Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Internet of Things

Posted on October 28, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Have you ever wondered on your way home from work, “I wonder if we need more milk?”

It might be very handy to have your refrigerator scan the CPU codes of the food in your fridge, and automatically place an order to your local grocery store ready for you to pick up milk on your way home. Your car will already have the address and traffic updates sent to the GPS to make your trip hassle-free.

“Internet of things” refers to things connecting to the internet and communicate with other each other.

But don't let the convenience of things connecting to the internet create an additional security threat. You need to keep password management and software security up to date.

See the infographic created by NCSAM to explain the Internet of Things.

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

 

#15DayPrivacyChallenge, #CyberAware, Internet of Things

Can You Access Your Personal Information?

Posted on October 23, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month!  Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.  The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #9 Right to Access Your Own Personal Information

Our right to the privacy of our personal information is very important.

In our organizations, when we collect personal information from our employees and clients, they have the right to access this information from us. They may want to do this to ensure the information is correct, complete, and has been used only for the purpose to which they agreed.

A privacy charter is a useful document that communicates your position on the collection, disclosure, and use of private information. It informs your clients of their rights and explains your commitment to keeping their information safe.

Here is a sample privacy charter that you can modify for your use:

  • To help you, we need to ask you for your personal information.
  • We will ask you before we share your information.
  • It is our job to keep your personal information safe.
  • We will tell you why we need to collect your personal information, before the information is collected.
  • Only with your agreement will we collect, use, and share personal information about you. You may change your mind at any time.
  • We will only ask you for the personal information that is needed to help you.
  • We will use your personal information only for purposes to which you agreed.
  • If you have any questions, speak to our Privacy Officer.
    • Used with permission from NWC FASD Network

Can a patient have a copy of their own health record?

Patient Access to Health Records

Under most privacy legislation, including Alberta’s Health Information Act, a patient has the right to access their own records about themselves. The information that a patient provides to the healthcare provider belongs to the patient. The healthcare provider is responsible to maintain the information on paper or in a computer and ‘owns’ the documents.

Watch the Video Patient Access to Health Records

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware #15DayPrivacyChallenge

#15DayPrivacyChallenge, #CyberAware, access, patient access to health records, Practical Privacy Coach

Does your organization have a privacy officer?

Posted on October 22, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month!  Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.  The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #8 Privacy Officer Education

If your business involves the collection, use, and disclosure of your clients' personal information, a privacy officer is necessary in order to meet legislated requirements.

So, what does a Privacy Officer do?

  • Identifies privacy compliance issues for the business.
  • Ensures privacy and security policies and procedures are developed and maintained.
  • Ensures employees and contractors are aware of their responsibilities and duties.
  • Provides advice and interpretation of related legislation for the business.
  • Responds to requests for access and corrections to personal information.
  • Ensures the security and protection of personal information in the custody or control of the business.
  • Represents the business in dealings with third parties and the Office of the Information and Privacy Commissioner.

It's a challenging, yet rewarding, role. And there are many ways that a privacy officer can learn the skills necessary for the job. See the Privacy and Access Council of Canada for professional development resources.

Here's a Document Management Tip: Sample Job Description for Privacy Officer that you can download right away.

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware #15DayPrivacyChallenge

#15DayPrivacyChallenge, #CyberAware, Practical Privacy Coach, Privacy officer job description

How do you manage USB’s?

Posted on October 18, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #4

We love to use USB sticks because they are convenient tools to temporarily store and transfer information. However, because they are small and easily lost or stolen, they also pose a huge risk for your confidential information to fall into the wrong hands.

Unfortunately, we rarely take the time to encrypt our data or use other security features on these drives. And if these drives go missing, it often goes unnoticed, which means the USB memory stick truly is a weak link in our information security.

How would you know if a device was lost?

Would you know what information it contained?

Is it encrypted?

 

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

 

#15DayPrivacyChallenge, #CyberAware, 15 Day Privacy Challenge, good security practices, Practical Privacy Coach, privacy

Privacy Collection Notice

Posted on October 17, 2016 by Jean Eaton in Blog

October is CyberSecurity Awareness Month!  Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #3

Every time we gather information from a client, we're entering into a trust relationship with them. We trust them to provide accurate information, and they trust us to keep it private and safe.

So it's only fair that we are transparent with our clients about our policies and procedures regarding the collection and safe-keeping of their important confidential information. We want them to understand:

  • Why we are collecting their information
  • How we are using their information
  • How we are protecting their information
  • How our organization meets the rules and regulations of our industry

Where is your practice’s privacy collection notice?

 

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware.

