Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Do You Know Where Your Policies And Procedures Are?

Posted on September 2, 2019 by Jean Eaton in Blog

This is a cautionary tale.

And it could save you a lot of embarrassment – even legal issues.

The way a healthcare provider collects, uses and discloses personal health information (PHI) is critical to an efficient healthcare practice. 

It’s also required by legislation and professional college regulations and standards.

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed. Otherwise, you face all sorts of risks, including privacy breaches and other legal problems.

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed. #PoliciesClick to Tweet

Don't let this happen to you!

Everyone in a healthcare practice — including front office staff, wellness practitioners and physicians and other custodians — must be aware of and follow these policies and procedures.

These policies and procedures also become the foundation of your privacy impact assessment (PIA).

That’s why, in this Privacy Breach Nugget, we’ll review a privacy breach investigation report from Alberta's Office of the Information and Privacy Commissioner (OIPC). Whether you have a new practice, or an existing practice, we have a number of services and resources designed to help you manage your practice in a way that not only meets legal requirements, but is streamlined and efficient, and keep your information secure.

What Happened

This report started with an employee suspected of accessing health information for an unauthorized purpose. 

It started with at the clinic with a conflict between the employees and the employer.

An employee (Employee A) was on leave from her position at the clinic. Her access to the electronic medical record (EMR) was suspended during her leave.

Employee A wanted to access patient information to support her dispute with management. Over two months, Employee A used Employee B’s credentials to access patient records.

This action is in contravention of the Health Information Act (HIA) sections 27 and 28.

This is where this case becomes even more convoluted and, in fact, a better case study of what not to do.

Employee Dispute

Understanding the Health Information Act

The Health Information Act (HIA) requires the custodian (the physician, in this case) to take reasonable steps to maintain administrative, technical, and physical safeguards to protect patient privacy as required by sections 60 and 63 of the HIA, and section 8 of the Health Information Regulation.

In November 2013, the clinic submitted a privacy impact assessment (PIA) to the OIPC prior to its implementation of an electronic medical record (EMR).

The PIA included written policies and procedures.

The letter to the OIPC accompanying the PIA was signed by two physicians, as well as Employee A who was the privacy officer at that time.

The physician named in the investigative report is not the current custodian at the clinic. The physician was hired in 2015 and therefore not a member of the clinic in 2013 and not involved in the initial PIA submission.

During the investigation, both employees indicated that the policies and procedures to protect patient privacy were in a binder in the clinic, but it was never used or shared with the staff.

Oaths of confidentiality may have been previously signed by the employees, but the documents could not be produced during the investigation.

Section 8 (6) of the Regulation states the ‘custodian must ensure its affiliates are aware of and adhere to all of the custodians administrative, technical, and physical safeguards in respect of health information.’

It’s common practice for clinics to require employees to sign confidentiality agreements and ensure that they receive patient privacy awareness training with regular updates.

But in this investigation, the employees said they never received privacy awareness training.

Policy and Procedure Manual

Access To Patient Information

The employees also stated it was common practice at this clinic for individuals to not log off of their EMR account on the computers at the reception desks. It was common practice for other employees to access an open session to quickly perform a task in the EMR.

The investigator concluded that the physician was in contravention of the HIA section 63(1) which requires custodians to establish or adopt policies and procedures that would facilitate the implementation of the Act and regulations.

These specific findings were made:

  • The custodian failed to ensure the clinic employees were made aware of and adhered to the safeguards put in place to protect health information in contradiction contravention of section 8(6) of the regulation.
  • The custodian was in contravention of section 8(6) of the regulation which requires custodians to ensure that their affiliates are aware of and adhere to all of the custodian’s administrative, technical, and physical safeguards with respect to health information. It’s important to note any collection use or disclosure of health information by an affiliate of a custodian is considered to be the collection, use, and disclosure by the custodian.
  • The custodian failed to ensure the employee and the other clinic staff adhered to technical safeguards as required by section 60 of the HIA and section 8(6) of the regulations.

Privacy Breach Nuggets You Need to Know

Privacy breaches are in the news every day. The more you know how breaches can affect you allows you to be more proactive to prevent privacy breach pain.

Get Your Privacy Documents In Order

To protect yourself and your practice from patient privacy breaches (and massive fines, see the conclusion to this article), follow these steps. 

  1. Find your policies and procedures and review them with all staff and custodians. Make sure you document that this has been done.
  2. Review and update your privacy awareness training and ensure all staff, including custodians, have completed this recently. Make sure you have this documented, including certificates of attendance if available.
  3. Oath of confidentiality documents should be signed by all of all clinic staff and custodians and maintained in a secure location.
  4. Review your privacy impact assessment and ensure all of your current custodians have read this and understand it. Visit this post for more information to help you determine if you need a PIA amendment.

Monitor

This incident occurred in 2016. The OIPC office did not recommend any additional sanctions against the clinic, physicians, or employees.

