Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Is Your Email Secure?

Posted on August 19, 2013 by Jean Eaton in Blog

Mon, 08/19/2013 – 09:07 — jean

Is your email secure? Backed up? If you suddenly lose your email, calendar, or contact list, this could either be a speed bump in your busy day, or a nightmare that may take days or weeks and a lot of money to recover.

If you use email as temporary communications or your primary method of business, it needs to be managed securely. When you or your staff use email from multiple devices – such as your desktop computer, smart phone, or website – you have additional privacy and security requirements.

Many small businesses have purchased an email software system like Outlook as part of their desktop software. Unfortunately, recent software updates from Microsoft do not include Outlook; you are encouraged instead to purchase MS Office 365 software where all of your email is stored on the MS Cloud.

Some businesses use free email accounts – like gmail or yahoo – where emails, calendars, and contact information is on the public cloud. It is accessible from any internet connection but is difficult to back up to a local device that you can control.
If you use email to transact business – employee records, business contacts, company newsletters, subscriptions, financial or consumer purchases, or personally identifying messaging – you need to meet privacy and security requirements.

Previous versions of Windows Server Small Business Server (SBS) edition included Microsoft Exchange so small businesses could create their own in-house email server. This is not included in Windows Server 2012 Essential (SBS replacement). But small businesses still have a few options:

Buy the Microsoft Exchange Server full licenses, although it can be quite expensive
Sign up to Office 365 which is a hosted / cloud based Microsoft Exchange service from Microsoft with email hosted in the USA. Offices will need to determine their level of risk using personally identifiable information in emails – including sensitive information like credit card, payroll, health information, and other sensitive content – which will be stored out of Canada and subject to US legislation and uses.
Contract with a Canadian hosted Microsoft Exchange service with a Canadian based cloud service provider. This might be a cost effective solution and permit full access to email in an environment which is backed up and more easily accessible.

There are many features offered with a hosted email service:

Collaboration is easy as you have access to group calendaring and scheduling, shared contacts, folders and calendars, tasks and task delegation, as well as public email folders.
Fully functional email software.
Sync capabilities to your smart phone without worrying about viruses, spam, or malware, and mail archiving is automatic. Store as much or as little email as you need and do so without dealing with annoying ads.
Anti-phishing, anti-virus, and malware software are attached to each email connection.
No data ‘left behind' on the device – all data is securely maintained in the hosted email. If a mobile device is lost or stolen, business email is not compromised.

You can apply business rules – for example, emails can be prevented from being forwarded to an employee's home gmail account. Employees can securely work from home.
All business data is maintained by the business. So if your employee wins the lottery and doesn't come back to work, all business emails have been maintained in the hosted email and not on an employee's home computer.
Data is encrypted during the internet transmission.

To get a Hosted Email, you will need internet access with a data plan. You can continue to use your desktop computer and its cable internet access. When you use mobile devices, you can use your mobile provider data plan (Rogers, Bell, Telus, etc), or connect to a trusted WiFi connection.

You are still responsible for good security practices at your location including:

Unique user ID and password on your computer network – including mobile devices – and
Good password management – complex passwords that are changed regularly
Physical safeguards to ensure that your work locations – including mobile locations – are secure from theft

Common sense awareness – don't open suspicious phishing or spam emails

Business-class Microsoft Exchange email hosting services mean you're always in touch and up-to-date, in the office or on the road accessing your mobile email.

Things to look for in a hosted email solution vendor:

Canadian provider with data centres only in Canada (Alberta preferable)
Reputable company with proven track record
Contract including:
Termination clause – when the contract terminates, the vendor will:
Notify you in advance of termination
Allow local back up of your data or data transfer
Validate that your data has been completely and securely deleted from the data centre
Encrypted at the data centre – no one at the data centre can read your information and it is secure from someone else hacking into the data centre to steal your data

Confirm your backup plan for your email accounts.  If you don't have one, create a plan.

INFORMATION MANAGERS
We are an information management company based in Edmonton, Alberta. We specialize in health information management, records management, practice efficiency and workflow consultation as well as privacy and security in the Health Care sector.
We take care of the elephant in the room.

