Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Healthcare Privacy Breach Training

Posted on August 11, 2021 by Jean Eaton in Blog

Learn From Someone Else's Privacy Breach!

Using privacy breach examples from other healthcare practices makes realistic privacy breach training content to prevent them from happening in your clinic!

The cost of a data breach continues to rise, and healthcare is the costliest industry, according to IBM’s Cost of Data Breach Report 2021. 

This report indicates that the average cost of a data breach including personally identifying information (PII) is

  • $180 per record containing PII
  • Assuming that a family practice physician has a panel size of 2,000 patients, the cost of a privacy breach could be $180 x 2,000 = $360,000
  • If you work in a group practice with 4 physicians and all of your patient records were included in the privacy breach, this could cost your practice up to $1.4 M

Privacy breach notification requirements are changing, and so are the fines if your practice is in violation of privacy legislation in Canada like the Alberta Health Information Act (HIA) and the Ontario Personal Health Information Protection Act (PHIPA).

In this free 60-minute workshop, Jean will share recent privacy breach examples in healthcare and discuss how to prevent them from happening in your clinic.

Who Should Attend the Privacy Breach Training?

Everyone in your medical, dental, chiropractic, podiatry, practice should attend this workshop. This is a great orientation for new employees and a timely refresher for everyone else.

I believe that practical privacy breach training is a reasonable safeguard to protect patient information and the reputation of the healthcare providers and the clinic.

Make this a lunch and learn event!

Confidently Respond to a Privacy Breach…You'll Sleep Better at Night!

Privacy incidents happen!

60% of small and medium business owners go out of business within 6 months after a privacy and security breach.

Patients, clients, employees and business partners trust you to keep their private and sensitive information confidential and secure.

Not recognizing and not notifying a privacy breach quickly and properly could result in fines and even jail time for the business, healthcare provider, employee, or vendor!

The Biggest Mistake In Managing A Privacy Breach

The biggest mistake in managing a privacy breach is not recognizing the privacy breach.

biggest mistake privacy breach training head in sand

Your Practical Privacy Coach has prepared this FREE 60-minute workshop with recent privacy breach examples to help you spot a privacy breach in your healthcare practice!

Use these privacy breach examples to

  • improve your privacy management program and prevent similar incidents
  • prepare your privacy incident response plan so that you can quickly spot and stop a similar privacy breach in your practice
  • reduce privacy breach costs, harm to patients, loss of reputation
  • train your team and privacy officer

 

Join us on Thursday, August 19th, 2021

12 Noon MT

Learn From Someone Else’s Privacy Breach Workshop

Register for Your FREE LIVE Workshop

In the world of privacy breaches ‘If' has become ‘When'. Will you be ready?

If you want to confidently and properly manage a privacy breach, start by attending this workshop. If you need to create or update your privacy breach incident response plan, check out the 4 Step Response Plan on-demand training, too.

This Workshop Includes:

  • Live webinar
  • Q&A with Jean L. Eaton, Your Practical Privacy Coach when you join the webinar live
  • Access to the replay for a limited time
  • PDF cheat sheets
  • BONUS – Privacy Breach Awareness Training for YOUR employee's orientation. Includes Video – “Can You Spot the Privacy Breach?”, Learning Guide, Post Test, and Certificates of Completion

This webinar may be eligible for Continuing Professional Development credits with your professional association.

 

Jean L. Eaton

Jean L. Eaton, BA Admin (Healthcare), CHIM, CC is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal information, particularly in primary health care settings.

Jean  provides solutions that are practical and effective for today’s healthcare providers so they can implement privacy by design and best practices to protect privacy, confidentiality, security of personal information.


So go ahead, register right now before it is too late!

to receive emails







We use MailChimp as our marketing automation platform. By clicking below to submit this form, you acknowledge that the information that you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy and Terms.

You will also benefit from the occasional Privacy and Practice Management tips by email of similar resources that you can use right away!

 

Health Information Act, prevent a privacy breach, privacy breach, respond to a privacy breach

Do Your Patients Know Your Office Holiday Hours?

Posted on June 21, 2021 by Jean Eaton in Blog

Holiday hours templates are great opportunities to easily create social media content for your healthcare practice–let your patients know about changes to your office holiday hours.

The Easy Way to Add Content to Your Social Media

One of the most frequent question that every office receives is – what are your office hours?

It makes sense to share this information in an automated way. This saves time in the telephone queue and makes everyone's day a little smoother. Add the information to your telephone answering system messages, website, posters in your clinic, and in your social media channels.

Common social media channels include Facebook, Twitter, and Instagram.

When the content appears in your social media channel, your patients will expect regular updates from you around each holiday and will return to your social media channel again and again over the year.

Let your patients know about changes to your office holiday hours!

  • Encourage your patients to visit your social media over and over again!
  • Easy for you to add content that your patients want to see.
  • No new technology for you to learn – copy and paste!

There is a simple way to create this content.

Follow these steps:

1. Select Your Images

You can use any related image and size it to print and display in your clinic or your social media channel.

2. Add Your Logo

You could use an image without adding your branding. But, for more impact, I recommend that you take just a few minutes and use a photo editing software to add your clinic name and logo to the image. You want the reader to know which clinic the image is about! This is also a good way to continue branding for your clinic.

There are many free and easy photo editing software systems. I like to use Canva.

Once your images are edited, download them to your computer network system.

3. Prepare Your Social Media Content

Working with your authorized social media manager, confirm your holiday hours and related messages.

Use this sample message that you will type into the new social media post.

Happy Canada Day from all of us at ABC Clinic! Please note we will be closed Thursday July xx to Monday July xx.

