Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

In Case Of Emergency, Is Your Healthcare Practice Prepared?

Posted on February 14, 2023 by Jean Eaton in Blog

When you collect, use, or disclose personal health information, healthcare providers have a duty to protect records, even during an emergency. A disaster response plan includes protecting personal information against threats and a plan to quickly resume access to patient’s health information.

We can expect disruption to our business and be prepared to

  • Preserve the safety of our employees, our patients, and our community, and
  • Ensure the continuity of health services to our patients, and
  • Mitigate the financial risks to the business.

Business continuity planning and disaster response planning are key steps in preparing for an emergency. These activities often overlap, but their focus is different.

Business continuity focuses on keeping the lights on and the business open in some capacity during an emergency, while disaster response planning focuses on getting operations back to normal. (See “Business Continuity vs Disaster Recovery: 5 Key Differences” from the University of Florida for more information.)

No matter how large or small your health care practice legislation, regulation, and business common sense tells us that we need a disasterresponse plan to protect the safety and well-being of your patients and your employees. You can re-purpose the emergency response plan to develop a business continuity plan. Just make sure you focus on the people, process, facilities, and technology assets your organization needs to function normally.

Prepare your business continuity plan before you open your health care practice. It would be bad luck to have an emergency right away but, if you are prepared, it doesn’t have to be a disaster.

Start Your Business Continuity Plan

Your owner and the management team of your healthcare practice should be the champions of developing a business continuity plan in your practice. You might also include information technology support, human resources, building maintenance, media spokesperson, and risk management advisor. It’s a good idea to set up a project plan, identify project objectives, and set target dates for completion of the assessment.

Risk Assessment – Assess Your Office’s Critical Functions and Assets

Conduct an initial assessment of your practices’ critical activities and systems. The assessment sets a baseline that will help identify what is needed to move your organization to a place where everyone on staff is prepared to respond quickly and efficiently to a potentially disruptive event.

Then, identify potential threats to your critical functions and assets. Determine which events are most likely to happen. Use these events as your starting point to create a detailed written plan. You will have greater success in preparing to lessen the harm of an event if your team can envision that it might happen to you in the next five years.

Disaster response plan Potential threats to business continuityYour list of critical activities helps you identify the mission-critical functions of your practice that must be protected and recovered and the employee positions that must be maintained. Knowing this helps you determine your priorities for your next steps.

Resources to Help You

There are many resources available to you to help you with your plan. Check with your local municipality for emergency preparedness response plans, checklists, and contact information. Print hard copies of the documents and keep in an easily accessible location in your office. Your professional associations and insurance companies are also great resources. For example, Alberta Netcare provides a ‘Clinic Business Continuity Plan Guidelines’ (January 2015).

What Can You Do Now To Prevent an Emergency

Build redundancy into your daily operations. Consider your key activities and ensure that you have an alternate plan. Name each key function and determine an alternate equipment or service provider.

For example, if your electronic medical record (EMR) or practice management software is ‘in the cloud’, you will need to use an internet connection to access your data. If your internet service provider (ISP) is down, do you have a fail-over solution so that you can smoothly switch to an alternate ISP? You might be able to use your cell phone and cell phone connection to your EMR for a little while, but could you run your busy practice from your cell phone for long?

Many of us have a list of phone numbers and contact information on our phones for people that we might need to call in case of emergency. But, if you lost your phone or your computer network, do you have a paper list of your contacts? These simple steps can help you to resume business operations as quickly as possible.

A good computer backup will help to prevent loss of data and help you to recover access to your data quickly. For more information, see Can You Restore Your Business Using Your Computer Backup?

Develop the Disaster Response Plan

The Disaster Response Plan is a step-by-step plan for responding to the emergency event. Include how you are going to make decisions and who has the authority to make decisions. For example, who will decide to open (or close) your practice? Who will authorize overtime and immediate expenses? Do you have an alternate person who can authorize decisions and expenses, too?

Make sure the plan is fully documented, both in hard copy and electronic formats.

Identify the strategies you’ll take to protect your patient/clients, employees, and mission-critical resources. This might include backing up or moving to another location followed by recovering the equipment and information and returning them to normal operations. Include a detailed evacuation plan that each of your employees can access both at work and from their home.

Include detailed phone and contact lists. Make sure the plan is fully documented, both in hard copy and electronic formats.

Locate and have on hand some ‘old school’ technology like land-line telephones, battery operated radios and flashlights.