#15DayPrivacyChallenge, #CyberAware, 15 Day Privacy Challenge, Collection Notice, Practical Privacy Coach, privacy

Oath of Confidentiality

Posted on October 17, 2016 by Jean Eaton in Blog

October is CyberSecurity Privacy Awareness Month!  Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.  The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #2

Our patients and clients depend on us to keep their personal information private and confidential. And no matter your role in your organization, you have a part to play in keeping that information safe. So, does everyone in your office understand how privacy and confidentiality impact their roles? Organizations need to provide clear direction to all employees (not just those who handle confidential information regularly) regarding the collection and safe-keeping of this important data.

Everyone should demonstrate – on paper and in action – the following:

  • We respect the personal information you share with us
  • We will collect only the information necessary to do our jobs to provide services to you
  • We will keep it confidential
  • We will use it only for the purpose for which it was collected
  • We will disclose your personal information only with your permission

Does your healthcare practice have an oath of confidentiality? Do all staff – administration, support, maintenance, and professional – sign the oath?

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware.

15 Day Privacy Challenge, Oath of Confidentiality, Practical Privacy Coach, privacy

Is a Hosted Email Solution For You?

Posted on January 29, 2016 by Jean Eaton in Blog

Is your email secure? Backed up? If you suddenly lose your email, calendar, or contact list, this could either be a speed bump in your busy day, or a nightmare that may take days or weeks and a lot of money to recover.

If you use email as temporary communications or your primary method of business, it needs to be managed securely. When you or your staff use email from multiple devices – such as your desktop computer, smart phone, or website – you have additional privacy and security requirements.

Many small businesses have purchased an email software system like Outlook as part of their desktop software. Unfortunately, recent software updates from Microsoft do not include Outlook; you are encouraged instead to purchase MS Office 365 software where all of your email is stored on the MS Cloud.

Some businesses use free email accounts – like gmail or yahoo – where emails, calendars, and contact information is on the public cloud. It is accessible from any internet connection but is difficult to back up to a local device that you can control.
If you use email to transact business – employee records, business contacts, company newsletters, subscriptions, financial or consumer purchases, or personally identifying messaging – you need to meet privacy and security requirements.

Previous versions of Windows Server Small Business Server (SBS) edition included Microsoft Exchange so small businesses could create their own in-house email server. This is not included in Windows Server 2012 Essential (SBS replacement). But small businesses still have a few options:

  • Buy the Microsoft Exchange Server full licenses, although it can be quite expensive
  • Sign up to Office 365 which is a hosted / cloud based Microsoft Exchange service from Microsoft with email hosted in the USA. Offices will need to determine their level of risk using personally identifiable information in emails – including sensitive information like credit card, payroll, health information, and other sensitive content – which will be stored out of Canada and subject to US legislation and uses.
  • Contract with a Canadian hosted Microsoft Exchange service with a Canadian based cloud service provider. This might be a cost effective solution and permit full access to email in an environment which is backed up and more easily accessible.

Features offered with a hosted email service

There are many features offered with a hosted email service:

  • Collaboration is easy as you have access to group calendaring and scheduling, shared contacts, folders and calendars, tasks and task delegation, as well as public email folders.
  • Fully functional email software.
  • Sync capabilities to your smart phone without worrying about viruses, spam, or malware, and mail archiving is automatic. Store as much or as little email as you need and do so without dealing with annoying ads.
  • Anti-phishing, anti-virus, and malware software are attached to each email connection.
  • No data ‘left behind' on the device – all data is securely maintained in the hosted email. If a mobile device is lost or stolen, business email is not compromised.
  • You can apply business rules – for example, emails can be prevented from being forwarded to an employee's home gmail account. Employees can securely work from home.
  • All business data is maintained by the business. So if your employee wins the lottery and doesn't come back to work, all business emails have been maintained in the hosted email and not on an employee's home computer.
  • Data is encrypted during the internet transmission.

To get a Hosted Email, you will need internet access with a data plan. You can continue to use your desktop computer and its cable internet access. When you use mobile devices, you can use your mobile provider data plan (Rogers, Bell, Telus, etc), or connect to a trusted WiFi connection.

You are still responsible for good security practices at your location including:

  • Unique user ID and password on your computer network – including mobile devices – and
  • Good password management – complex passwords that are changed regularly
  • Physical safeguards to ensure that your work locations – including mobile locations – are secure from theft
  • Common sense awareness – don't open suspicious phishing or spam emails

Business-class Microsoft Exchange email hosting services mean you're always in touch and up-to-date, in the office or on the road accessing your mobile email.

