Nurse Practitioner Practice

Registered Nurse Health Information Policy and Procedure

NEW!
Registered Nurse Practice

Health Information Policy and Procedure Manuals ready for you now!

Step 1: Complete the questionnaire and download the templates

Step 2: Easily generate draft 24+ policies and 28+ procedures and forms using MS Word

Step 3: Edit the documents

Step 4: Video coaching and best practices for the policies and procedures and implementation tips

Step 5: Customize for your healthcare practice

Step 6: Video orientation for your employees

Show Me Policy And Procedure Templates!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies And Procedures Are?

Why Do You Need Health Information Policies and Procedures?

New! Health Information Policy and Procedure Manuals

Safeguards: The What, Why, and How

When Do You Need a PIA Amendment?

When is a Privacy Breach a Privacy Breach?

clinic, custodian, health, Health Information Act, healthcare, HIA, medical, physicians, PIPA, Policies and procedures, Privacy Impact Assessment, reasonable safeguards

Will MyHealth Records Patient Portal Impact Your Healthcare Practice?

Posted on November 6, 2020 by Jean Eaton in Blog

Patient Portals Improves Access To Own Health Information

Residents of Alberta can now access their personal COVID-19 and other lab test results, immunization history, dispensed medication history and more in their own MyHealth Records – the patient portal view of Alberta Netcare.

In October 2020, parents can now access their children's COVID-19 test result lookup, too.

The sign-up process has recently been changed to permit rapid sign-up to access MyHealth Records.

Watch the short video above for my quick review of MyHealth Records.

MyHealth Records

The Alberta Netcare website says that MyHealth Records is a Personal Health Record for Albertans to access some of their health information, such as lab results, medications, and immunizations drawn from Alberta Netcare.

MyHealth Records also provides access to several health and wellness tools to help track and maintain overall health. (See the complete list of features here.)

Alberta Health has announced that the first step for patients to access thier own records is to request your MyAlberta Digital ID (MADI) which will eventually act as your login credentials to the ANP.

If you have not already registered for MADI access you may do so here: MyAlberta Digital ID.

You will see 2 options – one for a basic account and one for a verified account. Select the verified account.

You will receive a personal identification number (PIN) in the mail.

When you have a verified account, you can go to your MyAlberta Digital ID account and add a new MyHealth Records access.

You can do this now – no need to wait!

You will (probably) have access to medications dispensed by pharmacists and lab and diagnostic imaging tests results for the last 18 months. Remember, not all test results are available.

You can now also add your own journal entries for your weight, food diary, exercise diary and other tools to help you manage your health.

If your healthcare provider is also using the secure messaging system supported by MyHealth Records, you may be able to send a secure message to your healthcare provider, too.

This is a patient portal into your health information maintained by Alberta Health Services and Alberta Netcare.

The original or ‘source’ data continues to be securely managed in the service providers’ originating electronic systems. The originating systems and their custodians are required to keep the records for the entire records retention period; generally 10 years.

The information in the MyHealth Records portal may only be available to you for 18 months to 2 years. If you choose to add information to your account, I believe that information will be maintained for a limited time (for example, 2 years).

Patient portal

Patient Portals Can Reduce Barriers

The use of a patient portal can reduce barriers for patients to access their own records. Other benefits to patient portals may include:

Increased empowerment to patients who can access their own results in a timely fashion
Better communication with patients
Fewer access requests (and increased administration efficiencies)
Fewer missed appointments (and increased access to care)

How Will Patient Portals Affect Your Healthcare Practice?

Will you tell your patients that they can access some of their lab results themselves directly from MyHealth Records?

Let me know your experiences with patient portals and your questions. I really would like to know your thoughts on how portals may impact your healthcare practice.

⇓ ⇓ Click the >> arrow button to play the video!

Patient Portals In Your Healthcare Practice

Patient portal

Patient Portals Can Reduce Barriers

The use of a patient portal can reduce barriers for patients to access their own records. Other benefits to patient portals may include:

Increased empowerment to patients who can access their own results in a timely fashion
Better communication with patients
Fewer access requests (and increased administration efficiencies)
Fewer missed appointments (and increased access to care)

How Will Patient Portals Affect Your Healthcare Practice?

Will you tell your patients that they can access some of their lab results themselves directly from MyHealth Records?