Practice the Plan

Effective disaster response and business continuity plans requires practical training. Exercise the plans periodically to ensure they work as designed and you can recover critical systems and return operations to normal. Conduct a business continuity and technology disaster scenario at least quarterly. When you vary your scenarios, you will reinforce key core emergency recover plan principles with each scenario and test a variety of plans.

Include emergency communications, awareness and training and coordination with public authorities.

A business continuity plan in your practice is critical to protect your employees, patients, and your business to be prepared for a crisis. Your goal is to recover your health care practice to where it can provide patient care and support its clinical and administrative teams in a “business as usual” manner.

What Will You Do to Improve Your Disaster Response Plan?

Do you want more tips and resources like these – for FREE?

Join Anne Genge and I for the “Ask Me Anything” style webinar for healthcare professionals, practice managers, privacy officers, and owners on Friday, February 17, 2023 at 1pm EST.

Anne is the founder of Myla Training Co., and a multi-certified cybersecurity expert with global awards for her work in cyber risk management, ransomware prevention, as well as cybersecurity education for healthcare providers.

This month, we will be sharing disaster recovery tips for your practice.

It’s free to attend.

Once you register, you’ll have access to the Zoom link on the day of the event.

business continuity plan, disaster plan, emergency preparedness, incident response plan

Can You Restore Your Business Using Your Computer Backup?

Posted on January 9, 2023 by Jean Eaton in Blog

You know that Joni Mitchell song, Big Yellow Taxi? “Don't it always seem to go that you don't know what you've got 'til it's gone.”

This couldn't be more true than when your computer crashes. It's a terrible feeling when your software or hardware suddenly doesn't work, or you can't find an important file you know you had last month. This experience can be a speed bump on your busy day, or a nightmare that takes you days and weeks, and a lot of money, to recover.

Do You Have a Written Computer Backup Plan?

Good business practices include having regular computer backup of your key documents, bookkeeping, website, emails, and databases including your Electronic Medical Record (EMR). If your information is personal or sensitive – to you, your client, or your business – the backup should also be encrypted.

Your backup plan should include a backup of your information in a separate location than the source documents. In case of a catastrophic failure – including bad weather, fire, theft – you can access your key information assets quickly. You could manage the backup yourself or outsource it to a remote backup provider.

Where Is Your Encryption Key? 

Your encrypted backup files need a ‘key' or algorithm to de-encrypt the files so that you can read and access the information. Have you kept a copy of the encryption key in the same place as your source documents? Or have you kept the key in a separate location – away from the source documents and away from the backup files? Have you recorded in your disaster plan how to retrieve the key?

Cybersecurity is for all businesses – even if you are not using social medial or have a website! Many small business think that they are too small to be attacked – not true! Not reviewing your security practices and keeping up to date can leave your small business vulnerable to attacks.

You should review your backup plan regularly–at least annually. Check to make sure that it includes all the information that it should and that you can restore the backup to a clean machine.

A written computer backup plan is necessary, but the goal is to have a good restoration. Test your restoration process from your backup to confirm that you know how to do the restoration and that you can run your business using only the restored data.

If you use a computer managed service provider, schedule a test restore with them now! Do a complete restoration–not just a few files–to ensure that you have all the hardware, software, encryption keys, passwords, and written procedures up to date.

What will you do to improve your computer backup plan?

Do you want more tips and resources like these – for FREE?

Join Anne Genge and I for the “Ask Me Anything” style webinar for healthcare professionals, practice managers, privacy officers, and owners on Friday January 20 at 1pm EST.

Anne is the founder of Myla Training Co., and a multi-certified cybersecurity expert with global awards for her work in cyber risk management, ransomware prevention, as well as cybersecurity education for healthcare providers.

This month, we will be sharing backup tips for your practice.

It’s free to attend.

Once you register, you’ll have access to the Zoom link on the day of the event.

computer backup

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course

Posted on October 28, 2020 by Jean Eaton in Services, Training

Do you need a Privacy Impact Assessment?

Or do you need to amend an existing PIA?

Privacy Impact Assessments are just one of the requirements you need in order to fulfill your obligations in Alberta’s Health Information Act (HIA) and other legislation and are an important aspect of developing privacy best practices in your office.

And a little help along the way is always a good thing.

Practical Privacy Coach, Jean  L. Eaton of Information Managers, is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal and health information, particularly in primary health care settings. Jean has helped hundreds of healthcare providers, vendors, and health and social service delivery organizations and associations complete their Privacy Impact Assessment which have been successfully accepted by organizations' management and regulators. Jean has customized and delivered privacy training programs for privacy officers, records management professionals, implementation teams, and healthcare providers across Canada and the US.