Alberta, backup, best practice, breach, business associate, cloud service provider, computer network, email, external hard drive backup, health information, healthcare, hosted email solution vendor, privacy, SBS, security, Windows Small Business Server

&Tgh2Crack!: How tough is your password?

Posted on May 13, 2013 by Jean Eaton in Blog

Is Your Password Uncrackable?

Hack-proofing your passwords is an absolutely essential business practice, especially if you are a small or mid-sized business (SMB). Did you know that more than 75% of data breaches occurred at SMBs? Small businesses are major targets, with more than 80% being targets of opportunities.

A University of Cambridge study found that 90% of passwords are hackable. Try to make your passwords in the 10% of uncrackable passwords.

For example:

  • PrttyTough8  – will take 5000 years to crack
  • &Tgh2Crck! – will take 3 months to crack

Tips to keeping your password safe:

  1. use your business passwords for work only. Don't reuse your work password on an external website, email, or bank account
  2. avoid predictable and common passwords. Choose a phrase that you can remember, and add in the required characters – capital letters and numbers. You can try removing the vowels of easy to remember words i.e. privacy = prvcy
  3. Use more characters. The longer the password, the harder it is to crack!

For more information on making your password stronger, check out the blog post Password Safety in a Connected World by McAfee Vice President Gary Davis.

Privacy Risks and Kids

Posted on April 4, 2013 by Jean Eaton in Blog

I am looking forward to present “Privacy Risks and Kids” at the 2013 Alberta School Councils' of Alberta Conference April 27.

Child identity theft can happen to any child. How does this happen? What can you do to prevent it? In a fun and informative format, I will share with you some practical tips on how parents can protect their children's valuable information.

Click Here for more information.

Alberta, child identity theft, privacy, privacy risks and kids, speaker

“Privacy Risks and Kids”

Posted on April 4, 2013 by Jean Eaton in Blog

I am looking forward to present “Privacy Risks and Kids” at the 2013 Alberta School Councils' of Alberta Conference April 27.

Child identity theft can happen to any child. How does this happen? What can you do to prevent it? In a fun and informative format, I will share with you some practical tips on how parents can protect their children's valuable information.

See http://www.albertaschoolcouncils.ca/?page=Conference for more information.

Alberta School Councils of Alberta Conference, privacy, privacy risks and kids, privacy speaker

It’s Tax Time! Are you ready?

Posted on February 26, 2013 by Jean Eaton in Blog

Practice Pro-Active Privacy!

It will soon be tax time. If your clinic provides services where patients pay for non-insured services, you may provide a consolidated fees report to the patient. However, you may only provide health information to the patient or to the individual that the patient authorizes. Instead of having to explain this over and over again, find a creative, pro-active method to inform your patients. Use a poster or your website or existing closed circuit TV to show common examples of how your office handles routine requests for information.

Download a sample poster and consent form from our website!  Tax Poster

Tax Poster

1Pd_Consent DisclosureTax

education, healthcare, patient release of information, privacy, privacy by design, privacy poster, Pro-active privacy, templates

Breakout Session by Jean announced at the ASCA Conference & Annual General Meeting!

Posted on February 7, 2013 by Jean Eaton in Blog

Privacy Risks and Kids

Child identity theft can happen to any child. How does this happen? What can you do to prevent it? In a fun and informative format, Jean will show you some practical tips on how parents can protect their children's valuable information.

Presented at the Alberta School Council's Association (ASCA) Conference and Annual General Meeting 2013.

For more information on the ASCA Conference, click here!

Alberta School Councils of Alberta Conference, child identity theft, privacy, privacy speaker

Alberta Netcare: What are your Patient Rights?

Posted on January 25, 2013 by Jean Eaton in Blog

Primary Care Providers may expect their patients to be asking more questions about Health Information in Netcare. Review this information and your policies and procedures with your staff so that you know how to respond.

In order to mark Data Privacy Day 2013 (January 28, 2013), the Information and Privacy Commissioner of Alberta, Jill Clayton, has announced a new initiative to inform Albertans about their privacy rights.