We will be back to regular office hours on Monday. For our latest hours of operation, please visit our website [insert website address].

4. Save Your Files

Keep a copy of your images and your social media messages for use next year.

You might store the images and your notes on a shared folder on your computer network. For example,

Social Media >> Holiday Announcements >> Month Holiday

5. Publish Your Holiday Announcements

Add your images and the messages to your website and social media channels.

You can even use the image and print as a poster to display in your practice.

Add text comment to your post. Asking a question encourages comments and engagement. For example, Summer is here! What is your favourite summer holiday tradition?

Bonus Tip!

Create more engagement with your patients and clients when you invite your staff to contribute their favourite summer holiday tradition to your social media post.

Or, create a ‘bulletin board' with your holiday hours announcement and add the quotes from your staff about their holiday traditions or their favourite picnic recipe.

 

Let Me Make This Easier For You!

I've found images that you can use for your office holiday hours messages.

Download the FREE Holiday Hour Templates

and receive 10 images that you can use all year long!

 

template

Get the Free Statutory Holidays Images Templates

Would you like more tips like this?

Members of Practice Management Success Membership enjoy access to Tips, tools, templates and training to help you start, grow, fix, or maintain your healthcare practice!

Membership is open to all healthcare practices of any size – physicians, optometrists, audiologists, dentists, chiropractors, physiotherapists, nurse practitioners, and more!

Member access to online resources when you need it along with networking and support from other clinic managers, practice managers, and healthcare providers in independent community practices – just like you!

Learn More About Practice Management Success
clinic management, facebook, healthcare, holiday hours template, medical, practice management, social media images

How to Prepare Patient Records for a Court Order in Your Healthcare Practice

Posted on April 7, 2021 by Jean Eaton in Blog

How to Prepare Patient Records for a Court Order in Your Healthcare Practice

You are working at the reception desk of a healthcare practice. Suddenly, there is a police officer giving you a court order! Do you know how to prepare patient records for a court order?

Don't panic when preparing patient records for a court order

Don’t Panic!

In this month’s Q&A with Jean, we discussed how to prepare patient records for a court order with confidence!

Now, just a reminder, I’m not a lawyer and I don’t play one on TV. These are my recommendations based on my experiences – as a director of health records in hospitals in Canada, as a court reporter, and as a mentor to clinic managers in independent healthcare practices – and this is not legal advice.

Follow These Steps

In this article, I am not discussing a situation which relates to a life-threatening situation that requires an immediate response. I am also not discussing when the order relates to the type or quality of healthcare provided to the patient or when the actions of the healthcare provider or clinic is being challenged or reviewed. These are topics for a different article.

Your reception staff should not accept the court order but, instead, immediately ask the officer to wait for a few minutes so that they can request their supervisor or privacy officer meet with them.

When the court order is an administrative request for information, the supervisor or privacy officer will accept the court order from the officer. Before the officer leaves, make sure that you read the court order carefully and ensure:

  • Who is named in the court order.
    • This is often the clinic manager of the clinic. Your clinic should be specifically named or, perhaps, the name of your lead physician or healthcare provider.
  • Record the date and time that you received the order.
  • Clarify when the response is required.
  • Name and contact information.
    • This could be of the officer that delivered the court order (if possible).
    • At minimum, it should include the contact information of the court, for example, the court clerk’s office or the witness co-ordinator, or the sheriff’s office.
  • The province or jurisdiction of the court.
  • In general, this should be the same province where your clinic operates. If not, contact your lawyer for advice on how to respond.

Review Your Policies and Procedures

This is not a routine request from a patient to access their health records or a request to disclose their records to a third party like a lawyer or insurance company. In those routine requests, patients are generally required to provide a written, signed consent before you can disclose their records.

When you receive a court order or subpoena to produce patient records at a court or other legal proceeding, you are not required to get a signed consent from the patient.

Each healthcare practice should have detailed policies and procedures on how to prepare patient records for a court order. Review these now.

If you don’t have up-to-date policies and procedures, see the Practice Management Success Tip, How to Prepare Patient Records for a Court Order.

Validate the Court Order

Read the court order carefully. In particular,

  • Phone the contact number on the court order.
  • Confirm the date, time, and location that you are required to appear.

Locate the Patient Record

Find the patient information maintained in an electronic database, electronic medical record (EMR) and/or paper records. Remember to look for both active and inactive patient records as needed by the court order.

Read the patient record carefully, line by line, to ensure that the record is complete. For example, make sure that all lab reports, prescriptions, consultation notes, etc. are included in the record.

Secure the record to prevent snooping or modification to the record. Also ensure that the record is available for continuing care and treatment of the patient, if needed.

In an electronic record, prepare an audit log of all the transactions on that patients’ chart.

Ensure there is no duplicate or second chart for the patient that may have been created in error. Search by alternate names, spellings, date of birth, etc.

Ensure that each custodian included in the patients’ care and your healthcare practice’s privacy officer is informed of the court order to produce the record. The custodian should be provided an opportunity to review their clinic notes. Remind the custodian that they cannot further disclose the patient's record.

Prepare the Patient Record

Review the court order and identify exactly what information is requested. It might be for specific dates or a condition or treatment.

Keep complete and detailed notes about how you prepared your response to the court order. You will bring your notes with you to court to assist you in your testimony about how your clinic creates and maintains patient records and what you did to respond to the court order. After your court appearance, you will maintain your notes as part of the business records for the clinic.

Collect the information and record each of your steps and your results, including the records that you searched for as well as those that you did not find any results for.

If you maintain your patient records in an electronic medical record (EMR) or digital practice management software, print out a hard copy of all the information that responds to the information that is requested.