Now you can have access to five modules to help you learn everything you need in order to complete your own PIA.

     

**** New PIA Amendment Track ****

Each module includes a video training, as well as templates, tools, resources and case studies to build on in each lesson. You can use this scenario to guide you through the PIA process in healthcare. If you work in healthcare or privacy or records management and need to do a PIA, this e-course is for you.

 

You need a Privacy Impact Assessment (PIA) when

  • You  are opening a new clinic or establishing a new health services program.
  • You are changing administrative procedures or technology equipment, services, or vendors
  • You are changing how you collect and use personal information,
  • You are implementing or changing an Electronic Medical Records (EMR)
  • You are sharing health information with another healthcare provider, organization, Primary Care Network or other health program.
  • You want to prevent a privacy breach,
  • You have a Privacy Impact Assessment that was written more than 2 years ago (It is time to review and update this!)

 

If you are a healthcare provider, practice manager, and you need your first Privacy Impact Assessment, this e-course is for you

Are you in a group or solo practice with direct patient care, for example:

  • Physician
  • Pharmacist
  • Registered nurse
  • Optometrist or optician
  • Chiropractor
  • Physiotherapist
  • Midwife
  • Podiatrist
  • Dentist, dental hygienist or denturist
  • Audiologist
  • Mental health practicitioner
  • Laboratory, x-ray, and imaging technician
  • Paramedic

A PIA should be as common place to a healthcare practice as a business plan is to a business. BUT most healthcare practices don’t know this and often don’t know that a PIA is  usually part of their professional college requirements and often even a legislated requirement! Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by completing a PIA.

If your Privacy Impact Assessment was written more than 2 years ago this online on-demand course is for you!

The Clinic Manager and Physician Lead and Privacy Officer  must ensure its content is updated to reflect the current state of administrative, physical and technical controls.

BONUS! Checklist to update your PIA to meet recent changes to Alberta's Netcare Portal. If your practice has completed a PIA and now you need to update the PIA, you receive a checklist of items that you need to consider to refresh your PIA.

 

If you a vendor that supports healthcare practices this e-course is for you!

BONUS! One hour tele-consult with Jean, “Create a branded Privacy Impact Assessment Readiness Package”. Jean will work individually with you to review your documentation and coach you on how to prepare the package to give to healthcare practices.

BONUS! Vendor PIA live webinar includes Vendor non-disclosure agreement, Information Manager Agreement, GAP Analysis, Computer Network Narrative templates.

 

Jean has helped hundreds of physicians, chiropractors, pharmacists, and other healthcare providers complete their Privacy Impact Assessment. She has visited hundreds of practices across Canada. But time and geography limit my ability to visit each healthcare practice that needs a PIA. That's why I developed this on-line interactive course to help you learn everything you need in order to review, amend, or create your own PIA. Each module includes a video training as well as templates, tools, resources and two common case studies to build on each week. You can use these scenarios to guide you through the PIA process.

You know your practice better than anybody else. If you had the right tools, at the time most convenient for you and a mentor to help you, you can develop good office practices, meet legislated and college requirements, and successfully complete your Privacy Impact Assessment requirements.

Using a Webinar on-line interactive program, you will get great content and mentoring from Jean Eaton and once a month during the Q&A live training webinars. Learn the PIA process with these modules.

The modules include:

Module 1:

PIA to Protect Your Practice, Your Assets, and Your Patients

 

Module 2:

Information Flows–-the Foundation of Your PIA

 

Module 3:

Risk Analysis and Mitigation Strategies

 

Module 4:

PIA Format - Pulling it All Together

 

Module 5:

Complete Your PIA Submission

BONUS Module 6:

Create a Branded Privacy Impact Assessment Readiness Package

The replays, tools, and resources will be available to you right away.

If you are new to this field, I suggest that you first register for Privacy Awareness in Healthcare: Essentials to master the key definitions and concepts.

Corridor_Privacy_Awareness_In_Healthcare_banner

Privacy Awareness in Healthcare: Essentials

 

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments –

A Complete Step-by-Step Course

5 Core Modules, Templates, Training, and Tools to Get Your PIA Done!

Monthly Live Q&A Training Webinars

$450.00 (plus GST)

Purchase e-course

 

You will get

  • Learning Resource Guide for EACH module – how-to explanations, templates, and resource lists
  • Checklists to help you plan your PIA
  • MindMap of the entire PIA process
  • PIA project plan timeline templates
  • Checklists of  personal and health information privacy and security policies that you need in your practice
  • Many examples of projects in medical, dental, chiropractic and more practices including new PIA project and PIA amendments.
  • Explanation and real-life examples of key terms that you need to know and include in your PIA
  • Strategies and templates of risk management assessments that you can customize
  • This E-course might qualify for CPE credits, too!