To get templates of policies and procedures for your healthcare practice, be sure to sign up for the Practice Management Success Membership

New Amendments To The HIA

This case might have turned out differently today.

New amendments, as of 2018, provide a provision for fines under the HIA ranging from $2,000 to $200,000.

The public — and our patients — expect and trust us to make sure that their personal health information is kept secure and confidential.

It’s our responsibility to make sure we have these administrative, technical, and physical safeguards in place and are maintained in a consistent fashion.

When you've done the hard work to implement your patient privacy policies and procedures and your privacy impact assessment, make sure you continue your journey and keep these documents up-to-date and current. To help you, sign up for the Practice Management Success Membership.

There are many patient privacy breaches in the news each day, and you never know when it could happen to you.

The more you know about the breaches and how they can affect you allows you to be more proactive to prevent privacy breach pain. If you need to prepare your privacy breach management plan, start your on-line training 4-Step Response Plan right away!

If you need templates of policies and procedures for your healthcare practice, be sure to sign up for the Practice Management Success Membership. These tips, tools, templates, and training will help you save time and money to develop and maintain policies and procedures in your healthcare practice.

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

Click Here To Register for the FREE Training Video "Can You Spot the Privacy Breach?"

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies And Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

Safeguards: The What, Why, and How

When Do You Need a PIA Amendment?

When is a Privacy Breach a Privacy Breach?

References and Resources

Alberta Office of the Information and Privacy Commissioner. Investigation Report H2019-IR-01 Investigation into alleged unauthorized accesses and disclosures of health information at Consort and District Medical Society Clinic. May 21, 2019. https://www.oipc.ab.ca/media/996888/H2019-IR-01.pdf

#PrivacyBreachNugget, Alberta, clinic, custodian, health, Health Information Act, healthcare, HIA, medical, Patient privacy, physicians, Policies and procedures, Prevent privacy breaches, privacy, privacy breach, Privacy Impact Assessment, reasonable safeguards, templates

Meeting Leadership Podcast – Why Leaders Should Understand Privacy

Posted on September 2, 2019 by Jean Eaton in Blog

I'm tickled pink to be a guest on the 5 minute podcast with Gord Sheppard!

Meeting Leadership Podcast – Learn How To Become An Outstanding Leader Who Runs Highly Effective Meetings

On the podcast, we talked about What Leaders Need To Know To Start a Privacy Program.

Here’s a summary of our discussion.

Train Your Team About Privacy And Security

You must train your team about privacy and security in your practices.

Let me use an example. A business in Alberta had a privacy program in place in 2013. In 2018 they experienced a privacy breach where an employee was snooping and got caught. When the Commissioner's office did the investigation, nobody in that practice, nobody in that business could find the policies and procedures that they had in place in 2013. The staff told the investigator that they hadn't received any training since that time. (See the article, “Do You Know Where Your Policies Are?”)

We need to make sure that we're providing privacy and security training on a regular basis, not just on orientation. You need to keep privacy and security top of mind.

Privacy Is An Investment That Will Save You Money

Privacy awareness training and proper policies and procedures is an investment and it is part of your operating costs. It will also save you time and money by avoiding re-work and re-training. When you have  good policies and procedures in place and you're making the right decisions, you're avoiding all sorts of other costs about fines, a bad reputation, poor customer service. When you build that into your practice, you're going to reap the rewards about having an efficient practice and making sure that you're meeting all those requirements.

The Benefits Of Naming a Privacy Officer

Every business needs to have a privacy officer in your organization. This is somebody that you have assigned with the responsibility to make sure that there's a privacy management program in place. Now, not all privacy officers need to know everything. They do need to know those important questions and they need to know how to make it practical for your business.

Stay tuned for an announcement about the new course, The Practical Privacy Officer starting in September.

When You Understand Privacy, You Make Better Business Decisions!

When you have good privacy practices in your business, you will make sure to also select the best vendors who can work with you that also demonstrate their knowledge and support about privacy practices. You can build privacy practices into your business contracts and your agreements. This will also help you to grow your business reputation and attract better business partners and business suppliers and better clients and customers for your organization.

I've put together a checklist for you about the 10 Key Steps To Prevent A Privacy Breach.

Download the checklist and make sure that you implement these best practices in your business.

10 Key Steps To Prevent a Privacy Breach

Meeting Leadership Podcast

Learn How To Become An Outstanding Leader Who Runs Highly Effective Meetings – Daily Episodes –  in just 5 minutes!
Poor communication is bad for business. At Meeting Leadership Inc. we take a unique approach to helping you learn how to communicate more effectively. First we help you turn your meetings into highly productive events that drive your organization strategy. Then we empower you with the ability to use online education to tell your story to the most important people in your world.

Check out the Meeting Leadership Podcast here!