Sever (also known as redact or black-line) any information that is not appropriate to include in the disclosure. Cross-reference each redacted entry to the legal authority not to include the information in the disclosure.

Redact patient record when preparing for a court order

If you are using an EMR, organize the paper print-out in a format that makes sense. This might be in chronological date order, or by grouping like records (clinic notes, lab results, etc.) together.

Create a ‘Table of Contents’ of the information in the patient record. This will help you in your testimony to quickly find requested information, and to help the court to locate information in the records that you have prepared.

At the same time, handwrite in ink at the bottom of each page the sequential page number in the package. Update the table of contents with the page numbers.

Stamp ‘COPY’ on each page.

When the package is complete, make a photocopy (or two) of the entire package. The ‘original’ paper copy will be maintained at the clinic. Bring the original and the copy to court and ask the court to accept your copy. Return the original package to the clinic and securely maintain this as part of the business records of the clinic until the court file is complete.

When You Attend At Court

As the clinic manager, your role at the court is to tell the court how patient information is collected and maintained in your healthcare practice. Your job is not to interpret the content of the clinic notes.

A few days prior to the court date indicated on the court order, phone the clerk’s office or witness support office to confirm the date, time, and location of the proceedings and if you are still required to attend.

provide testimony at court

On the day of the proceedings, report to the clerk of the court.

Bring with you the court order, your photo ID, the patient record, and your notes. Bring a good book to read in case you have a long wait.

You will be advised (again) if you are required that day. If you are not required, the clerk will make a notation on your court order to appear that you attended and that you have been dismissed. Keep this in your business records with the patient record.

If your testimony and the patient records are required, you will be called as a witness during the court proceeding.

You will be asked to swear or affirm an oath to speak honestly during your testimony.

Typical questions that you should be prepared to answer include:

  • Your name.
  • Your role at the clinic, how long you have been in that role, your routine tasks and responsibilities at the clinic.
  • Describe how patient records are maintained. Be prepared to explain your EMR or computer patient management system (if you have one).
  • Bring your notes about the steps that took to prepare for the court order. You may ask permission of the court to refer to your notes that you created when preparing to respond to the court order during your testimony, if necessary.
  • Explain that the patient records are kept electronically and that you have prepared a paper print-out of those notes.
  • Be prepared to explain how you know that the records are complete, not missing any details, etc.
  • If the court asks you to enter the records into evidence, explain that you have an ‘original’ and a ‘copy’ and ask the court to accept the ‘copy’ into evidence.

When You Return to the Clinic

Complete your notes by documenting your day at the court. Write a short summary of your day including:

  • Did you give a copy of the patient records to the court? To whom?
  • Remember to add this notation to the patients’ record that you disclosed this information according to the court order.
  • Any follow-up required for this disclosure?
  • Review your procedures. Anything that you would edit or provide additional instructions that will help you to be better prepared for next time you receive a court order?
  • Submit a copy of your out of pocket expenses (parking receipts, meals, etc.) for re-imbursement by your employer, if applicable.

What You Should Do Now

  1. Review your policies and procedures now to ensure that it includes how to respond to a court order.
  2. Train your reception staff on what to do if they receive a court order.
  3. Train your privacy officer and clinic manager on how to prepare a patient record for a court order.

Depending on where you work, you may receive a court order regularly or it might be a once-in-a-career experience. When you have policies and procedures and a little bit of training to assist you, you can respond to a court order calmly and confidently.

If you are a member of Practice Management Success, login and access the ’Procedure:  Preparing Patient Records for a Court Order’ template and the replay of the tutorial video.

Download Practice Management Success Tip - Preparing Patient Records for a Court Order Now!

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

court order patient records, health care, health records, healthcare, medical, Practice Management Success, subpoena to produce patient records, template procedure

Do You Use Employee Privacy and Security Policy and Procedure Checklist Templates?

Posted on December 21, 2020 by Jean Eaton in Blog

Why Do You Need Policy and Procedure Checklists for Onboarding and Exiting Employees?

There is much excitement when we welcome a new hire to our team and there are many administrative tasks that need to take place to get this individual up and running. An employee policy and procedure checklist will help!

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed to protect patient privacy as required by our professional colleges and privacy legislation. Otherwise, you face all sorts of risks, including privacy breaches and other legal problems.

To ensure that onboarding a new employee is a smooth transition, it is imperative to follow a practical checklist procedure to make sure no important steps are missed. There are also many other managerial benefits to adopting this high-quality process:

  • Better job performance and satisfaction
  • Greater commitment to protecting privacy in the organization
  • Reduced stress and better staff retention

Employee Privacy and Security Policy and Procedure Checklist

Policies and procedures are reasonable safeguards to protect the personal and health information entrusted to us. But polices and good intentions alone are not enough; we also need to take action to ensure our policies are understood and are being followed by all our employees.

Training new and existing staff on privacy and security best practices is instrumental in making your healthcare practice a success and maintaining its fine reputation. Following a systematic approach to welcoming a new employee, transitioning an existing employee into a new position, or offboarding an employee who is exiting will guarantee that valuable privacy and security training and accesses are completed.

Read this Privacy Breach Nugget that explains what can happen if you don’t have these good practices in place. Do You Know Where Your Policies And Procedures Are? 

New Employee Orientation / Onboarding

New employees are a welcome addition to any team and there is a vast amount of training that needs to take place from general procedures on how to handle phone calls to signing confidentiality oaths to becoming familiar with all policies and procedures, in addition to learning the everyday job duties for their own position.

Since privacy is good for business, we do not want to miss any important opportunities to train our new staff on privacy and security best practices. Using the Employee Privacy and Security Checklist will help facilitate training discussions and document the authorized accesses of each employee.