 

BONUS!  Monthly live Q&A webinar training with Jean to help you get un-stuck with your PIA.

BONUS! Checklist to update your PIA to meet recent changes to Alberta's Netcare Portal.

BONUS! Private discussion group with other registered participants of this course to network and support each other on your PIA journey and continue to help you after this course closes.

BONUS! Regular updates of privacy resources and templates that you can use.

 

If you hired a consultant to do the work of the PIA process for you it may cost you as much as $3,000!

And then…when the consultant is done, they take their knowledge out the door with them.

Invest only $450 in this course and you'll have what you need to do your first PIA project today…and every project in the future!

Jean Introduction Ecourse PIA (1)

I had the pleasure of working alongside Jean to develop a PIA for my Dental Office. I could not have completed this document without her. She was there to help me every step of the way. Her online course made it easy to communicate with her as well as having so many resources to use that were so helpful. Each Module had videos to watch that explained step by step what needed to be done. The PIA document is a lot of information to put together and if it's not enough information on its own, you also need to develop a policy and procedures manual. Jean has developed an amazing resource for this manual that was very user friendly and made a 300 page manual a lot more attainable than creating it on your own. I highly recommend taking Jean's PIA course and having her help throughout the process!”

~~Lindsey Cave, Office Manager, Orion Dental Group

 

What people are saying about our PIA e-courses and in-person workshops:

Q: What did you learn from this workshop?

Participant's Responses:

  • Understanding of need / use of Information Management Agreement's and an ‘Evaluation” agreement.
  • Lots – when / how to make amendments.
  • Compliance / requirements of PIA and their purpose.
  • PIA information; agreements, updating.

 

Q: What do you feel was the biggest benefit to attending this workshop?

Participant's Responses:

  • Understanding a PIA.
  • Having a better understanding of PIA's and everything included in requirements.
  • Gain a better overview of my PIA and what I need to add; organizational strategy.
  • Clear vision of work to be done.

“When Jean told us about the Protest Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments E-course and explained how the course will help us better understand the Health Information Act, our responsibilities as healthcare providers and our relationship with our vendors and partners, I signed up right away! Thanks again – it is no doubt that we have hitched our wagon to a shining star.”
~~Bill Stowe, Business Manager Synergy Respiratory & Cardiac Care

“This was my first ever time I had to work on a PIA and I was a little nervous about doing it efficiently – but you really made it as simple and straight forward as possible. Thank you for being available for my questions when I had them. I would easily recommend Privacy Impact Assessments to Protect Your Practice course for anyone to do their own PIA's! Thank you so much!”
~~Karen Sarabura, Clinic Manager and Privacy Officer, CGA Medical Imaging, Alberta

“I attended the Privacy Impact Assessment Walk-through workshop (for ARMA members). Jean shared resources and on-going networking opportunities. The biggest benefit to me is to know that there is help out there in moving forward with our Privacy Impact Assessment responsibilities.”
~~Ellen Sauvé, Parkland County

Comments from other E-course participants:

“Learning about how all the information gathering systems interact was the most valuable part of this workshop”

“Excellent presenter – variety of learning opportunities.”

“Jean is an excellent speaker and I enjoyed the audio seminar you gave today and I learned a lot from your seminar.”
~~Annette T (AHIMA webinar, Three Mistakes in Managing a Privacy Breach”)

“Jean Eaton is one of those ‘critical suppliers' you keep in your email contacts list, no matter what company you manage. She really knows her stuff and delivers prompt, accurate information on time. Her courses are interesting, informative, and I like the opportunity to meet with classmates who have similar challenges.”
~~Kevin Morris, Shape MD, Team Leader/Office Manager

 

Buy e-course

In-Person Workshops Are Now Available 

Are you a hands-on kinda person?

Are you more likely to get things done when you schedule your time for a working meeting?

Would you like help to kick-start your PIA amendment and review with other like-minded clinic managers and privacy officers?

PIA Amendment Workshops are available. Send a request to me and let's set up a workshop near you! You also get full access to the on-line course to support you after the workshop.

 

 

Not sure if the E-course is for you?