Let me know your experiences with patient portals and your questions. I really would like to know your thoughts on how portals may impact your healthcare practice.

#digitalhealth, Alberta Netcare Portal, ANP, benefits, health, healthcare, MyHealth Records, Netcare, patient portal, Patient portals

Privacy and Security In Telehealth Summit

Posted on October 5, 2020 by Jean Eaton in Blog

Growth in telehealth has exploded in 2020 – and so have the privacy and security risks!

46% of consumers are now using telehealth to replace cancelled healthcare visits¹.
Providers have rapidly scaled offerings and are seeing 50 to 175 times the number of patients via telehealth than they did before².
90% of patients prefer telemedicine over in-office visits³.

At the same time, we have seen:

80% of security breaches caused by stolen or brute forced credentials.
Individual’s COVID-19 testing status and contact tracking inadvertently released to the public.
Unsecure video conferencing exposing personal information to others.

When you properly balance the opportunities of telehealth with safeguards to protect the privacy and security of our patients’ health information, you can:

Improve patient access to healthcare and patient satisfaction;
Develop viable new business models;
Maintain and improve patient relationships;
Implement flexible staffing employment models to respond to the demands of the pandemic.

Announcing Virtual Health Privacy Summit

In this Virtual Health Privacy Summit, we’re going with TED-style talks – short, engaging presentations from industry experts on compelling topics that are important to your clinic, practice, or business.

This event is ideal for chiropractors, physiotherapists, doctors, dentists, dental hygienists, dental assistants, dental technicians, receptionists, treatment coordinators, practice managers, privacy officers, or owners of a healthcare practice.

Privacy and Security In Telehealth Summit

Wednesday October 21, 2020

Keynote – Dr. Kale Matovich
Natural Way Chiropractic

The Phoenix Plan: How Our Chiropractic Practice Uses Telehealth to Support Our COVID Recovery

The COVID-19 pandemic significantly affected the way chiropractors provide care to their patients. Dr. Kale Matovich will share his experiences of implementing telehealth solutions as an unconventional, yet essential, component of both patient care and business recovery at Natural Way Chiropractic.

Dr. Angela Mulrooney
Unleashing Influence

Pivoting To Online Possibilities

COVID-19 has shoved us into the future of technology-adoption in healthcare. If you don’t level up and get with the advancements, you will be left behind. Angela will discuss the best innovations and how you can make the most of them in your healthcare practice to ensure online income during shutdowns and into the future of your practice.

Anne Genge
Alexio Corporation

Easy and Affordable Ways to Dramatically Increase Your Security Online

“Anne takes difficult concepts and makes then interesting and understandable for everyone” (Maggie S. – attendee: Privacy & Security for Office Managers Course 2019)

Who is this for? This talk is designed for all people working with computers and will give you excellent strategies for your office and home use.

Most people have antivirus on their computers but breaches, data theft, and ransomware keep happening. Learn why, and learn how a few tweaks to how you’re working can make an exponential difference to the security of your patient and personal data.

Jean L. Eaton
Information Managers Ltd.

Practical Telehealth Privacy Tips For Your Practice

Your Practical Privacy Coach, Jean L. Eaton, will share practical privacy tips you need to know to implement your telehealth program including:

Patient on-boarding;
Informed consent to telehealth notice; and
How to easily document telehealth encounters in your practice.

Lauren Sergy
Up Front Communication

The Keys to Buy-In: How to Get Staff and Patients On Board With New Practices and Processes

Changing how we work can be difficult. No matter what it is you’re changing – shifting your privacy practices, engaging in telehealth, or implementing some other new process – getting buy-in from staff, partners, and patients is crucial to the success of your initiative. In this fascinating session, communication and speaking expert Lauren Sergy will take you on a high-level look at how persuasion works, revealing key strategies to getting the buy-in and commitment you need from your staff.

This is the second summit from Canada's Health Privacy Summit.

People are talking about the Canadian Health Privacy Summit!

“Absolutely great and informative summit :)”

“This was the best presentation on this topic that I have heard in the 50 years that I have practiced.”

“Great opportunity for those of us who are in the dental industry to learn about issues related to digital information security”

“A lot of information packed into an afternoon with an opportunity to learn more and connect with the presenters made this a valuable learning experience. Looking forward to the next summit. Thank you!”