Existing Employees / Annual Review

The checklist will also act as a tool for each employee at their performance review. Provide positive feedback and observations of an employee’s successes in protecting personal information. Discuss opportunities for improvement, too. This is also a good time to review an employee’s current authorized role-based accesses and determine if any changes are needed to match the employee’s current job duties.

Ensure that the employee still has ‘tokens’ that they were given at the time of their hire, like identity badge, keys to the clinic or Alberta Netcare RSA fob.

Privacy and security best practices dictate that confidentiality oaths should be signed on an annual basis and annual privacy awareness and security refresher training should also be provided to all employees. In the event of a privacy incident or breach, it is imperative that a healthcare practice can prove by their documentation that regular privacy and security training is provided to their staff.

Transferring / Exiting Employees

When an employee transitions into a new role or is terminated, review and update the privacy and security checklist to ensure that access and permissions are appropriately modified or terminated.

Custodian Responsibility

Custodians have an obligation to ensure reasonable safeguards to protect the privacy and security of health information. This includes having appropriate policies and procedures in place, as well as demonstrating and documenting that you have implemented your plans. This is a requirement of professional college standards of practice and privacy legislation like the Health Information Act (HIA).

See the article Do You Know Where Your Policies And Procedures Are? to learn what can happen to you if you don’t have your employee training process well documented

The Employee Privacy and Security Checklist will make it easy for you to ensure your new hires, existing employees, and transferring or exiting employees are privacy and security compliant.

 

Download the FREE Report - Employee Privacy and Security Policy and Procedure Checklist Template

Your practice also needs to have policies and procedures that set out how you ensure the privacy, confidentiality, and security of the health information you collect, use, and disclose. Don't know which policies and procedures you need? Download the Privacy and Security Policies and Procedures Checklist below!

Show Me the Policy and Procedure Checklist!

Practice Management Success

If you are a member of Practice Management Success, login and access the webinar replay, and the policy, procedure, and checklist template.

Not a member? Join today!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies And Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

When we know better, we can do better…

Jean L. Eaton is constructively obsessive about privacy, confidentiality, and security expecially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

 

 

checklist, clinic, health care, healthcare, medical, policy, Practice Management Success, privacy, procedure, template

Healthcare Policies And Procedures

Posted on November 30, 2020 by Jean Eaton in Blog

Healthcare Policies and Procedures: What Are They and Why Do Practices Need Them?

 

Healthcare policies and procedures are essential tools in EVERY healthcare practice.

We use written policies and procedures to ensure consistent office procedures and good communication between team members, but it doesn’t stop there.

Before we get to the many benefits of healthcare policies and procedures, let’s cover exactly what these terms mean.

Not sure which policies and procedures you need? Click here to find out!

Policies and Procedures Defined

For our purposes today, this is what we mean by these terms:

Policy: A set of ideas or plans that is used as a basis for making decisions.

Procedure: A fixed, step-by-step sequence of activities or course of action.

Both policies and procedures serve several important purposes in a healthcare practice.

Policies and procedures can help you:

  • Protect your practice with consistency in decision making and implementing routine tasks.
  • Provide team members direction and guidelines; help avoid micromanaging. Here’s more information on how policy and procedure checklists help with employee privacy and security.
  • Ensure quality and cost-effective processes.
  • Well thought out policies and procedures reduce re-work and make for more efficient practices.
  • Encourage team members to work to their full scope of responsibilities.
  • Contribute to compliance, including professional standards, HIA, insurance.
  • Protect your healthcare practice by demonstrating your administrative safeguards.

As powerful and effective as policies and procedures can be, they can also pose certain problems or risks if they’re not implemented properly — or if they don’t exist in the first place.

On that note, if you have policies and procedures in place, it’s also imperative to know where they are. Don’t miss this cautionary tale where I tell you why.

If your policies and procedures are unclear or non-existent, these are some of the risks you expose a healthcare practice to:

  • Fines and even jail time for the healthcare provider
  • Increased conflict and potential for misunderstanding within a practice
  • Increased conflict between employees, misunderstanding, and poor customer service
  • Poor business decisions and wasted time and money

Simply talking about your policies and procedures is not a good business strategy! You need to have clear healthcare policies and procedures in place if you want to reap all of their benefits.

So, let’s go over what makes a good healthcare policy with a clear and effective design.

Policies ask WHY and WHAT

Policies are the steps to put your goals into action — policies are proactive.

The WHY: Why is this policy needed? It is the general guide for decision-making.

The WHAT: What do you want to show for programs, activities, and services?

Each year, policies need to be reviewed and authorized by the clinic manager, privacy officer, healthcare provider and/or owners. Your team members need the opportunity to review and understand the policies regularly, too.

Review policies to assure that they reflect what the clinic is doing and that the clinic is following the written policy. Changes may need to be completed and approved.

Now, let’s cover what makes for good procedures before we get to how to create your manual.

Procedures ask HOW

The HOW: How you plan to carry out the objectives and details listed in your policies?

Your procedures should include sufficient detail so a new employee can complete a task based on the information provided.

We’ve discussed the objectives of your policies and procedures for your healthcare practice, now here are some useful tips for actually creating your policies and procedures manual:

  1. Include screen prints if computer-based.
  2. Include video explanations.
  3. Format the policy and procedures so that each policy or procedure is a separate, stand-alone document.
  4. Assign a NUMBER to each policy and procure to make it easy to reference in your PIA, or direct your staff to review. You can use any numbering system that you want — I usually use a sequential numbering system.
  5. Headings make it easier to group your information which makes it easier for the reader to review and then focus on the details that they need. Repeat the same headings throughout the policies and procedures to provide consistency across the manual. Use the headings as needed; not all policies or procedures need all the headings.
  6. Cite legislative and standards requirements, like the HIA.