Jean will answer your questions in the free webinar, 

 

Prevent Big Fines (or Worse!) for Your Healthcare Practice

How to Plan a Privacy Impact Assessment for Your Healthcare Practice

with Jean L. Eaton
Replay Recorded Live

This webinar is for Privacy Officers, Clinic Managers, Practice Managers and anyone else responsible for doing a PIA.

You will learn what is getting in your way of getting your PIA done!

In this free webinar, you will learn:

  • 5 Manageable Steps of every PIA
  • 3 Biggest Myths about PIA’s that is preventing you from completing your PIA
  • Questions Privacy Officers, Clinic Managers, Practice Managers and Healthcare providers should ask about PIA’s but don’t
  • Biggest fears about doing a PIA and how you can kick it to the curb so that you can finally get it done

Join us for the webinar so that you can plan your PIA for your healthcare practice!

Sign me up for this FREE webinar

Get Free Access Now Arrow

Please provide your email address below and you will be re-directed to the webinar replay right away.

Check your email in-box to confirm your registration!

 Along with your webinar registration, you will also benefit from the occasional Privacy Nugget tips by email of similar privacy resources and articles that you can use right away!

 

Alberta, amendment, breach, employee training, ePIA, ePrivacy, Health Information Act, healthcare, HIA, PIA, PIA process, Practical Privacy Coach, Privacy Impact Assessment, privacy officer training, templates

When is a Privacy Breach a Privacy Breach?

Posted on July 13, 2019 by Jean Eaton in Blog

The biggest mistake in managing a privacy breach is not recognizing the privacy breach.

The second biggest mistake is not knowing what to do about it.

The recent publicity about the privacy breach in Alberta when a laptop with health information was stolen and came to the public's attention several months later is not the first news item of its kind.  In fact, this happens frequently in healthcare, retail, government departments and other industries.  This doesn't make it any easier to swallow and certainly doesn't make it right.  But this is an opportunity for you, healthcare provider or practice manager, and vendor to make sure that you have good practices in place to manage your next privacy breach.

Health information is recognized as being particularly sensitive and important to the person that the information is about.  It is so important, in fact, that a new breed of legislation was developed to set out specific rules to ensure that the health information has robust safeguards (administrative, technical, and physical) to keep the health information confidential and secure.  In Alberta, the Health Information Act (HIA) was proclaimed in 2001 to help custodians (people or organizations who collect, use, and disclose health information) ensure that they have identified the risks to breach of health information and how to prevent those risks.  The legislation also ensures that the people who the health information is about have access to their personal health information.

In August 2018, amendments to the HIA were proclaimed that make it mandatory to report a privacy breach that could result in harm to the Office of the Information and Privacy Commissioner (OIPC).

Privacy breaches come in all types and sizes.  One of the most common forms of a privacy breach is when a clinic or healthcare provider intends to send a report to another healthcare provider for continuing care and treatment but it is sent to the wrong physician.  Or, the referral request went to the correct physician but included extra information about another patient that was not part of the referral.

What Is Considered a Privacy Breach?

A privacy breach is an unauthorized access to or unauthorized collection, use, disclosure , loss, or disposal of personal or health information.

To each of us, our own personal health information is important.  As a healthcare industry, we need to ensure that we recognize this and acknowledge that each privacy breach is important to the person the information is about.  We need to make sure that we minimize the risk of the information being used inappropriately or maliciously.  We need to acknowledge to ourselves and to our patients and clients that we are human and that sometimes we do make mistakes and we will strive to do better.

A ‘small' breach of one person one time might have a big impact to the individuals involved.

A ‘big' breach of a lost laptop might have a bigger magnitude affecting many individuals.

When a breach also meets the requirements of mandatory notification, a custodian must report the breach regardless of how many people's information have been included in the breach.

4 Step Response Plan

When you have a privacy breach, follow these four steps to manage the privacy breach incident.

Step 1 – Spot and Stop the Breach

Each breach is important and needs to be recognized. Contain the breach so that it doesn't get any bigger.

Step 2 – Evaluate the Risks

Your privacy officer will investigate the incident and learn about the size, scope, and details about the breach. Consider if there is a reasonable basis to believe that there is a risk of harm to an individual

Step 3 – Notify

Notify the custodian, the affected individuals and (now, with the 2018 amendments), the Alberta OIPC, Minister of Health, Alberta Health (if the breach includes Netcare) and others.