References:

(1, 2) McKinney COVID-19 Consumer Survey, April 17, 2020. https://www.mckinsey.com/industries/healthcare-systems-and-services/our-insights/telehealth-a-quarter-trillion-dollar-post-covid-19-reality#

(3) Dr. Mike Greiwe, Practice Management Nuggets, 2020 September 22, https://practicemanagementnuggets.live/why-medical-practices-will-have-to-offer-telemedicine/

We are Cybersecurity Awareness Month Champions!

The Health Privacy Summit is a Champion of online safety and data privacy. This #CybersecurityAwareness Month we're hosting the Privacy and Security In Telehealth Summit October 21! #BeCyberSmart @StaySafeOnline @Cyber #vhps2020

#CybersecurityAwarenessMonth, privacy, security, telehealth

October Is Cyber Security Awareness Month!

Posted on October 1, 2020 by Jean Eaton in Blog

If You Connect It, Protect It

In healthcare practices, we have a responsibility to ensure reasonable safeguards to protect personal health information. In the early days of a clinic opening, your privacy impact assessment includes a privacy risk analysis that identifies potential risks to the privacy, confidentiality, and security of health information – and all the ways that you will mitigate and prevent those bad things from happening.

Threat Risk Assessment

As a practice matures, you are expected to regularly re-evaluate the risks to health information and conduct a new threat risk analysis (TRA). Conducting a TRA is a reasonable safeguard as described under the Alberta Health Information Act (HIA) and part of your obligations with information sharing partners, like Alberta Netcare Portal.

This is part of your Privacy impact assessment (PIA) amendment or update.

This is where you demonstrate that the custodians and the leadership of the clinic understands the importance of privacy and security. The TRA should review and update the original risk analysis – and describe what you have done lately.

The TRA should include administrative, technical, and physical safeguards.

IT Asset Inventory

You need to know where your personal health information – and other business, confidential, and sensitive information resides – before you can protect it.

A review of all the devices in your clinic that contain personal health information is one example of a technical safeguard. Your information technology (IT) computer network vendor or managed service provider should be conducting a regular enterprise-wide IT asset inventory. Generally, an enterprise-wide IT asset inventory is a comprehensive listing of an organization’s IT assets with corresponding descriptive information, such as data regarding identification of the asset (e.g., vendor, asset type, asset name/number), version of the asset (e.g., application or OS version), and asset assignment (e.g., person accountable for the asset, location of the asset). Listen to the Help Me With HIPAA podcast episode 273 for a great discussion on why this is so important.

The clinic’s system administrator or privacy officer should review the IT asset inventory with the MSP to ensure that all listed devices – both the devices managed by the MSP and any other connected devices – are included in the inventory.

In your PIA amendment, remember to include when you most recently completed your IT asset inventory, who was involved in the development, when it was reviewed by your custodians and leadership, and the actions that you took based on the results of your assessment.

See the Summer 2020 OCR Cybersecurity Newsletter Making a List and Checking it Twice: HIPAA and IT Asset Inventories and the additional resources to assist you with your IT Asset Inventory.

Security Vendor Questionnaire

Choosing a vendor to meet your cybersecurity needs is not an easy task. To help you, the National Cyber Security Alliance has created a checklist with some questions you should consider asking current or potential vendors. it is not exhaustive, but gives you a good start. If you don't understand some or any of these questions, consider having a business partner or colleague help you interview vendors. And always remember to engage in a Service Level Agreement and Contract with the vendor so all expectations are clearly articulated.

If you are a healthcare provider, you may need an Information Management Agreement, too.

Bonus Tip – Keep your questions and responses from the vendor as part of your privacy and security risk assessment to demonstrate your diligence and commitment to reasonable safeguards to protect your business and your patients' health information.

Security Vendor Questionnaire

If You Connect It, Protect It Resources

Use these resources from DHS NCSAM that you can download and share right away!

INTERNET OF THINGS

CYBERSECURITY WHILE TRAVELING

Here's a great no-cost opportunity to provide cyber security awareness training to your team!

October is Cybersecurity Awareness Month, a global effort to help everyone stay protected whenever and however you connect. The overarching theme for the month is, ‘Do Your Part. #BeCyberSmart.’ and Information Managers is proud to be a champion and support this online safety and education initiative this October.