When you’re implementing changes to these policies and procedures or creating them in the first place, be sure to involve key parties. This includes:

  • Custodian/trustee/business owner
  • Clinic manager/team lead
  • Privacy officer

Remember, implementing a new procedure or policy successfully must always include training and discussion with your team.

Which Privacy and Security Policies and Procedures Do YOU Need?

Without well-documented, written policies and procedures, you open your healthcare practice up to a whole host of problems, including major legal issues.

Does your clinic have appropriate policies and procedures?

Not sure which policies and procedures you need? Click here to find out!

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them!

Your healthcare practice needs written policies and procedures to assist you to correctly, efficiently, and confidently collect, use, access, and disclosure of health information so that you can meet your accreditation, privacy impact assessment, and regulatory compliance requirements.

Now For Medical, Dental, Chiropractic and Nursing, Too!

  • Starting with a template saves you time and money
  • Be privacy and security compliant
  • No special software to buy or learn
  • Use your existing MS Word and MS Excel office productivity software
  • One-time fee
  • On-line support
  • Available now!

Click the >> arrow to watch a short demo of the robust manual you can create quicker than you thought possible!

Show Me Policy And Procedure Templates!

Different Policy and Procedure versions available for your specific type of healthcare practice

Medical Doctor Health Information Policy and Procedure

Medical Practice

Dental Practice Health Information Policy and Procedure

Dental Practice

Chiropractor Health Information Policies and Procedures

NEW!
Chiropractic Practice

Nurse Practitioner Health Information Policy and Procedure

NEW!
Nurse Practitioner Practice

Registered Nurse Health Information Policy and Procedure

NEW!
Registered Nurse Practice

Health Information Policy and Procedure Manuals ready for you now!

Step 1: Complete the questionnaire and download the templates

Step 2: Easily generate draft 24+ policies and 28+ procedures and forms using MS Word

Step 3: Edit the documents

Step 4: Video coaching and best practices for the policies and procedures and implementation tips

Step 5: Customize for your healthcare practice

Step 6: Video orientation for your employees

Show Me Policy And Procedure Templates!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies And Procedures Are?

Why Do You Need Health Information Policies and Procedures?

New! Health Information Policy and Procedure Manuals

Safeguards: The What, Why, and How

When Do You Need a PIA Amendment?

When is a Privacy Breach a Privacy Breach?

clinic, custodian, health, Health Information Act, healthcare, HIA, medical, physicians, PIPA, Policies and procedures, Privacy Impact Assessment, reasonable safeguards

Will MyHealth Records Patient Portal Impact Your Healthcare Practice?

Posted on November 6, 2020 by Jean Eaton in Blog

Patient Portals Improves Access To Own Health Information

Residents of Alberta can now access their personal COVID-19 and other lab test results, immunization history, dispensed medication history and more in their own MyHealth Records – the patient portal view of Alberta Netcare.

In October 2020, parents can now access their children's COVID-19 test result lookup, too.

The sign-up process has recently been changed to permit rapid sign-up to access MyHealth Records.

Watch the short video above for my quick review of MyHealth Records.

MyHealth Records

The Alberta Netcare website says that MyHealth Records is a Personal Health Record for Albertans to access some of their health information, such as lab results, medications, and immunizations drawn from Alberta Netcare.

MyHealth Records also provides access to several health and wellness tools to help track and maintain overall health. (See the complete list of features here.)

Alberta Health has announced that the first step for patients to access thier own records is to request your MyAlberta Digital ID (MADI) which will eventually act as your login credentials to the ANP.

If you have not already registered for MADI access you may do so here:  MyAlberta Digital ID.

You will see 2 options – one for a basic account and one for a verified account. Select the verified account.

You will receive a personal identification number (PIN) in the mail.

When you have a verified account, you can go to your MyAlberta Digital ID account and add a new MyHealth Records access.

You can do this now – no need to wait!

You will (probably) have access to medications dispensed by pharmacists and lab and diagnostic imaging tests results for the last 18 months. Remember, not all test results are available.

You can now also add your own journal entries for your weight, food diary, exercise diary and other tools to help you manage your health.

If your healthcare provider is also using the secure messaging system supported by MyHealth Records, you may be able to send a secure message to your healthcare provider, too.

This is a patient portal into your health information maintained by Alberta Health Services and Alberta Netcare.

The original or ‘source’ data continues to be securely managed in the service providers’ originating electronic systems. The originating systems and their custodians are required to keep the records for the entire records retention period; generally 10 years.

The information in the MyHealth Records portal may only be available to you for 18 months to 2 years. If you choose to add information to your account, I believe that information will be maintained for a limited time (for example, 2 years).

Patient portal

Patient Portals Can Reduce Barriers

The use of  a patient portal can reduce barriers for patients to access their own records. Other benefits to patient portals  may include:

  • Increased empowerment to patients who can access their own results in a timely fashion
  • Better communication with patients
  • Fewer access requests (and increased administration efficiencies)
  • Fewer missed appointments (and increased access to care)

How Will Patient Portals Affect Your Healthcare Practice?

Will you tell your patients that they can access some of their lab results themselves directly from MyHealth Records?

Let me know your experiences with patient portals and your questions. I really would like to know your thoughts on how portals may impact your healthcare practice.

⇓ ⇓   Click the >> arrow button to play the video!

