Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Prevent Big Fines (or Worse!) for Your Healthcare Practice; Learn How to Plan a Privacy Impact Assessment

Posted on November 18, 2015 by Jean Eaton in PMN Replay, Practice Management Nugget Interview

Join us for the free webinar,

How to Plan a Privacy Impact Assessment for Your Healthcare Practice

A PIA should be as common place to a healthcare practice as a business plan is to a business. BUT most healthcare practices don't know this and often don't know that a PIA is  usually part of their professional college requirements and often even a legislated requirement! Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by completing a PIA.

You need a Privacy Impact Assessment when:

  • You  are opening a new clinic or establishing a new health services program.
  • You are changing administrative procedures or technology equipment, services, or vendors
  • You are changing how you collect and use personal information,
  • You are implementing or changing an Electronic Medical Records (EMR)
  • You are sharing health information with another healthcare provider, organization, Primary Care Network or other health program.
  • You have a Privacy Impact Assessment that was written more than 2 years ago? (It is time to review and update this!)

Doing a Privacy Impact Assessment for your practice is easy – once you figure it out.  I have helped hundreds of clients complete their Privacy Impact Assessment and visited hundreds of practices across Alberta.  I've figured it out . . . so you don't have to! Now I’m going to share with you what you need to know to plan your PIA. 

profileLadywithBriefcase_v2Jean L. Eaton, the Practical Privacy Coach, will give you an overview of the Privacy Impact Assessment process, including:

  • What is a PIA
  • When do you need a PIA
  • How to plan a PIA

You will get

  • Learning Resource Guide
  • Checklists to help you plan your PIA

This is for you if you are a healthcare provider, practice manager, or vendor that supports a healthcare provider in a group or solo practice with direct patient care, for example a:

  • Physician
  • Pharmacist
  • Registered nurse
  • Optometrist or optician
  • Chiropractor
  • Physiotherapist
  • Midwife
  • Podiatrist
  • Dentist, dental hygienist or denturist
  • Audiologist
  • Mental health practicitioner
  • Laboratory, x-ray, and imaging technician
  • Paramedic

In this FREE 30-minute Practice Management Nugget Webinar  Jean will answer your questions about planning a PIA for your healthcare practice. I have a Special BONUS Gift for those who show up live – Don't miss out and register today!

Planning a PIA for your healthcare practice is easy when you have tools, resources and the Practical Privacy Coach and Practice Management Mentor to help you.

Recorded Live Thursday, December 3, 2015

 

Watch the replay here.


Learning Guide How to Plan a PIA Information Managers

 

Health Information Act, healthcare, PIA, Practical Privacy Coach, Practice Management Mentor, Privacy Impact Assessment

Who Can Authorize Payments in Your Healthcare Practice?

Posted on November 18, 2015 by Jean Eaton in Blog

Can your boss send the bookkeeper or clinic manager an email to authorize payment?

You might want to re-think that.

Read this CBC investigation report, “Ransomware, bogus emails from your ‘boss' mark growing skill of cyber-criminals” to understand the risk to small businesses from targeted phishing attacks.

There are many creative ‘cyber bad guys’ who love to trick you into providing your personal information or use social engineering to trick you to take action – like making a payment to ‘Mr. Smith'. It is essential to train your employees to help them identify an attack and prevent phishing attacks and prevent a privacy breach. If you are breached, learn how to spot and report it.

Set up clear policies in your healthcare practice about authorizing payments to legitimate vendors. Consider having one person responsible to create the cheque and another person to sign the cheque. Don't rely on email to authorize payments, especially to new accounts.

Related Posts:

Is Your Patient’s Health Information Protected from Cyberextortion?
Email Phishing

cyberextortion, healthcare procedures, phishing, security

Do You Need Privacy Awareness Training for Your Healthcare Practice?

Posted on October 29, 2015 by Jean Eaton in PMN Replay, PMN Stitcher, Practice Management Nugget Interview

Join us for the free webinar,

Privacy Awareness in Healthcare: Essentials

Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Give your staff the knowledge and tools they need to apply policy in their day-to-day work AND prevent a privacy breach with privacy awareness training.

Privacy awareness training is easy with interactive online learning experiences that are more effective than conventional training.

Make online training available to all your new and current employees quickly and efficiently.

Heather Mooney will demonstrate the online training platform.

In this FREE 30-minute Practice Management Nugget Webinar Heather and Jean will answer your questions about online privacy awareness training program so that you can decide if this is the right choice for your healthcare practice.