 

leaders, Meeting Leadership Podcast, privacy breach, privacy management, privacy officer, privacy officer training, privacy program

Privacy Principles Applies After Death

Posted on August 5, 2019 by Jean Eaton in Blog

Are your staff looking at medical records when they shouldn’t be?

Many people have the mistaken impression they can look at a patient's medical records as long as they don’t tell anyone else.

You can’t.

We see over and over again in ‘snooping’ cases where seasoned and new healthcare providers and support team members don’t realize that looking at patient’s health information without a need to know that information to provide a health service right away is wrong.

Kate Dewhirst summarized this as

  • Privacy = don’t look
  • Confidentiality = don’t tell

We still need privacy awareness training – even those experienced healthcare providers who push back and say that they have been in the business for years still often have more to learn.

Yes, we still need privacy awareness trainingClick to Tweet

In this post I am sharing an example of the Ontario’s Information Privacy Commissioner (IPC) complaint investigation from the family of a deceased individual. Whether you have a new practice, or an existing practice, we have a number of services and resources designed to help you manage your practice in a way that not only meets legal requirements, but is streamlined and efficient, and keep your information secure.

What Happened

In 2014, a physician acting in his role as a coroner, accessed the deceased’s health record. Shortly thereafter, the family alleged that the physician, who was also a family member of the deceased, continued to access the deceased’s personal health information (PHI) contrary to Ontario’s Personal Health Information Protection Act (PHIPA).

The family submitted a complaint to the hospital. Initially, the hospital's response did not satisfy the family. The family filed a complaint to the Information and Privacy Commissioner (IPC) of Ontario.

The IPC started a complaint investigation.

Privacy Breach Investigation

Privacy Complaint Investigation

Under PHIPA, the hospital is a health information custodian and the physician is an agent of the hospital.

During the IPC investigation, the physician confirmed he “accessed the health information in response to his concern about the individual’s well-being.”

“I know now that proceeding in this way was misguided and wrong.” He would never disclose the information to anyone; that would be a violation of patient privacy and a breach of doctor – patient confidentiality.

The physician acknowledged he did not fully appreciate the related but distinct concepts of patient privacy, the circle of care, and the ‘need to know’ principle.

Confidentiality rights arise out the special relationship between the client and the health professional or provider.

In contrast, privacy rights are the general rights of all persons to limit the access to their PHI. Individuals have the right to privacy, even after death.

Individuals have the right to #privacy, even after death. Click to Tweet

4 Step Response Plan

The hospital received a complaint from the family, which triggers the first step to spot and stop the breach.

Secondly, the hospital did an initial investigation to evaluate the risks of the incident. Later, after the IPC initiated their complaint investigation, the hospital re-visited the internal investigation and completed a comprehensive review and used audit log reporting tools to assist them.

Eventually, the hospital took the third step and notified the individuals’ family of the privacy breach. However, the notification was not timely. A more comprehensive response to the families’ complaint, followed by a notice to the family may have provided a better response.

Preventing a similar breach is the fourth step.

Since this incident, the hospital has:

  • installed a new auditing program that considerably enhances its ability to detect unauthorized access.
  • updated its Privacy and Confidentiality Policy, which applies to all agents of the hospital.
  • developed a yearly electronic privacy training program for all staff, volunteers and learners and will require all credentialed physicians to complete this training as part of the annual reappointment process.
  • strengthened the privacy warning on its electronic system, which warns users that unauthorized use of personal health information may result in disciplinary action.

Privacy Breach Physician Sanctions

 

The hospital’s Medical Advisory Committee recommended to the Board of Directors that the physician’s privileges be suspended for three months, that the hospital conduct enhanced monitoring of the physician’s access to the electronic medical record for three years, and that, on his return to practice, the physician be required to present at Grand Rounds on the topic of privacy.

The IPC concluded that the disciplinary consequences for the physician were sufficient in the circumstances.

Privacy Breach Nuggets You Need to Know

Privacy breaches are in the news every day. The more you know how breaches can affect you allows you to be more proactive to prevent privacy breach pain.

Privacy awareness education is more than just having policies and procedures. Demonstrating good practices, regular discussion about examples, and even gamification helps to ensure that all members of your healthcare team understand their roles and responsibilities.

If you need to start or update your privacy awareness training program, check out the on-line education Privacy Awareness in Healthcare: Essentials.

If you need to start or update your privacy breach management program, check out the 4 Step Response Plan; Prevent Privacy Breach Plan.

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

Click Here To Register for the FREE Training Video "Can You Spot the Privacy Breach?"

References and Resources

Dewhirst, Kate. After Death: Who Can Access The Records Of A Patient After Death? May 7, 2019. https://katedewhirst.com/blog/2019/05/07/after-death-who-can-access-the-records-of-a-patient-after-death/

Ontario Information and Privacy Commissioner IPC Investigation Report PHIPA DECISION 74 HC15-4 Sault Area Hospital August 10, 2018.