     

Patient Portals In Your Healthcare Practice

Patient portal

Patient Portals Can Reduce Barriers

The use of  a patient portal can reduce barriers for patients to access their own records. Other benefits to patient portals  may include:

  • Increased empowerment to patients who can access their own results in a timely fashion
  • Better communication with patients
  • Fewer access requests (and increased administration efficiencies)
  • Fewer missed appointments (and increased access to care)

How Will Patient Portals Affect Your Healthcare Practice?

Will you tell your patients that they can access some of their lab results themselves directly from MyHealth Records?

Let me know your experiences with patient portals and your questions. I really would like to know your thoughts on how portals may impact your healthcare practice.

#digitalhealth, Alberta Netcare Portal, ANP, benefits, health, healthcare, MyHealth Records, Netcare, patient portal, Patient portals

Privacy and Security In Telehealth Summit

Posted on October 5, 2020 by Jean Eaton in Blog

Growth in telehealth has exploded in 2020 – and so have the privacy and security risks!

  • 46% of consumers are now using telehealth to replace cancelled healthcare visits1.
  • Providers have rapidly scaled offerings and are seeing 50 to 175 times the number of patients via telehealth than they did before2.
  • 90% of patients prefer telemedicine over in-office visits3.

At the same time, we have seen:

  • 80% of security breaches caused by stolen or brute forced credentials.
  • Individual’s COVID-19 testing status and contact tracking inadvertently released to the public.
  • Unsecure video conferencing exposing personal information to others.

When you properly balance the opportunities of telehealth with safeguards to protect the privacy and security of our patients’ health information, you can:

  • Improve patient access to healthcare and patient satisfaction;
  • Develop viable new business models;
  • Maintain and improve patient relationships;
  • Implement flexible staffing employment models to respond to the demands of the pandemic.

Announcing Virtual Health Privacy Summit

In this Virtual Health Privacy Summit, we’re going with TED-style talks – short, engaging presentations from industry experts on compelling topics that are important to your clinic, practice, or business.

This event is ideal for chiropractors, physiotherapists, doctors, dentists, dental hygienists, dental assistants, dental technicians, receptionists, treatment coordinators, practice managers, privacy officers, or owners of a healthcare practice.

Register Now for the Virtual Health Privacy Summit!

Privacy and Security In Telehealth Summit

Wednesday October 21, 2020

 

 

Keynote – Dr. Kale Matovich
Natural Way Chiropractic

The Phoenix Plan: How Our Chiropractic Practice Uses Telehealth to Support Our COVID Recovery

The COVID-19 pandemic significantly affected the way chiropractors provide care to their patients. Dr. Kale Matovich will share his experiences of implementing telehealth solutions as an unconventional, yet essential, component of both patient care and business recovery at Natural Way Chiropractic.

 

Dr. Angela Mulrooney
Unleashing Influence

Pivoting To Online Possibilities

COVID-19 has shoved us into the future of technology-adoption in healthcare. If you don’t level up and get with the advancements, you will be left behind. Angela will discuss the best innovations and how you can make the most of them in your healthcare practice to ensure online income during shutdowns and into the future of your practice.

 

Anne Genge
Alexio Corporation

Easy and Affordable Ways to Dramatically Increase Your Security Online

“Anne takes difficult concepts and makes then interesting and understandable for everyone” (Maggie S. – attendee: Privacy & Security for Office Managers Course 2019)

Who is this for? This talk is designed for all people working with computers and will give you excellent strategies for your office and home use.

Most people have antivirus on their computers but breaches, data theft, and ransomware keep happening. Learn why, and learn how a few tweaks to how you’re working can make an exponential difference to the security of your patient and personal data.

 

Jean L. Eaton
Information Managers Ltd.

Practical Telehealth Privacy Tips For Your Practice

Your Practical Privacy Coach, Jean L. Eaton, will share practical privacy tips you need to know to implement your telehealth program including:

  • Patient on-boarding;
  • Informed consent to telehealth notice; and
  • How to easily document telehealth encounters in your practice.

 

Lauren Sergy
Up Front Communication

The Keys to Buy-In: How to Get Staff and Patients On Board With New Practices and Processes

Changing how we work can be difficult. No matter what it is you’re changing – shifting your privacy practices, engaging in telehealth, or implementing some other new process – getting buy-in from staff, partners, and patients is crucial to the success of your initiative. In this fascinating session, communication and speaking expert Lauren Sergy will take you on a high-level look at how persuasion works, revealing key strategies to getting the buy-in and commitment you need from your staff.

Register Now for the Virtual Health Privacy Summit!

This is the second summit from Canada's Health Privacy Summit. 

People are talking about the Canadian Health Privacy Summit! 

“Absolutely great and informative summit :)”

“This was the best presentation on this topic that I have heard in the 50 years that I have practiced.”

“Great opportunity for those of us who are in the dental industry to learn about issues related to digital information security”

“A lot of information packed into an afternoon with an opportunity to learn more and connect with the presenters made this a valuable learning experience. Looking forward to the next summit. Thank you!”

References:

(1, 2) McKinney COVID-19 Consumer Survey, April 17, 2020. https://www.mckinsey.com/industries/healthcare-systems-and-services/our-insights/telehealth-a-quarter-trillion-dollar-post-covid-19-reality# 

(3) Dr. Mike Greiwe, Practice Management Nuggets, 2020 September 22, https://practicemanagementnuggets.live/why-medical-practices-will-have-to-offer-telemedicine/ 

We are Cybersecurity Awareness Month Champions!

The Health Privacy Summit is a Champion of online safety and data privacy. This #CybersecurityAwareness Month we're hosting the Privacy and Security In Telehealth Summit October 21! #BeCyberSmart @StaySafeOnline @Cyber #vhps2020

#CybersecurityAwarenessMonth, privacy, security, telehealth

October Is Cyber Security Awareness Month!