Heather Mooney, VP Business Development, Corridor Interactive

Heather is the sales and marketing strategist with experience in channel and account management; responsible for driving the sales and marketing program.

Privacy Awareness in Healthcare: Essentials Individual and group training licenses with Corridor Interactive available here.

 

Try out a Trial Membership to Information Managers Network to access more great interviews webinar replays and resources.

Trial Membership Information Managers Network

 

Information Managers Network Login

 

Subscribe to our YouTube Channel
Practice Management Nuggets are now also available as podcasts! Find us on Stitcher Radio and iTunes!

Practice Management Nugget Webinar

Privacy Awareness in Healthcare: Essentials

hosted by Jean Eaton of Information Managers Ltd.

 Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

PMN_2015Nov05_Privacy_Awareness_Heather_logo

Corridor Interactive, health care, healthcare, Heather Mooney, Practical Privacy Coach, Practice Management Mentor, privacy awareness training

Free one month trial membership

Posted on October 28, 2015 by Jean Eaton in Archive

Thank you for joining us for the 15 Day Privacy Challenge!

Please enjoy a FREE one-month trial membership with Information Managers to access more great content that you can use right away!

The trial membership gives you access to:

  • Replays on demand of Practice Management Nugget webinars. Weekly 30 minute interviews with local, national, and international experts to help healthcare practice managers and providers manage their practice! Tips, tools, and templates that you can use right away!
  • Access to premium downloadable content as well as exclusive extras on some of our blog posts.
  • Advance notices of new products.
  • Monthly Q&A Webinar with Jean – user directed access to the Practical Privacy Coach and Practice Management Mentor – send your questions, and Jean will respond during the webinar – replays available only to members of Information Managers Network.

Free 1-Month Trial Membership to Information Managers Network.

Fax vs. Email Debate in Clinic Practices

Posted on October 28, 2015 by Jean Eaton in Blog

Which is safer to send personally-identifying information – by fax or by email?

Sending information by the (now old-fashioned) fax uses telephone technology, which is its own type of encryption – it is a direct message between the sender and receiver and is often the more secure communication solution. (Note – many fax services are now using fax to email technology which, for this article's purpose, is handled more like email.)

Email is not automatically encrypted – it is not in a code that can only be read by the sender and receiver. It is easy to forward email messages from the intended receiver to someone else or to another type of mobile device (smart phone, forwarded to another email address, multiple computers), and can be saved in many different locations. There is a greater risk of the information going to the wrong person or kept in more than one place – which creates a greater risk to the security of the information.

If you send clinical information by email referring to ‘Client J' instead of full identification, you create 2 new potential problems. If you have not completely and accurately identified the client in your clinical notation, it probably doesn't meet the standards of practice of clinical documentation. If you send a message to another provider about ‘Client J', it is likely that:

a) Someone other than the intended receiver will be able to identify the person of interest. This means that you may be sharing the client information with someone not authorized to receive it – for example, the email may get printed and left in an area that is not secure and be seen be someone not authorized to see it. This privacy breach will be, in part, the responsibility of the sender of the information – you.

b) If the information is sent without full identification, and the receiver makes an error in matching the information to the correct individual and takes further action – like notifying the client of the new action plan that may not be appropriate for them – you have potentially compromised the privacy and confidentiality of the original client and contributed to an error to the second client.

c) If the intended receiver is away, the email message might be overlooked or there may be a delay in response – which might be a delay in client service. In a fax world, there is usually more than one person assigned to monitor the incoming faxes.

 

Convenience

Poorly managed fax communication is one of the most frequent sources of privacy breaches. Even though email is now commonly available, it doesn't mean that it is any more secure than faxes. Sometimes, convenience can create more security problems!

Keeping client information confidential and secure is a key requirement in clinical practices. Whatever methods you use, you need to ensure that you have well documented policies and procedures that meet your profession's standards of practice and legislative requirements. You need to identify the risks and strategize how best to mitigate or minimize those risks.

email, email and patients, fax, healthcare

How to Create Social Media Policies

Posted on October 27, 2015 by Jean Eaton in Blog

October is Cyber Security Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Challenge #12 Social Media

If you decide to use social media in your business, you need clear rules about who will authorize messages. You also need a strong social media policy to provide direction and education to your employees about what they can – and can't – say on-line.

Employees also need to understand that if they participate in social media, their personal comments are still potentially a reflection of the business they represent. See “Securing the Human” for more information for employees.