#PrivacyBreachNugget, 4 Step Response Plan, clinic, complaint investigation, death, deceased, healthcare, IPC, medical, Ontario, PHIPA, privacy, privacy after death, privacy awareness training, privacy breach, privacy breach nugget, privacy principles

Meeting Leadership Podcast – Why Leaders Should Understand Privacy

Posted on July 26, 2019 by Jean Eaton in Blog

I'm tickled pink to be a guest on the 5 minute podcast with Gord Sheppard!

Meeting Leadership Podcast – Learn How To Become An Outstanding Leader Who Runs Highly Effective Meetings

On the podcast, we talked about Why Leaders Should Understand Privacy.

Here’s a summary of our discussion.

Privacy is Good For Business!

Privacy applies to every leader in every business. We each have personal information in our businesses. It might be information about our employees, our volunteers, or our directors. It might be information about clients and customers, our business partners, and our business suppliers. We each have sensitive information about our business.

When leaders understand privacy, you have privacy practices in place including good written policies and procedures about how you will collect, use, and disclose personal information you will be able to make sure that you are meeting regulatory compliance. Written policies and procedures makes it easy to consistently onboard employees and volunteers in a consistent way to confidently and properly manage personal information in your business.

Avoid Fines, Penalties, Charges, Time-Sucking Notification Process and Even Jail!

When you have written policies and procedures in place and you provide privacy awareness training to your staff, you can avoid fines, penalties, charges, and time sucking notification process and even jail time!

We've seen recently in the Desjardins data breach in July 2019 where an employee–somebody that was trusted within that organization—who had access to client banking and financial information improperly used that information for their financial gain. This included access to client’s name, address, date of birth, and the social insurance number and other really sensitive financial information. Apparently, because this employee wasn't happy with where they worked, they shared sensitive personal information inappropriately. This breach has affected tens of thousands of clients and individuals in Canada and it's being talked about in emergency session of parliament.

This is an absolute financial disaster for any large business because you know immediately just the marketing goodwill impact alone it takes what a million years to build up your business in an hour to tear it down in this kind of thing.

But maybe it's even more important for the smaller business. That one privacy breach is going to have a huge impact the amount of time and reputation of your business. If you also receive a fine of, say, $200,000, well I don't know many small businesses that can absorb that in a business financial cycle.

When You Understand Privacy, You Make Better Business Decisions!

When you have good privacy practices in your business, you will make sure to also select the best vendors who can work with you that also demonstrate their knowledge and support about privacy practices. You can build privacy practices into your business contracts and your agreements. This will also help you to grow your business reputation and attract better business partners and business suppliers and better clients and customers for your organization.

I've put together a checklist for you about the 10 key steps to prevent a privacy breach.

Download the checklist and make sure that you implement these best practices in your business.

10 Key Steps To Prevent a Privacy Breach

Meeting Leadership Podcast

Learn How To Become An Outstanding Leader Who Runs Highly Effective Meetings – Daily Episodes –  in just 5 minutes!
Poor communication is bad for business. At Meeting Leadership Inc. we take a unique approach to helping you learn how to communicate more effectively. First we help you turn your meetings into highly productive events that drive your organization strategy. Then we empower you with the ability to use online education to tell your story to the most important people in your world.

Check out the Meeting Leadership Podcast here!

 

Desjardins, leaders, Meeting Leadership Podcast, privacy breach, privacy management

When Do You Need a PIA Amendment?

Posted on July 23, 2019 by Jean Eaton in Blog

A Privacy Impact Assessment Is Good For Business

A privacy impact assessment (PIA) is part of a regular business process if you collect, use, or disclose personal health information in your healthcare practice. When you have a previous PIA that has been prepared, submitted to the Office of the Information and Privacy Commissioner (OIPC) and it has been accepted for use–well, that is not the end of your PIA journey.

You need to ensure that you are updating and amending your PIA as your practice matures and as you make administrative and technical changes to the procedures in your practice.

You need a PIA Amendment when you have a previously accepted PIA and any one of these common triggers below.

You Have a PIA That Was Written More Than 2 Years Ago

It is time to review and update this!

Under Section 8(3) of Alberta’s Health Information Regulation, custodians must periodically review the safeguards they have in place to protect health information privacy. This means that custodians need to regularly review the privacy risk mitigation plans set out in PIAs to ensure they continue to protect against reasonably foreseeable risks to the privacy of health information. The submission of your PIA to the Office of the Information and Privacy Commissioner (OIPC) is mandatory and must precede implementation of your new system or practice.

Change in Health Information Act (HIA) Legislation and Regulations

The HIA has undergone significant amendments in 2006, 2010, most recently in August 2018. Make sure that you have updated your privacy breach management program and include mandatory privacy breach notification to the (OIPC) and the Minister of Health (MOH). Again, ensure that your team training has been updated so that they know how to spot, stop, and report a privacy breach. (See Mandatory Privacy Breach Notification)

Changes In Your Electronic Medical Record or Computer Network

You have the same EMR database, but maybe the configuration has changed. For example, a change from a local to an application service provider (ASP) or cloud-based data centre or Software as a Service (SAS) model would trigger a PIA amendment.