Posted on October 1, 2020 by Jean Eaton in Blog

If You Connect It, Protect It

In healthcare practices, we have a responsibility to ensure reasonable safeguards to protect personal health information. In the early days of a clinic opening, your privacy impact assessment includes a privacy risk analysis that identifies potential risks to the privacy, confidentiality, and security of health information – and all the ways that you will mitigate and prevent those bad things from happening.

Threat Risk Assessment

As a practice matures, you are expected to regularly re-evaluate the risks to health information and conduct a new threat risk analysis (TRA). Conducting a TRA is a reasonable safeguard as described under the Alberta Health Information Act (HIA) and part of your obligations with information sharing partners, like Alberta Netcare Portal.

This is part of your Privacy impact assessment (PIA) amendment or update.

This is where you demonstrate that the custodians and the leadership of the clinic understands the importance of privacy and security. The TRA should review and update the original risk analysis – and describe what you have done lately.

The TRA should include administrative, technical, and physical safeguards.

IT Asset Inventory

You need to know where your personal health information – and other business, confidential, and sensitive information resides – before you can protect it.

A review of all the devices in your clinic that contain personal health information is one example of a technical safeguard. Your information technology (IT) computer network vendor or managed service provider should be conducting a regular enterprise-wide IT asset inventory. Generally, an enterprise-wide IT asset inventory is a comprehensive listing of an organization’s IT assets with corresponding descriptive information, such as data regarding identification of the asset (e.g., vendor, asset type, asset name/number), version of the asset (e.g., application or OS version), and asset assignment (e.g., person accountable for the asset, location of the asset). Listen to the Help Me With HIPAA podcast episode 273 for a great discussion on why this is so important.

The clinic’s system administrator or privacy officer should review the IT asset inventory with the MSP to ensure that all listed devices – both the devices managed by the MSP and any other connected devices – are included in the inventory.

In your PIA amendment, remember to include when you most recently completed your IT asset inventory, who was involved in the development, when it was reviewed by your custodians and leadership, and the actions that you took based on the results of your assessment.

See the Summer 2020 OCR Cybersecurity Newsletter Making a List and Checking it Twice: HIPAA and IT Asset Inventories and the additional resources to assist you with your IT Asset Inventory.

Security Vendor Questionnaire

Choosing a vendor to meet your cybersecurity needs is not an easy task. To help you, the National Cyber Security Alliance has created a checklist with some questions you should consider asking current or potential vendors. it is not exhaustive, but gives you a good start. If you don't understand some or any of these questions, consider having a business partner or colleague help you interview vendors. And always remember to engage in a Service Level Agreement and Contract with the vendor so all expectations are clearly articulated.

If you are a healthcare provider, you may need an Information Management Agreement, too.

Bonus Tip – Keep your questions and responses from the vendor as part of your privacy and security risk assessment to demonstrate your diligence and commitment to reasonable safeguards to protect your business and your patients' health information.

Security Vendor Questionnaire

 

If You Connect It, Protect It Resources

Use these resources from DHS NCSAM that you can download and share right away!

INTERNET OF THINGS

CYBERSECURITY WHILE TRAVELING


Here's a great no-cost opportunity to provide cyber security awareness training to your team!

October is Cybersecurity Awareness Month, a global effort to help everyone stay protected whenever and however you connect. The overarching theme for the month is, ‘Do Your Part. #BeCyberSmart.’ and Information Managers is proud to be a champion and support this online safety and education initiative this October.

 

Events This Month

 

  • Worried About A Privacy Breach? – Live Oct 8
  • Practical Privacy Officer – Live Oct 29
  • Privacy and Security in Telehealth Summit – Live October 21

 

CyberSecurity Champions

Information Managers Ltd has been a CyberSecurity Champion for many years – and now you can, too!

We want to help you, your family, friends and our community stay protected all year long, too. We encourage you to sign up as an individual Cybersecurity Awareness Month Champion. After signing up, you’ll receive a toolkit of free resources, including simple online safety habits and steps you can take to #BeCyberSmart.

National Cybersecurity Awareness Month is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. For more information about ways to keep you and your family safe online visit https://staysafeonline.org/cybersecurity-awareness-month/ and/or cisa.gov/ncsam.

 

 

Be CyberSecurity Aware

Cybersecurity Awareness

 

  • Demonstrate to your team the importance of cyber security at work.
  • Share with your patients – by posters in your practice, blog posts, or your email newsletters – and demonstrate that your practice is cyber aware and you want to share tips with them.
  • If you have team members who work remotely, work from home, use their own mobile devices, or use the internet to connect with apps and resources – give them additional skills to do their work as safely as possible.
  • Help your team members better manage their own personal information in their personal lives – good habits that will help them at work, too!

 

Become a Champion here https://staysafeonline.org/ncsam/champions/

 

Follow Information Managers blog posts, social media, and resources that you can download and use right away!

 

#BeCyberSmart, #CybersecurityAwarenessMonth, #NCSAM, Cyber Security Awareness, IT Asset Inventory, NCSAM Champion, threat risk assessment

Snooping Conviction Earns 3 Years’ Probation

Posted on September 14, 2020 by Jean Eaton in Blog

Do you have a privacy breach awareness program in place in your healthcare practice?

Spotting a privacy breach is the first step to stopping a privacy breach.

You Can Use This Privacy Breach Example to Review and Improve Your Practices.

This Is What Happened

The clinic recognized that one of their employees viewed the health records of close acquaintances, friends, and others in the community. She did not have a need to know this information to do her job.

In one case, the employee disclosed an individual’s health information to a friend.

In June 2018, a medical clinic in Alberta reported a privacy breach to the Alberta Office of the Information and Privacy Commissioner.