Events This Month

Worried About A Privacy Breach? – Live Oct 8
Practical Privacy Officer – Live Oct 29
Privacy and Security in Telehealth Summit – Live October 21

CyberSecurity Champions

Information Managers Ltd has been a CyberSecurity Champion for many years – and now you can, too!

We want to help you, your family, friends and our community stay protected all year long, too. We encourage you to sign up as an individual Cybersecurity Awareness Month Champion. After signing up, you’ll receive a toolkit of free resources, including simple online safety habits and steps you can take to #BeCyberSmart.

National Cybersecurity Awareness Month is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. For more information about ways to keep you and your family safe online visit https://staysafeonline.org/cybersecurity-awareness-month/ and/or cisa.gov/ncsam.

Be CyberSecurity Aware

Cybersecurity Awareness

Demonstrate to your team the importance of cyber security at work.
Share with your patients – by posters in your practice, blog posts, or your email newsletters – and demonstrate that your practice is cyber aware and you want to share tips with them.
If you have team members who work remotely, work from home, use their own mobile devices, or use the internet to connect with apps and resources – give them additional skills to do their work as safely as possible.
Help your team members better manage their own personal information in their personal lives – good habits that will help them at work, too!

Become a Champion here https://staysafeonline.org/ncsam/champions/

Follow Information Managers blog posts, social media, and resources that you can download and use right away!

#BeCyberSmart, #CybersecurityAwarenessMonth, #NCSAM, Cyber Security Awareness, IT Asset Inventory, NCSAM Champion, threat risk assessment

Snooping Conviction Earns 3 Years’ Probation

Posted on September 14, 2020 by Jean Eaton in Blog

Do you have a privacy breach awareness program in place in your healthcare practice?

Spotting a privacy breach is the first step to stopping a privacy breach.

You Can Use This Privacy Breach Example to Review and Improve Your Practices.

This Is What Happened

The clinic recognized that one of their employees viewed the health records of close acquaintances, friends, and others in the community. She did not have a need to know this information to do her job.

In one case, the employee disclosed an individual’s health information to a friend.

In June 2018, a medical clinic in Alberta reported a privacy breach to the Alberta Office of the Information and Privacy Commissioner.

The OIPC opened an investigation and subsequently referred its findings to the Specialized Prosecutions Branch of Alberta Justice. Charges of an offence under the Health Information Act (HIA) were laid.

Unauthorized Access By Employees

On September 2, 2020 the clinic former employee plead guilty in court to breaching the HIA. It is an offence under HIA to knowingly gain or attempt to gain access to health information in contravention of the Act (section 107(2)(b)).

The judge sentenced the employee to

$6,000 fine
three years probation, and
180 hours of community service

This breach was entirely preventable.

Keep this story in mind when you are trying to determine the return on investment to deliver privacy awareness training and EMR user monitoring tools to prevent and identify early snooping privacy incidents.

You can invest a little now with privacy awareness training . . . or you can pay over and over again for an investigation and bad publicity that never ends!

Privacy Breaches – What You Need to Know

1. Provide privacy awareness training for each employee and healthcare provider at orientation and regularly throughout the employment.

2. Collect the employee’s oath of confidentiality, including an acknowledgement that the employee understands the principles of using only access health information necessary to perform their job.

3. Monitor your users’ access to health information to quickly identify when a suspicious privacy incident occurs. The sooner you identify a privacy breach, the sooner you can limit the risk.

4. Implement your sanction policy when needed. Your sanctions policy clearly identifies the sanctions when an employee or healthcare provider is liable of an offence under the HIA.

5. Report a privacy breach to your custodians and healthcare providers, the Office of the Information and Privacy Commissioner, and the Minister of Alberta Health and the individuals affected by the breach.

When we know better, we can do better…

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

Click Here To Register for the FREE 15 Minute Training Video "Can You Spot the Privacy Breach?"

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Not sure what is considered a privacy breach? See When is a Privacy Breach a Privacy Breach?

Do you do routine audits? Here’s how.

Are Your Employees Privacy Aware? Start now!