Under the authority of the Health Information Act (HIA), your health information is available through the province-wide electronic record system named Alberta Netcare. Netcare is a network of information systems that allows authorized users to see prescriptions, lab results, diagnostic images, and hospital reports. It is used throughout Alberta in hospitals, and in medical clinics and pharmacies.

Consent to have your health information in Netcare is not required by law, but you do have rights that allow you to exercise privacy control.

With the provincial electronic health record system, Alberta Netcare, you have the right to:

Know why your health information is collected and whether it is available in Netcare
Know what information about you is in Netcare by asking for a print-out
Limit access to your Netcare record by asking for your information to be masked
Know who has looked at your information in Netcare
Request that errors be corrected
Ask the Information and Privacy Commissioner to review or investigate if you are not satisfied with a decision or response you receive about any of these rights

See the OIPC webpage and contact information, visit: http://www.oipc.ab.ca/pages/HIA/NetcareKnowYourRights.aspx

To view the News Release from the OIPC, visit: http://www.oipc.ab.ca/Content_Files/Files/News/NR_Netcare_Know_Rights_Jan_2013.pdf

access, Alberta, electronic health record, Health Information Act, Netcare, OIPC, patient rights, privacy

What Not To Do – keep your backup device plugged in

Posted on January 25, 2013 by Jean Eaton in Blog

An Australian medical center is facing the possibility that its patients’ electronic medical records may be locked away forever after hackers broke into its computer system in December and encrypted the files. The hackers captured a medical centre's data and demanded A$4000 to decrypt the information.

While this incident is rare it is a good lesson to ensure that you take control of your data. Ensure that it is secure. Ensure that your data is securely backed up and is segregated from your computer servers. Your must be proactive and monitor your computer network. This may be an appropriate task to outsource to a reputable vendor. Are your plans comprehensive? Is it time for you to schedule your Privacy Practice Review?

See  the Technology for Doctors Online story from January 17, 2013, for more information.

backup, best practices, breach, computer network, encryption, external hard drive backup, privacy, privacy breach, privacy practice review, security, security external hard drive devices, segregated backup

Private Event Complimentary for Microquest Clients

Posted on December 21, 2012 by Jean Eaton in Blog

Webinar – Clinic Manager's Privacy and Security Top 10 List

Time to update your Privacy Management Program plan for 2013! This workshop is an essential and effective hour long presentation on the Top 10 Privacy and Security issues facing Clinic Managers and Privacy Officers.

Webinar Series: Clinic Manager's Privacy & Security Top 10 List

Friday, January 18, 2013

11:30am – 12:30pm

Includes: HealthQuest Appointments application, HealthQuest iPad Forms application, Email security, mobile devices, managing vendor agreements, privacy breaches, privacy officer role and responsibility, training, and more.

Facilitated by Jean Eaton, Information Managers Ltd, and Rita Hielema, Microquest.

Email security, HealthQuest Appointments application, HealthQuest iPad Forms application, managing vendor agreements, mobile devices, privacy, privacy breaches, privacy officer role and responsibility, training, webinar

Employment Standards Tool Kit for Employers

Posted on December 14, 2012 by Jean Eaton in Blog

A great resource for every office – easy to read information for employers and employees to have on hand. Consider sharing this with your family and friends – including students just entering the workforce.

The Employment Standards Tool Kit for Employers from GOA is written in plain language and offers clear, concise information on the areas of the Code that generate the most complaints, such as hours of work, overtime, vacation pay, maternity leave and terminations.

The Tool Kit is also available in hard copy form, as well as on CD packaged together with the latest Occupational Health and Safety Tool Kit for Small Business.

To receive a paper or CD copy, call the Employment Standards Contact Centre at 780‑427‑3731 or 1‑877‑427‑3731 or email. Copies are also available at Labour Market Information Centres located throughout the province.

employees, employers, tool kit
«‹14151617›

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

I have used Jean Eaton’s Privacy Impact Assessment consulting services on multiple projects at a very reasonable cost. Information Managers also provides a plethora of privacy information, education and training tools for minimal costs. One thing that has helped satisfy the training needs of staff for the PIA is paying for her in service program that is online and staff go through at their own pace while we monitor to ensure completion.

- Luke Brimmage, Executive Director, Aspen Primary Care Network

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.