The OIPC opened an investigation and subsequently referred its findings to the Specialized Prosecutions Branch of Alberta Justice. Charges of an offence under the Health Information Act (HIA) were laid.

Unauthorized Access By Employees

On September 2, 2020 the clinic former employee plead guilty in court to breaching the HIA. It is an offence under HIA to knowingly gain or attempt to gain access to health information in contravention of the Act (section 107(2)(b)).

The judge sentenced the employee to

  • $6,000 fine
  • three years probation, and
  • 180 hours of community service

 

This breach was entirely preventable.

Keep this story in mind when you are trying to determine the return on investment to deliver privacy awareness training and EMR user monitoring tools to prevent and identify early snooping privacy incidents.

You can invest a little now with privacy awareness training . . . or you can pay over and over again for an investigation and bad publicity that never ends!

 

Privacy Breaches – What You Need to Know

1. Provide privacy awareness training for each employee and healthcare provider at orientation and regularly throughout the employment.

2. Collect the employee’s oath of confidentiality, including an acknowledgement that the employee understands the principles of using only access health information necessary to perform their job.

3. Monitor your users’ access to health information to quickly identify when a suspicious privacy incident occurs. The sooner you identify a privacy breach, the sooner you can limit the risk.

4. Implement your sanction policy when needed. Your sanctions policy clearly identifies the sanctions when an employee or healthcare provider is liable of an offence under the HIA.

5. Report a privacy breach to your custodians and healthcare providers, the Office of the Information and Privacy Commissioner, and the Minister of Alberta Health and the individuals affected by the breach.

 

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

Click Here To Register for the FREE 15 Minute Training Video "Can You Spot the Privacy Breach?"

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Not sure what is considered a privacy breach? See When is a Privacy Breach a Privacy Breach?

 

Do you do routine audits? Here’s how.

Are Your Employees Privacy Aware? Start now!

References

Edmonton Journal. Former Camrose medical clinic worker hit with fine, probation for snooping health records. Nicole Bergot, Sep 10, 2020. https://edmontonjournal.com/news/local-news/former-camrose-medical-clinic-worker-hit-with-fine-probation-for-snooping-health-records

Alberta OIPC. Multiple Penalties Issued to Individual Convicted of Health Information Breaches. https://www.oipc.ab.ca/news-and-events/news-releases/2020/multiple-penalties-issued-to-individual-convicted-of-health-information-breaches.aspx 

clinic, custodian, health, Health Information Act, healthcare, HIA, mandatory privacy breach notification, medical, physicians, privcy breach, probation, snooping in healthcare;

How AI Improves EMR Auditing

Posted on September 8, 2020 by Jean Eaton in Blog

Healthcare providers and clinic managers have three common myths about EMR user monitoring auditing.

Myth #1 – The electronic medical record EMR automatically does all the auditing – I don’t have to do anything

Myth #2 – I don’t have to audit my users – I know them

Myth #3 – I won’t have to worry about this until I have a breach

Rob Pruter, the User Monitoring Expert at SPHER is my guest on this episode of Practice Management Nuggets For Your Healthcare Practice!

He’s going to share with us how to protect your practice and your patients when you use Artificial Intelligence (AI) technology that can recognize unusual activities and generate a warning message.

Finally, an easy way to perform user monitoring and quickly recognize risks from external bad actors and employee snooping incidents!

Rob Pruter's #1 Tip to Healthcare Providers, Clinic Managers, and Privacy Officers

Nobody goes to the doctor to get their identity stolen! Click to Tweet

My Favorite Takeaways From The Podcast

  • Patients trust their healthcare providers – not just about their medical information, but personally identifying information, too.
  • Identity and access management is critical! Everyone needs a unique user ID.
  • Increasingly important given the trend to remote access and browser based EMR access. Don't be complacent just because you can't see the users.
  • Artificial Intelligence (AI ) technology can quickly recognize unusual activities and generate a timely warning message so that you can react appropriately.
  • You don’t know when someone’s credentials have been compromised. People’s personal circumstances change. You need to demonstrate reasonable safeguards including user monitoring.
  • Designate a person (privacy officer, compliance officer) in the organization responsible to ensure regular review of users’ behaviour. This has a significant impact on decreasing the likelihood of being impacted by a privacy and security breach.
  •  

Featured Guest: Rob Pruter

SPHER Inc.

Rob is the Chief Revenue Officer at SPHER, Inc.

He is responsible for all global sales, marketing, and partner revenue at SPHER, Inc.

For the past 20 years, he has successfully built marketing programs and partner alliances in the healthcare IT space with larger companies and innovative start-ups.

He has a passion for protecting patient privacy and cybersecurity for the healthcare industry.

And he is my new best friend with a passion to improve audit log monitoring!

To find more from Rob, download the brochure from SPHER!

 

Be sure to tune in to my interview with Rob Pruter

How AI Improves EMR Auditing | Episode #094

 

Listen To The Podcast Here
#PracticeManagementNugget, AI, artificial intelligence, audit log, audit trail, clinic manager, compliance, healthcare, medical, podcast, review, Rob Pruter, SPHER, user monitoring
‹1234›»

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

It is a rare privilege to work with an authentic expert who fulfills their role of consultant and coach with curiosity and respect for the specific nature of their client's unique enterprise. Jean Eaton was always prepared, sat every meeting on time, listened to an endless barrage of questions and answered every one with patience, grace, and wise counsel. The end product Information Managers Ltd provided ECHO Health was exceptional; their ongoing support will be a large measure of our success going forward. I highly recommend their services.

- Dr. Gregg Trueman-Klein, NP, ECHO Health

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

1 shares