Even if you decide not to use social media in your business, you still need to be aware of cyber threats such as hackers, viruses, malware or a cybersecurity breach, and implement a formal cybersecurity plan and social media policy for employees.

Review your organization’s policy and procedure about Social Media. See SANS and our articles “What Should You Include in Your Social Media Policy?”  and “The Honest Spin Doctor” for sample policies.

We are proud to be a Champion of National Cyber Security Awareness Month.

#CyberAware #15DayPrivacyChallenge.

 

#15DayPrivacyChallenge, #CyberAware, Practical Privacy Coach, Social Media policies, templates

Privacy Challenge #11 Privacy Awareness Training

Posted on October 25, 2015 by Jean Eaton in Archive

Privacy Awareness Training

80% of all privacy breaches are internal to the organization. It is the healthcare provider and employer’s responsibility to ensure that everyone in the organization knows the best practices to handle personal information. Healthcare providers must provide privacy and security awareness training to each employee and contracted vendors in a healthcare practice. This includes healthcare providers and professional staff as well as volunteers.

Employers and healthcare providers must be able to document that training is provided to the employee and that the employee understood the key concepts of the content provided in the training.

EmployeeOrientationA formal employee orientation process will help a new employee to succeed by:

  • Reducing the anxiety of the new recruit
  • Introducing the organization's mission and work
  • Explaining the organization's culture, including the values, behaviours, formal and informal practices, etc. including expectations of privacy and security of personal information. Set clear expectations of employee’s job performance and day-to-day activities.
  • Introduce new employee to colleagues, including managers or supervisors
  • Creating mentors and job ‘buddies' to help ease the new employee into the organization's culture

Privacy awareness training is an essential part of your employee orientation program.

Training alone won’t guarantee that mistakes or errors in judgement won’t happen, but the healthcare provider and employer are legally responsible to take reasonable steps prevent privacy and security breaches.

Privacy awareness training happens throughout the year. Informal training that is timely – say, the news item of the latest privacy breach – are great opportunities to reinforce key messages. Use ‘what if that happened to us, what would we do?’ to discuss lessons learned and improve your current practices, if necessary. Review near-miss privacy and security incidents in your practice. These are great opportunities to discuss and fix potential problems before they become breaches.

The Privacy Officer may create and deliver the training and will monitor, supervise, and support the training.

Use a variety of written and multi-media content like posters, newsletters, videos, infographics, and lunch ‘n learn discussions to reinforce key messages. People love games, challenges, and cyber competitions, too, as a way to create variety and interest in privacy and security.

Resources:

I am delighted to share with you a new course, Privacy Awareness in Healthcare: Essentials, training provided by Corridor Interactive. I have the great pleasure to work with Corridor Interactive to develop the course content.  Privacy Awareness in Healthcare: Essentials provides a privacy awareness training program available on demand. Individuals can register for the course and have access to a 3-month subscription. Employers can also purchase training for groups of employees; employees can access the internet based training at a time and location convenient to them. Employers can monitor the employee’s training progress and receive a report of employee’s satisfactory completion of on-line quizzes.

The Health Information Act Guidelines and Practices Manual from AHW provides an administrative checklist of custodian's responsibilities, including training requirements. This is a good outline for your privacy management program and employee orientation even if you don't need to follow the HIA. See Appendix 3 & 4.

Also see the Employee Orientation Checklist from the HRC Council: Getting the Right People.

Make use of networking within your organization and with associations, or organizations of similar or complementary services. Some vendors facilitate user groups. The Alberta Association of Clinic Managers and the Medical Group Management Association of Canada offer networking for Clinic Managers. Privacy Officers can find resources and networking at Privacy and Access Council of Canada.

Today's Challenge:

To Do:checklistsm

  • Do you know who the Privacy Officer is in your business?
  • Do you have an employee orientation checklist? When was it last updated?
  • How can the orientation process be improved?
  • Ask new employees for their feedback on their orientation.

Share Privacy Challenge #11!

envelopeEmail a Friend.

 

Twitter_logo_blueTweet your Followers.

 

 

 

#15DayPrivacyChallenge, #CyberAware, employee orientation, Practical Privacy Coach, privacy awareness training

How are you doing?

Posted on October 25, 2015 by Jean Eaton in Archive

How are you doing?

How are you doing with the 15 Day Privacy Challenge?  What has been the most useful challenge?  Have you learned anything new?  We would be tickled pink to hear from you!