Another trigger is a change in your computer network vendor or changes in wireless networking, remote access, or implementing mobile devices.

PIA amendment EMR computer network

Change in Participating Physicians / Privacy Officer

Since your original PIA, you may have new custodians, including physicians, registered nurses, chiropractors, and other health professionals named in the HIA that have joined or left your practice. Your Privacy Officer may have changed, too. Your amendment should include an up-to-date listing of custodians and privacy officers.

New Users / Information Sharing

There have been many recent information sharing initiatives in healthcare. You might now plan to participate in evaluation projects, patient panel management, or other community initiatives. Make sure that you have your PIA amendment and information manager agreements completed, too. (See – The Top 3 Agreements Your Healthcare Practice MUST Have (and Why).

A quick word of caution: if your new information sharing project includes data matching–the creation of new information by combining two or more sets of data—requires custodians to prepare a privacy impact assessment before performing data matching involving health information (HIA sections 70, 71). The custodian that carries out the data matching is responsible for preparing the Privacy Impact Assessment.

PIA amendment new users

Communicating With Patients

If you are adding new technology to keep in touch with patients for appointment reminders, on-line appointment booking, secure email or patient portals, these will trigger a PIA amendment or, perhaps, a project specific PIA. Make sure that your policies and procedures are up to date, too. (See – Can You Use Text Message With Your Patients? )

PIA Amendment Communicating with patients

Alberta Netcare Portal (ANP) / Community Integration Initiative (CII) / CPAR

ANP updated their PIA in 2016 and, therefore, you need to make sure that your corresponding policies and procedures and training have been updated, too. Remember – when you agreed to participate in ANP, you promised that you would review your threat risk analysis (TRA) and update your Provincial Organization Readiness Assessment (p-ORA) when changes occur and at least every two years.

If you want to participate in new initiatives like CII and CPAR, you need to review and update both your PIA and your p-ORA, too.

Maturing Practice

You have learned and grown since your original Privacy Impact Assessment submission. Have you implemented everything that you said that you would? Can you demonstrate that your teams have received privacy and security awareness training? Have you reviewed your Health Information Management Privacy and Security policies and procedures in the last two years?

Keeping up to date without any other significant changes to your practice may not trigger a Privacy Impact Assessment amendment. Make sure that you document your careful review so that you are prepared for your next Privacy Impact Assessment submission.

Important Business Decisions

Creating and reviewing your PIA regularly can help you to spot errors or gaps between the way that you do the work in the clinic and the way that you said that you were going to implement in your clinic.

The questions that we ask during the PIA process are important. The time that you take now to identify the potential risks and prevent those incidents from happening may save you time, money, reputation and even jail time in the future.

You Know Your Practice Better Than Anyone Else

When you have a coach to guide you through the PIA amendment process, provide you with templates, and give you feedback on your work in regular live training webinars, join me in the on-line step-by-step course, Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments.

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments

Find out more here: Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments or send me an email.

Practice Management Nuggets Podcast

This topic is included in our Practice Management Nuggets podcast! Be sure to tune in to the podcast episode

When Do You Need a PIA Amendment? | Episode #078

Listen to the Podcast
#PrivacyImpactAssessment, #ProtectYourPractice, Alberta, clinic, health care, Health Information Act, healthcare, HIA, how to do a pia, medical, Netcare, PIA, Privacy Impact Assessment, privacy impact assessment amendment, training

How To Capture Patient Satisfaction With CareSay

Posted on July 2, 2019 by Jean Eaton in Blog

‘This call may be recorded to ensure quality control.’

We’ve all heard the recorded message when we call our bank or service provider .

But, is this the best way to capture patient satisfaction with their healthcare visit experience?

Are you looking for options to capture patient satisfaction with their interactions with your office staff during phone calls and their entire visit?

There are other options that require less technology, easier to implement, respects privacy, provides a more meaning constructive, helpful, feedback for your clinic team and engages your patients to improve their satisfaction.

I reached out to Brian Lee from Custom Learning Systems about his suggestions on how to explore patient satisfaction.

Brian Lee is my guest expert on Practice Management Nuggets Podcast for Your Healthcare Practice. Brian Lee is one of North America’s leading experts in the field of World-Class patient experience, staff engagement and culture change.

In this 16 minute episode, Brian Lee, shares options for the healthcare provider and business owner to easily capture and measure the patient's experience and give them an opportunity for feedback so that you can improve patient satisfaction and patient care in your healthcare practice.