The individual who's information has been breached needs to be made aware of the problem and the risk that might be experienced so that they can be prepare to limit the risks. The custodian needs to know how to manage the privacy breach and report it – internally and perhaps to other stakeholders.

Step 4 – Prevent the Breach From Happening Again

Correct and monitor the incident(s). Actively take steps so that the breach does not happen again.

Not Sure What To Do?

You never know when a privacy breach will happen! Prepare now with a privacy breach management program and coaching from the Practical Privacy Coach!

Learn what to do if you have a privacy breach.

4 Step Response Plan, Alberta, breach, Health Information Act, HIA, OIPC, privacy, privacy breach, training

Tax Season and Fraud Prevention Patient Access to Information

Posted on April 2, 2019 by Jean Eaton in Blog

Ever thought that someone might want to submit your tax returns for you?

No problem.

They will even collect your refund – their payday when they scam your personal identity.

Michael Kaiser Blog, Executive Director of Stay Safe Online, notes on his blog that tax cyber crimes are on the rise. The Tax ID thieves usually file returns early using the taxpayers' stolen personal information so that they can cash the refunds before the taxpayer can file their legitimate tax return.

Tax-Poster-2013

Help Your Patients to Understand How to Safely Access Their Information

When patients or clients ask you for their account statement information, take the time to ask them for photo ID and a proper authorization to disclose their personal information.

Help them to understand that you can release their own information to the patient or to another person (a spouse, for example) only with the patient's written authorization. Even ‘just' health care billing information is important.

 

Show your patients that you care about the safety of their information by taking steps to make sure we are protecting their patient and client information.

This Practice Management Success Tip includes

  • Tips to help you implement this procedure
  • Template authorization form
  • Poster to quickly explain to your patients how your procedure helps to protect their privacy

Yes I Want the Poster and Procedure Template!

authorization, disclosure, patient access to information, Phishing email, privacy breach, tax cyber fraud, tax fraud

What is a PIA?

Posted on March 11, 2019 by Jean Eaton in Blog

Have you ever been in a situation where you had a great idea that you wanted to implement and then someone asked you if have a PIA for that?

     
Enter your name and email below to watch the entire video right away! [mc4wp_form id="50026"] By entering your email address above, you are requesting about upcoming training and related resources. You can opt out at any time, and we'll never rent or sell your email address.

Click on the >> arrow above to play the video.

Maybe you wanted to add a new digital health app to make it easier for patients to book appointments with you, or get access to Alberta Netcare Portal, use the internet to get on-line consultations for your patients, or start using a new EMR.

Or maybe you have a new healthcare practice and you are excited about choosing the right location, the right equipment, the right vendors that fit your budget and your goals.

A PIA is a practical business tool in your healthcare practice.

A PIA is an important tool that you can use to help you with that project management.

It will help you anticipate risks to the project before it starts and avoid serious problems, wasted time and money.

The PIA process requires you to have written policies and procedures so that you can implement the project effectively and train your staff consistently. Sometimes a PIA is a requirement of legislation. But it is always a best practice whenever you implement a project that includes personal health information.

Watch the video now to take a look at what is a PIA, what will a PIA do for you, and when you need a PIA. Just click on the image above to play the video.

Would you like more information about Privacy Impact Assessments for your healthcare practice?

By entering your email address above, you are requesting about upcoming training and related resources. You can opt out at any time, and we'll never rent or sell your email address.

health care, Health Information Act, healthcare, HIA, Netcare, PIA, privacy, Privacy Impact Assessment, What is a PIA?, what is a privacy impact assessment

Health Information Management Professionals for Your Healthcare Practice

Posted on March 19, 2018 by Jean Eaton in Blog

Celebrate Health Information Management Professional Week 2018!

Health Information Management (HIM)Professionals are the only certified experts in the science and technology of health information management. Their key role is to maintain the integrity and confidentiality of personal health information within the Domains of Practice:

  • Data Quality,
  • Privacy,
  • eHIM and
  • Health Information Management standards.

CHIMA certified HIM Professionals are

  • Subject matter experts (SMEs) in the entire lifecycle of the health record, including data collection and information access, use, disclosure, retention and destruction.
  • Skilled experts in data and information management regardless of the medium in which it was collected and used (paper, hybrid, electronic).

[clickToTweet tweet=”Better Health Care Demands Quality Data. HIM professionals provide accurate and reliable data to support patient care and overall organizational performance. #CHIMAHIPW2018, #HIM, #BetterHealthCare #DataQuality @e_CHIMA @InfomanLtd” quote=”Better Health Care Demands Quality Data HIM professionals provide accurate and reliable data to support patient care and overall organizational performance.”]