Send me an email  to let me know or post a comment on Facebook. facebook

How are you using the 15 Day Privacy Challenge?

•             Some businesses are using the 15 Day Privacy Challenge as a Scavenger Hunt where employees are in teams and compete to complete each challenge first.
•             Some professional associations are distributing the Privacy Challenge information as a recommended self-education opportunity which members can use for Continuing Professional Education credits.  (see below)
•             Some employers are requiring all employees to participate as part of their staff education requirements – employees are required to sign the poster that they receive at the end of the challenge and submit to the HR department to confirm that they participated in the challenges.  This works particularly well with a planned wrap-up staff meeting to review the challenges as a group and identify any areas of improvement that can be made in the business.

 
Yes!  You can earn CHIMA CPE credits for your participation.

At the end of the 15 Day Privacy Challenge, you will receive a poster.  Please retain this poster, and your responses to the challenges, as confirmation of participation in case you are audited by CHIMA.  For more information about CPE credits, see https://www.echima.ca/cchim/cpe

It isn't too late to register!

Share this with friends and colleagues – they will still receive all the content of the Privacy Challenge. Registration closes Oct 28.

As long as you register and login before Oct 28, you can browse through the 15 challenges and resources at your leisure. They will be available to you on-line for (almost) forever.

#15DayPrivacyChallenge

Three Reasons Hackers Love Your Small Business

Posted on October 25, 2015 by Jean Eaton in Archive

60% of small and medium business owners go out of business

within 6 months after a privacy and security breach.

You can prevent this by implementing good policies, procedures and best practices in your office.  Provide privacy and security awareness training to all of your staff.  Some staff with greater responsibilities will need additional training.

You may not be able to do everything, but doing nothing is not an option.

Share this infographic with tips that you can share with your team.

October is Cyber Security Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware #15DayPrivacyChallenge.

#CyberAware, #NCSAM, cyber security, Practical Privacy Coach, small business, small business week

Communication Tips for Difficult Conversations

Posted on October 13, 2015 by Jean Eaton in PMN Replay, PMN Stitcher

Join us for the free webinar,

Talk Like a Leader – How To Make Difficult Conversations a Win-Win

Does the thought of having a difficult discussion with

  • an employee for performance review or
  • an employee for disciplinary action
  • a vendor to negotiate terms of contract
  • a patient who is abusive with your employees

Leave you feeling uncomfortable and . . . squirmy?

Grant Ainsley will help us understand the key steps to prepare for those difficult conversations.

In this FREE 30-minute Practice Management Nugget Webinar Grant Ainsley will help us prepare for difficult conversation with a vendor, with an employee, or with a patient.

It’s simply impossible to be a great leader without being a great communicator. Excelling in communication is consistently one of the highest rated traits of great leaders, but unfortunately communication skills are not inherited, or taught in business school.

Grant Ainsley says, “People won't care about how much you know until they know how much you care.”

Grant Ainsley is the author of The Honest Spin Doctor, a book that provides a road map to effective media relations for people who speak to the news media and the companies they work for. Grant_Ainsley_Photo_Communications_Talk_Like_A_Leader

Grant makes people think about the importance of communication and how they can immediately get better at a skill they use every day.

 

Join us for Practice Management Nugget Webinar

Talk Like a Leader – How To Make Difficult Conversations a Win-Win

hosted by Jean Eaton of Information Managers Ltd.

Download this Learning Resources Guide

 If you are a clinic manager or healthcare provider who wants to know the important tips to manage difficult conversations with a vendor, with an employee, or with a patient with confidence, then you need to register for this webinar right away. Immediately take your communication skills to the next level and learn to talk like a
leader.

PMN_2015Oct15_Communiction_Grant

The replay of this interview is now available as a member benefit.

Try out a Trial Membership to Information Managers Network to access this Practice Management Nugget interview and other webinar replays and resources. And if you’re already a member, just log-in and enjoy!
Trial Membership Information Managers Network
Already a member? Login here

communication skills, communication tips, Grant Ainsley, Practice Management Mentor, Practice Management Nugget, The Honest Spin Doctor
«‹23456›»

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

“This was my first ever time I had to work on a PIA and I was a little nervous about doing it efficiently - but you really made it as simple and straight forward as possible. Thank you for being available for my questions when I had them. I would easily recommend Privacy Impact Assessments to Protect Your Practice course for anyone to do their own PIA's! Thank you so much!”

- Karen Sarabura, Clinic Manager and Privacy Officer, CGA Medical Imaging, Alberta

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.