 

Brian Shares His Key Tips Including

  • Options to create a patient experience survey (including CGCAPS).
  • New tools that empowers the patient to provide clinics with feedback about their experience.
New tools empowers the patient to provide clinics with feedback about their experience.Click to Tweet

My Favorite Takeaways From The Podcast

  1. Ensure that we do constructive, positive education with our caregivers.
  2. Measure the patient's experience.
  3. Empower the patient to provide the clinic and the caregivers with feedback.

Be sure to tune in to my interview with Brian Lee on How To Capture Patient Satisfaction With CareSay | Episode #077

Then, click here to get the free CareSay Review app: the unique new app to help you Connecting service providers and patients in a whole new way!

If you are a member of Practice Management Success, login here and view the webinar replay.

#digitalhealth, #PatientCenteredClinic, #PatientEngagement, #PracticeManagementNuggets, Brian Lee, CareSay, CGCAP, clinic, Everyone's a Caregiver, healthcare, medical, patient centered clinic, patient satisfaction, podcast, review

Can You Predict Successful Privacy Awareness Compliance Training?

Posted on June 13, 2019 by Jean Eaton in Blog

Protect your organization and your patients.

Investing in privacy awareness compliance training that is engaging, practical, and easy to access will prevent a privacy breach in your healthcare practice.

But, how do you find the right training?

Look for a strong completion rate.

A high completion rate is the single best predictor of successful privacy awareness compliance training. Most on-line courses have a 6-15% completion rate.

The Privacy Awareness in Healthcare: Essentials program from Corridor Interactive has a completion rate of 95%.

And the investment is only $35 per person.

Give your patients the gift of privacy. Improve your healthcare practice with privacy awareness education.

HURRY! A privacy breach can happen at any time!

 

health care, healthcare, HIA, PHIPA, privacy, privacy awareness compliance training

Are You Drowning in Patient Referrals?

Posted on May 13, 2019 by Jean Eaton in Blog

Are you drowning in patient referrals?

Playing telephone tag with specialists and patients?

Faxing is old technology, a massive time waster, and can be very costly both financially and emotionally when faxes get lost in the system.

In our Practice Management Nugget Webinars for Your Healthcare Practice series on October 12, 2017, I spoke with Dr. Denis Vincent, Physician Founder of ezReferral. There are many things that you can do right away to improve patient referral management.

Dr. Denis Vincent's #1 Tip to improve the patient referral process:

“Find more effective ways to involve and engage the patient in the referral process.”

 

The traditional referral workflow is inefficient

string telephoneUsing phone and fax messages from the referring provider to the consulting provider and back to the referring provider and then to the patient takes time. And every time that the message is transferred, there is a risk that the message is not understood or is lost.

So, we have a tendency to create complicated backup systems to double-check and make sure that none of the steps get missed. Many practices have created a ‘referral binder’ monster – the master referral list for the clinic. This binder is full of post-it notes, tags, and phone messages and reminders to help us make sure that the referral appointment is booked, the patient is notified, and the appropriate follow-up takes place.

Patient Referral BinderEven in practices with an electronic medical record (EMR), we use a paper process to ‘make it easier’ to track patient referrals.

But the binder can only be used by one person at a time and only seen by the people in that office. The patient has no idea about the status of their referral so they phone the office regularly to ask for updates.

Receptionist phoneBut wait! We want to make sure that everyone knows what is happening with the referral. We leave phone messages and voice mail and talk to the patient, the specialist, the referring provider to remind, confirm, and follow-up.

 

Save 60 minutes for each patient referral

Denis Vincent suggests that his family physician office referral coordinator used to spend an average of 75 minutes on each patient referral. That referral cycle can take months just to get to the point where the specialist appoint is confirmed and the patient is notified.

Now, using ezReferral, the entire referral process takes an average of 15 minutes of staff time per patient referral. That is a savings of 60 minutes per referral!

You can do this when you use a synchronous patient referral management system. EzReferral is a secure cloud-based solution that manages the patient referral process with clear real-time communication that the referring provider, specialist provider, and the patient can see at any time.

Multi-disciplinary healthcare team

Multidisciplinary referralezReferral is designed to work with any multi-disciplinary referral pattern in your practice. For example, family physician to specialist physician or any other healthcare provider.

14 days from referral order to confirming appointment. Can you do that?

Starting in January 2017, physicians in Alberta must meet new time frames for acknowledging and responding to referral requests. If you are asked to consult on a patient, you will have:[1]

  • 7 days to acknowledge receipt of the request to the referring healthcare provider.
  • 14 days to let the referring healthcare provider know whether you can accept the referral.
  • 14 days to contact the patient to schedule an appointment or to confirm the status of the referral, if no appointment date has been determined.
  • 30 days to provide the referring healthcare provider with a written report after your first appointment with the patient.
  • Consulting physicians will also need to be reasonably available to respond to referral requests and ensure their process is accessible.
  • Referring physicians will have to make sure they include all pertinent clinical information (including relevant investigation results) and the purpose of the consultation with their request, to enable the consulting physician to determine whether he/she can accept the referral within the mandated 14-day time frame.