3 Things to look for in a hosted email solution vendor

  • Canadian provider with data centres only in Canada (Alberta preferable)
  • Reputable company with proven track record
  • Contract including:
    Termination clause – when the contract terminates, the vendor will:
    Notify you in advance of termination
    Allow local back up of your data or data transfer
    Validate that your data has been completely and securely deleted from the data centre
    Encrypted at the data centre – no one at the data centre can read your information and it is secure from someone else hacking into the data centre to steal your data

Confirm your backup plan for your email accounts.  If you don't have one, create a plan.

business associate, BYOD, good security practices, hosted email service, mobile devices, MS Cloud, privacy, SBS, security, Windows Server 2012 Essential

IT Vendor Privacy Impact Assessment Readiness Plan

Posted on January 9, 2016 by Jean Eaton in Blog, Vendor

New healthcare business needs IT solution asks if you have a PIA (what are you going to do about it?)

Healthcare practices throughout Canada and US need IT services and have money to buy new hardware and service contracts. They also need a Privacy Impact Assessment and want to work with a vendor who is PIA prepared.

You don’t want to lose that sale, do you?

Learn what the healthcare business needs to successfully complete their Privacy Impact Assessment. Develop your own responses and move to the top of their preferred vendors list.

I have developed an on-line interactive course to help you learn everything you need in order to create, review, or amend your own Privacy Impact Assessment Readiness plan. The E-course, Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course includes 5 modules each with a weekly live webinar, as well as templates, tools,resources and one common case study to build on each week.

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course will help you

  • Understand the Privacy Impact Assessment process and the healthcare client needs
  • Organize your business marketing to meet the healthcare clients requirements
  • Be informed
  • Be proactive
  • Improve your internal business documentation
  • Be efficient and reduce the administration delays between procurement and installation
  • Create a branded Privacy Impact Assessment Readiness plan to give to that caller and get the sale.

Let the Practical Privacy Coach help you!

 Video by Trish Findlay – explaindiowhiz on Fiverr

If you are a vendor that supports healthcare practices this e-course is for you!

Vendor_Icon

BONUS! One hour tele-consult with Jean, “Create a branded Privacy Impact Assessment Readiness Package”. Jean will work individually with you to review your documentation and coach you on how to prepare the package to give to healthcare practices.

BONUS! Vendor PIA live webinar includes Vendor non-disclosure agreement, Information Manager Agreement, GAP Analysis, Computer Network Narrative templates.

 

The modules include:

Module 1:

What is a PIA?

Tuesday, January 12, 2016

9 - 10 am MST

 

Module 2:

What is an Information Flow?

Tuesday, January 19, 2016

9 - 10 am MST

 

Module 3:

What is a Risk Analysis?

Tuesday, January 26, 2016

9 - 10 am MST

 

Module 4:

Pull it together into PIA format

Tuesday, February 2, 2016

9 - 10 am MST

 

Module 5:

Complete your PIA Submission

Tuesday, February 9, 2016

9 - 10 am MST

BONUS Module 6:

Vendor PIA

Tuesday, February 16, 2016

9 - 10 am MST

The replays, tools, and resources will be available to you for (almost) forever! If you miss a live webinar, or you will be away for some time during the course, you can catch up with the replays. The resources are yours to keep.

BONUS  Three (3) open office drop-in group calls with Jean to help you get un-stuck with your PIA.

If you a vendor that supports healthcare practices this e-course is for you

BONUS One (1) hour tele-consult with Jean, “Create a branded Privacy Impact Assessment Readiness Package”. Jean will work individually with you to review your documentation and coach you on how to prepare the package to give to healthcare practices.

BONUS Vendor PIA live webinar includes Vendor non-disclosure agreement, Information Manager Agreement, GAP Analysis, Computer Network Narrative templates.

If you provide services for any of these healthcare providers, they probably require a PIA and they require their vendors to support their PIA and privacy, confidentiality, and security best practices. This is for you if you are a vendor that supports a healthcare provider in a group or solo practice with direct patient care, for example a:

  • Physician
  • Pharmacist
  • Registered nurse
  • Optometrist or optician
  • Chiropractor
  • Physiotherapist
  • Midwife
  • Podiatrist
  • Dentist, dental hygienist or denturist
  • Audiologist
  • Mental health practicitioner
  • Laboratory, x-ray, and imaging technician
  • Paramedic

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments –

A Complete Step-by-Step Course

5 live webinars, replays, templates tools, and resources

$450.00 (plus GST)

Sign_Me_Up_E-coursex551

You will get

  • Learning Resource Guide for EACH module – how-to explanations, templates, and resource lists
  • Checklists to help you plan your PIA
  • MindMap of the entire PIA process
  • PIA project plan timeline templates
  • Checklists of  personal and health information privacy and security policies that you need in your practice
  • Two sample case studies – one for a new PIA project and one for a PIA amendment – that we will use in each module. The case study is easy to understand by everyone. Use this approach for your PIA project.
  • Explanation and real-life examples of key terms that you need to know and include in your PIA
  • Strategies and templates of risk management assessments that you can customize
  • This E-course might qualify for CPE credits, too!