HIMs Work in a Variety of Areas

  • Health Information Services
  • Admitting / Patient Registration
  • Quality Management
  • Research and Statistics
  • Information Systems / Technology
  • Utilization Management / Decision Support
  • Risk Management
  • Government Agencies
  • Cancer Care
  • Educational Institutions
  • Community Health Clinics
  • Law Offices
  • Insurance Companies
  • Pharmaceutical Companies
  • Primary Care
  • Nursing Homes
  • Long Term Care
  • Mental Health
  • Release of Information

In our Practice Management Nuggets Webinars for Your Healthcare Practice on February 15, 2015, we spoke with Lisa Proudfoot, Instructor, Health Information and Practice Assistants, School of Health and Public Safety, SAIT Polytechnic about the role of the HIM professional in your healthcare practice.

Tweet this

Tweet this

Lisa #1 Tip to health care practice managers about the HIM profession?

“Health Information Management professionals are like your central nervous system – you might not think about us, but HIM professionals have an impact in every aspect of the health care system.”

No fluffy courses!

Practical, comprehensive skills that HIM students learn include:

Medical background – anatomy, physiology, terminology; records management and electronic medical records; privacy legislation; basic office productivity software, health data collection and abstracting including ICD-10-CA; database design and management, statistics, how to present a meaningful report, data standards, quality management, project management, andchange management.

Why hire a new HIM grad in your practice?

An independent primary care practice can benefit from HIM professionals in their team have a strong, comprehensive understanding of medical terminology and integrated health care services. Workflow design to support clinical standards of practice and accreditation. Statistics collection and reporting to support business decision making in your practice.

HIM students also receive instruction in management related skills including basic management principles and additional instruction in project management, business case, leadership and motivation, change management, and quality management, risk management and patient safety.

Many HIM students are entering the program from previous education and degrees and previous health care related careers. Don’t assume that new grads are new to work place. If you need some help to transition from paper to EMR, or other projects to improve workflow or prepare for a new project, consider accepting a HIM student as a practicum placement in your practice.

For more tips, tools, and resources that you can use right away to learn more about the skills that HIM professionals learn, see SAIT’s HIM program website, Health Information Management Program SAIT

CHIMA (The Canadian Health Information Management Association)

 

Practice Management Nugget webinar interview with Lisa Proudfoot recorded live on Thursday February 19, 2015. Listen to the replay now!

Bonus tip: There are so many things you need to know to start, maintain, and grow your practice. Join us each Thursday for nuggets of information that you can use right away for your healthcare practice.

Brought to you by Jean L. Eaton, Your Practice Management Mentor.

Join our LinkedIn Groups:

Practical Privacy in Healthcare

Practice Management Nuggets

#CHIMAHIPW2018, Health Information Management, HIM, practice management, Practice Management Mentor, SAIT

Own Your Social Media Presence

Posted on October 30, 2017 by Jean Eaton in Archive

You might say that ‘my social media isn't that important'. Maybe that's true, but how important is your identity to you? What if someone else accessed your social media profile and started posting things you would never want connected with your name?

Or, use your social media login to access other logins and accounts?

Own your social media presence – download the infographic from Stop.Think.Connect.

Whenever you have an opportunity to use two-factor authentication, consider this option. Two factors include something you know, and something that you have.

However, if you use your existing social media account (for example, Facebook) to leverage access to another account (for example, Amazon) your activity associated with your Facebook account might also be tracked to your next Amazon purchase.

Some applications or on-line accounts offer two-factor authentication. The account login procedure will automatically generate a random one-time verification code (often a 6 digit number) that is sent to the smart phone that you have registered with your account.

You may need to download a two-factor authentication app to your mobile device. (Examples: Google Authenticator, Authy, Authenticator Plus, and others).

Should your business use social media?

Maybe. Remember, social media isn't about advertising – in fact, using social media just for advertising is a very weak strategy. Social media is about creating a strong digital presence and building relationships – with your clients, with employees and new recruits, and with other colleagues and allies in your field. It's about stirring conversation and debate, and positioning yourself and your company as experts. In short, it's an incredibly valuable resource, if you use it strategically.

If you decide to use social media in your business, you need clear rules about who will authorize messages. You also need a strong social media policy to provide direction and education to your employees about what they can – and can't – say on-line.

Related resources for you:

Are You Trying to Run a Successful Healthcare Practice Without Using Social Media?