References

Edmonton Journal. Former Camrose medical clinic worker hit with fine, probation for snooping health records. Nicole Bergot, Sep 10, 2020. https://edmontonjournal.com/news/local-news/former-camrose-medical-clinic-worker-hit-with-fine-probation-for-snooping-health-records

Alberta OIPC. Multiple Penalties Issued to Individual Convicted of Health Information Breaches. https://www.oipc.ab.ca/news-and-events/news-releases/2020/multiple-penalties-issued-to-individual-convicted-of-health-information-breaches.aspx

clinic, custodian, health, Health Information Act, healthcare, HIA, mandatory privacy breach notification, medical, physicians, privcy breach, probation, snooping in healthcare;

1 2 3 ›»

How to Manage a Privacy Breach with Confidence

The new mandatory privacy breach notification provisions to the Health Information Act (HIA) takes effect on August 31, 2018.

Privacy Incidents Happen!

Learn NOW how to respond a privacy breach – Don’t get caught scrambling when a privacy breach happens.

What people are saying about the ‘4 Step Response Plan’

Results Oriented Learning

In the world of privacy breaches ‘If’ has become ‘When’. Will you be ready?

The 4 Step Response Plan includes

BONUS – Discussion Group (not Facebook!)

BONUS – Q&A With Jean

BONUS – Privacy Breach Awareness Training for YOUR Employee’s Orientation

Self-paced And Self-learning – All Lessons Are Available Right Away – No Waiting To Get The Content That You Need Most!

Get Started Right Now!

Click the Button Below to Get Started Right Away!

What people are saying about the ‘4 Step Response Plan’

Here Is My Personal Guarantee

Email Jean with your questions.

Confidently Respond to a Privacy Breach…You'll Sleep Better at Night!

Learn NOW how to respond a privacy breach – Don’t get caught scrambling when a privacy breach happens.

Join us on Thursday, January 14th, 2021

Worried About How To Respond To A Privacy Breach?

Learn to

In the world of privacy breaches ‘If' has become ‘When'. Will you be ready?

This Webinar Includes:

Get Started Right Now!

What people are saying about the ‘4 Step Response Plan'

So go ahead, register right now before it is too late!

We're Proud To Be Data Privacy Day Champions!

Why Do You Need Policy and Procedure Checklists for Onboarding and Exiting Employees?

Employee Privacy and Security Policy and Procedure Checklist

New Employee Orientation / Onboarding

Existing Employees / Annual Review

Transferring / Exiting Employees

Custodian Responsibility

Practice Management Success

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

When we know better, we can do better…

Do You Know Where Your Policies and Procedures Are?

What Happened

Understanding the Health Information Act

Access To Patient Information

Privacy Breach Nuggets You Need to Know

Get Your Privacy Documents In Order

New Amendments To The HIA

When we know better, we can do better…

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

References and Resources

Why You Need Health Information Policies and Procedures

The Health Information Act (HIA) and the Personal Information Privacy Act (PIPA)

Benefits of Policies and Procedures

Fines And Penalties For Not Having Written Policies And Procedures

3 Policies and Procedures Myths

Not Sure Which Policies and Procedures That You Need?

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Healthcare Policies and Procedures: What Are They and Why Do Practices Need Them?

Policies and Procedures Defined

Policies ask WHY and WHAT

Procedures ask HOW

Which Privacy and Security Policies and Procedures Do YOU Need?

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them!

Now For Chiropractic and Nursing, Too!

Different Policy and Procedure versions available for your specific type of healthcare practice

Medical Practice

Dental Practice

NEW!Chiropractic Practice

NEW!Nurse Practitioner Practice

NEW!Registered Nurse Practice

Health Information Policy and Procedure Manuals ready for you now!

Patient Portals Improves Access To Own Health Information

MyHealth Records

Patient Portals Can Reduce Barriers

How Will Patient Portals Affect Your Healthcare Practice?

⇓ ⇓ Click the >> arrow button to play the video!

Patient Portals In Your Healthcare Practice

Patient Portals Can Reduce Barriers

How Will Patient Portals Affect Your Healthcare Practice?

Announcing Virtual Health Privacy Summit

Privacy and Security In Telehealth Summit

Wednesday October 21, 2020

Keynote – Dr. Kale MatovichNatural Way Chiropractic

NEW!
Chiropractic Practice

NEW!
Nurse Practitioner Practice

NEW!
Registered Nurse Practice

Keynote – Dr. Kale Matovich
Natural Way Chiropractic

Dr. Angela Mulrooney
Unleashing Influence

Anne Genge
Alexio Corporation

Jean L. Eaton
Information Managers Ltd.

Lauren Sergy
Up Front Communication