BONUS!  Three (3) open office drop-in group calls with Jean to help you get un-stuck with your PIA.

BONUS! Checklist to update your PIA to meet recent changes to Alberta's Netcare Portal.

BONUS! Invitation to join a private LinkedIn Group with other registered participants of this course to network and support each other on your PIA journey and continue to help you after this course closes.

If you hired a consultant to do the work of the PIA process for you it may cost you as much as $2,000!

And then…when the consultant is done, they take their knowledge out the door with them.

Invest only $450 in this course and you'll have what you need to do your first PIA project today…and every project in the future!

Not sure if this is right for you?

How to Plan a PIA for Your Healthcare Practice – Practice Management Nugget webinar recorded live on December 3, 2015

 

Watch the replay here!

 

Watch the Preview of the E-Course, Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments.

Preview the E-Course here!

In this preview, Jean will tell you:

  •  3 Biggest Myths about PIA's (and why they are not true)
  •  Questions Privacy Officers, Clinic Managers, Practice Managers Should ask about PIA's but don't
  •  Biggest fears about doing a PIA

Jean will share with you the Solution: Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course.

You will learn:

  •  5 Modules of the E-course
  •  What you get with the course
  •  Why you should buy the course now

 

Complimentary access to the on-line course  Privacy Awareness in Healthcare: Essentials $25 value

from our partner, Corridor Interactive when you purchase the E-course.  One user subscription with access to the course for 3-months. Start this training now – a valuable introduction to Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course.

Sign_Me_Up_E-coursex551

– Jean, Your Practical Privacy Coach

business associate agreement, GAP Analysis, information management agreement, PIA, Privacy Impact Assessment, vendor non-disclosure agreement

Information Managers Network Discount

Posted on December 21, 2015 by Jean Eaton in Members Only

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course

 

Exclusive Information Manager's Network members's only discount $25 Off

$25 off the registration for this E-course. 1 coupon per membership

This offer CAN be combined with other discounts.

Starts: Dec 21, 2015  End:  January 12, 2016

Coupon Code: 7NFRLJP4X01P

For more information about the course

 

To purchase the course and use your Members Only Discount Coupon

The option to enter the coupon code will appear during check-out.

 

Can You be Charged Under the Health Information Act ?

Posted on December 2, 2015 by Jean Eaton in Blog

If you access personal health information without authorization, this is a privacy breach.

You can be charged with a fine under the HIA and can face penalties, fines, and sanctions from your professional association.

How frequently are people being charged under the Health Information Act in Alberta for improper access to health information?

“This year alone, there has been one conviction and two charges for improper access of health information. The office is also investigating more than a dozen cases, and they all have the potential to become offence investigations.” Medical record privacy breaches an ‘epidemic' in Alberta,' says commissioner CBC News Posted Oct 15, 2015.

An investigation by the Alberta Office of the Information and Privacy Commissioner (OIPC) has resulted in 26 charges being laid against an individual under the Health Information Act (HIA) as reported in a OIPC News Release December 1, 2015. An incident at the Alberta Children’s Hospital in Calgary was reported by Alberta Health Services to the OIPC. The OIPC conducted an investigation and upon completion of the investigation charges were laid against the individual who allegedly gained access to health information in contravention of HIA.

This is the sixth time charges have been laid under provisions of HIA. The maximum penalty for each offence is $50,000.

Who is a custodian?

The custodian (as defined by HIA a ‘custodian' includes physicians, pharmacists, dentists, chiropractors, optometrists, Alberta Health Services, Minister of Alberta Health and more). The custodian is responsible to take reasonable steps prevent privacy and security breaches including providing privacy awareness training.

Do you have a privacy awareness program?

Do you have a privacy awareness program in your practice that everyone must attend? This includes healthcare providers, students, residents, office staff and, yes, even the non-patient care employees like cooks, cleaners, and maintenance staff.

Have you seen this?

Do You Need Privacy Awareness Training for Your Healthcare Practice?

 

 

fines, Health Information Act, HIA, privacy awareness training, privacy breach
‹12345›»

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

Well it happened! We recently had a privacy breach. It was an ‘oops’ but never the less a privacy breach. I had started the 4 Step Response Plan - Prevent Privacy Breach Pain but thought I had time to go through it. Unfortunately not. Your course has been a godsend with all the information and forms that I need to work through this privacy breach and notifying process.

- Nancy D.

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}