Harnessing Social Media to Strengthen Your Pharmacy Business

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

NCSAM Champion

 

#15DayPrivacyChallenge, #CyberAware, online presence, social media, two-factor authentication

Should You Change Your Passwords?

Posted on October 26, 2017 by Jean Eaton in Blog

Passwords are everywhere! It is the minimum security safeguard for all our devices – from our computers to ATM banking, to voice mail to security alarms.

But how secure are your passwords?

Passwords that are easy to ‘hack' or guess are opportunities for attackers to access personal or sensitive information or install malware (malicious software).

We are plagued by the necessity to remember a multitude of passwords. Some websites have basic complexity requirements and others do not. Some require you to change your password on a regular basis. We need different passwords for banking, social media, shopping, and just about anything online.

Keeping track of all these passwords can be a nightmare and the worst thing you can do is make them all the same.

One solution is to use a password manager. A password manager is a locally installed software applications that you can have on your computer and your mobile devices. It assists you to create and retrieve complex passwords on demand for all of your on-line (and off-line) user accounts from your Fracebook to your bank accounts.

There are a number of password managers that help store all of your accounts such as Dashlane, LastPass, 1Password, KeePass, RoboForm, Keeper Password, Sticky Password, and True Key.

Your password manager account is controlled by a single strong master password to unlock your “vault” of individual account passwords.

What is the best password manager?

David Papp, Your Tech Expert, knows that technology is the key to getting business done!  

Join us for the Free 15 Day Privacy Challenge for David's recommendations on the best password manager system AND a free tutorial from My NAMS!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware #15DayPrivacyChallenge

NCSAM Champion

 

 

 

#15DayPrivacyChallenge, #CyberAware, David Papp, My NAMS, password managers, passwords, Practical Privacy Coach

What is an Information Manager Agreement (IMA)?

Posted on October 25, 2017 by Jean Eaton in Blog

Having a clear agreement of how patient records will be maintained to ensure privacy, security, and confidentiality in a paper based patient record or in a shared EMR database is the objective of an Information Manager Agreement. This may also be called a Data Sharing Agreement, Information Sharing Agreement, or Business Associate Agreement.

Prenuptial Agreement

In a group healthcare practice, have a clear understanding in writing that sets out how patient records will be collected, used, and disclosed during the group practice is critical to the security of the patient information, health service provider information, and good will between members of the group practice. Think of this as the ‘prenuptial' agreement in your business relationship.

Who is an Information Manager?

In Alberta, the Health Information Act (HIA) defines an information manager.  Generally, it is a special kind of an affiliate, usually a business or a vendor, who provides a service that does some specific task (authorized by the custodian) with health information.  This could be a billing agent, accredited billing submitter, outsourced transcriptionist, EMR vendor or other service provider.

If you are using an EMR vendor, the named individuals on the IMA are the only persons that the software vendor can receive instructions on how to manage the records in the database. Often, this is the physician lead and business owner.

Sometimes, the custodian is also the information manager. For example, a physician (custodian) and business owner may assume the responsibility of ensuring the security of all the patient records authored by other custodians in the group practice.  The physician / custodian / business owner / information manager must follow all the rules of the IMA and HIA.

Not every healthcare practice has an information manager.  Some group practices have many information mangers providing different services.  There are many details and options to consider.  The discussion–and then putting it in writing–is the key to positive business relationship and secure records management.

Avoid surprises – and nasty exits

Some tips to prevent surprises:

  • Take a pro-active privacy role and inform patients how their information will be protected during the routine practice operations and when healthcare providers are added to – or leave – the practice.
  • Decide how you are going to decide about the on-going operational changes to how the software will be used in your practice.
  • Identify in the EMR software who is the primary (or default) healthcare provider for each patient. Talk with your software vendor how best to record this.

It’s never too late to start! If you missed creating an Information Management Agreement or Data Sharing Agreement in your group practice, do it now!

See the Digital Resources for samples that you can use.

Infographic_IMA_Patient_Records_Image

Clinic on the Infographic to download

Download our Infographic, “What is an IMA?”

 

 

 

 

 

 

Watch the Video

business arrangement agreement, data sharing agreement, Health Information Act, HIA, IMA, information manager agreement, information sharing agreement, PIA, Practical Privacy Coach, Privacy Impact Assessment
123›»

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"The 15 Day Privacy Challenge has made me aware of the policies that my facility needs to update/create!"

- Rachel Worthing, CHIM, Ontario Shores Centre for Mental Health Sciences

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}