([1] College of Physicians and Surgeons of Alberta)

These are good standards to meet for every type of healthcare provider.

You can meet these standards when you use a synchronous patient referral management system. EzReferral is a secure cloud-based solution that manages the patient referral process with clear real-time communication that the referring provider, specialist provider, and the patient can see at any time.

ezReferral Patient Text Message

Patient Benefits

  1. Patient Engagement
  2. Patient Satisfaction
  3. Patient Peace of Mind
  4. Better Patient Care

Referrer Benefits

  1. Happier patients
  2. Reduce workload
  3. Eliminate the “black hole”
  4. Satisfied Staff

Specialist Benefits

  1. Reduced workload
  2. Reduce no-shows
  3. Reduce phone calls
  4. Reduce overhead
  5. Audit trail


Testimonial from Edmonton Eyelids

“Our office has been using ezReferral since July 2016. It’s easy to rave about this powerful communication tool – each referral received through this system takes a fraction of the time required through our faxed referral system, due mainly to the fact that most patients choose to receive referral notifications by text and/or email (thereby eliminating the “middle ground” in which some referrals can get lost). What truly sets ezReferral apart from ANY online interface that I have ever used: the support staff is accessible, proactive, and fast.”

Shawna Sazwan
Edmonton Eyelids

Dr. Vincent has implemented ezReferral in his family practice. I have to admit, I’m blown away with his experience that 95% of the patients choose to receive their notifications by text messaging. That’s much better than I anticipated.

This solution is ideal for healthcare practices with referrals within the medical community and even better when you are working with multidisciplinary referral teams. This works well for both paper based and electronic medical record based practices.

Watch the webinar replay now to see how you can save time, money, while improving the patients’ access to health care in a timely, efficient manner. You will also discover the key steps and timelines to prepare for implementation in your practice.

Practice Management Nugget webinar interview with Denis Vincent  was recorded live on October 12, 2017.

 

Watch the Webinar

 

If you are a member of Practice Management Success, login here and view the webinar replay and access the members-only resources.

#PracticeManagementNuggets, Dr. Denis Vincent, ez Referral, ezReferral, fax, health care, healthcare, medical, patient referral management, practice management, review ezReferral

International Receptionist Day is just one day, but recognition of this important role should occur all year

Posted on May 8, 2019 by Jean Eaton in Blog, Guest Post

A Guest Post by Nelson Scott

It seems at times that receptionists “don’t get no respect,” to paraphrase the late comedian Roger Dangerfield.

To some eyes, the job just consists of answering the phone, directing visitors to “have a seat” while waiting for their appointments, and maybe a few other tasks.

This is why the second Wednesday of May each year is designated as International Receptionists Day (IRD). According to information on the website www.internationalreceptionistsday.com, the purpose of IRD is to “foster a recognition of the importance of a receptionist's role.”

Being a receptionist is about much more than dealing with telephone calls or offering visitors coffee while they wait. Receptionists are often the first people visitors and callers encounter, and as such are the people who create initial impressions of the organization.

First Impressions Matter

Outsiders form an opinion of the organization on what the receptionist does and says. Receptionists are the face of the organization to the world.

If that first impression is negative, it will take several positive experiences to overcome that perception.

Some organizations get this. Rather than relying on the generic title “receptionist,” one company designated the person in this position as the “Manager of First Impressions.”

Recognition All Year

Hopefully, the focus on the contributions of receptionists will continue beyond this single day. The danger of designated days that pop up on the calendar throughout the year is that they create the impression that having acknowledged the contributions of receptionists, administrative professionals (fourth Wednesday in April) or teachers (October 5) on their designated day, we can check “recognize the receptionist” off our to-do list for another year and move on.

Bob Nelson, who initiated Employee Appreciation Day (first Friday in March) in 1994, shortly after publication of his book 1001 Ways to Reward Employees, described the concept of a designated day to recognize staff as “silly” in a 2015 article in Business Insider.

“I’m a big advocate of using recognition on a daily basis,” he is quoted as saying. “But I did want to have one day where we could call attention to the topic and have conversations about its importance.”

Designated dates are reminders that recognition is important and they create focus on specific positions.

The 3-F Approach

When looking for ways to mark IRD and other designated days, organizations frequently default to what I describe as the “3-F” approach: Food, Flowers and Fudge (and other Fattening treats). While there’s nothing wrong with expressing appreciation by taking receptionists to lunch, bringing them flowers or leaving a box of chocolates on their desks, I challenge you to be more creative when planning to celebrate your receptionist(s).

Make it Personal

Here are a few ideas to kick-start your creativity (you can likely come up with better ideas):

  • Leave a note of appreciation on the receptionist’s desk, where it will be the first thing that person sees in the morning.
  • Receptionists often bring coffee and tea to visitors while they wait. Turn things around by delivering a drink purchased from the receptionist’s favourite coffee shop to his/her desk.
  • Invite other staff to answer the question, “How does our receptionist support your work?” Have them write their responses in a card or a poster-sized sheet of paper which will be presented to the receptionist. Remind the staff that the more Explicit the description of the contribution, the greater the impact of their words.
  • Is there a job title that better captures the value that these individuals contribute to your organization? Ask other staff to devise titles, such as “Manager of First Impressions” that describe the essence of what receptionists do.

Recognizing receptionists—and all other staff members—is a good place to begin, but recognition should be ongoing. Recognition is a task that should never disappear from our to-do lists.

Nelson Scott

Nelson Scott – Guest Author

Nelson Scott is an Edmonton-based speaker, trainer and author who provides tools, tips and techniques to enable managers and supervisors to hire, engage and retain the right people. For more tips and articles about hiring and recognizing staff, subscribe to his newsletter Briefly Noted.

Contact Nelson here or Visit the website www.greatstaffrecognition.com or

Connect on LinkedIn or Twitter @NelsonScott_

 

Want to learn more from Nelson?

Sign up for his newsletter, Briefly Noted,

for more tips on how to improve your employee recognition

Yes, please send me the newsletter!

Briefly Noted

Admin Assistant Day, GREAT staff recognition, International Receptionist Day, Nelson Scott, Secretaries Day

Privacy Awareness Week 2019

Posted on May 7, 2019 by Jean Eaton in Blog

Privacy Awareness Week (PAW), an initiative of the Asia Pacific Privacy Authorities forum (APPA), is held every year to promote awareness of privacy issues and the importance of protecting personal information. This year, Privacy Awareness Week is celebrated May 6-10, 2019.

Protect Your Organization and Your Patients

Equip your staff with the information they need to confidently and correctly handle personal health information.

Healthcare businesses need privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Reasonable Safeguards

As an employer and health care provider, you are responsible to provide training to all of your employees about privacy awareness.

If you don’t provide the training, or if the employees don’t understand the policies and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

Patients value the privacy and security of their information.

Healthcare providers and clinic managers value privacy and security, and they value not having adverse results as a lack of compliance or patient safety issues.

Privacy Awareness Quiz

Patients trust their healthcare providers with their sensitive, personal, and financial information.

If patients don’t feel that the healthcare provider will keep their information confidential and secure, patients may choose not to share their information which may impact their healthcare and treatment.

When we are privacy aware, we can better respond to patients’ questions and build their trust in the quality of services that we provide.

Avoid Fines

On August 31, 2018, amendments to the Health Information Act (HIA) came into force that introduce a fine of not less than $200,000 for a person who fails to take reasonable steps in accordance with HIA regulations to maintain safeguards to protect against reasonably anticipated threats to the security of health information (sections 107(1.1)(a) and 107(7)).

SAY NO TO SNOOPING! If an individual affiliate knowingly breaches the privacy and security of health information, and the custodian can demonstrate that reasonable safeguards (including privacy awareness training) were in place, the individual affiliate can be charged under the Health Information Act. Fines of up to $50,000 per may be applied to the individual in addition to other sanctions from their employers and/or their professional regulatory colleges where applicable. (HIA s.107)

What Will You Do To Be More #PrivacyAware?

Join Information Managers for Privacy Awareness Week! May 6-10, 2019. #PrivacyMatters!

Information Managers would like to spread the message of #PrivacyMatters to raise privacy awareness in healthcare everyday.

Share these resources in your healthcare practice to keep privacy top-of-mind and demonstrate your commitment to privacy awareness!

Privacy Awareness in Healthcare: Essentials

 Improve your healthcare practice with privacy awareness education.
#PrivacyAwareness training in healthcare to support key policies, procedures and risk management programs.

Grab this from Corridor Interactive!

Special Privacy Awareness Week Pricing! EXTENDED!

Hurry! Expires soon!

Grab Your Privacy Awareness Training

Download Your Privacy Awareness Quiz!

Common scenarios in healthcare.

Grab Your Quiz

I Heart Privacy! #PrivacyMatters

Print badges for your team.

Or, use the done-for-you sheet of labels that you can print right away and slip into badge holders or print to stickers or labels.

You can even customize the labels and add your business name!

Instant Download Here

Download Your Monthly Privacy and Security Awareness Audit Template

Grab Your Free Privacy and Security Monthly Audit Template
#PrivacyMatters, health, healthcare, privacy awareness, training
‹12345›»

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"Jean Eaton is one of those 'critical suppliers' you keep in your email contacts list, no matter what company you manage. She really knows her stuff and delivers prompt, accurate information on time. Her courses are interesting, informative, and I like the opportunity to meet with classmates who have similar challenges."

- Kevin Morris, Shape MD, Team Leader/Office Manager

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2020 Information Managers Ltd.