Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

OIPC Annual Report

Posted on December 27, 2020 by Meghan in Blog

Alberta Office of the Information Privacy Commissioner Annual Report

Recently, the Alberta Office of the Information Privacy Commissioner (OIPC) released their Annual Report 2019/2020.

The report is from April 2019 to March 2020. This is the first full year of mandatory privacy breach reporting requirements in Alberta.

Because of the volume of the privacy breaches, the OIPC have now chosen to triage privacy breach reports. They are fast tracking any of those breaches where individuals have not yet been notified about that privacy breach or where there is a potential offense is suspected.

If you've submitted a privacy breach report to the commissioner's office and haven't heard from them yet, it may be because it's gone through this triage process and, if you have completed an internal investigation and notified affected individuals, your breach report has not been flagged as a high priority.

OIPC Report

OIPC Investigations

The OIPC conducted investigations regarding offences under the Health Information Act (HIA), usually privacy beaches. In that time period, they forwarded 18 cases to the Special Prosecutions Branch of Alberta Justice for further investigation. 

Privacy Breach Trends

There were some interesting privacy breach trends that were reported by the commissioner's office that were reported to them under the PIPA legislation, the Personal Information Protection Act. Of the cases that were reported to them, a hundred of them were all electronic systems compromises. So they have lost some security in the computer network system of some kind, either that was in their direct control or by a third party vendor.

Human error is still a large source of privacy breaches. This can include both misdirected communications, such as miss-sent snail mail, email, or faxes; and unauthorized disclosure, such as when health providers discuss health information with other providers not involved in the patient care.

There were also 20 incidences of theft that they noted in this report and it included rogue employees.

Snooping continues to be an issue, although the report did not provide numbers to go with that.

Ransomware is also a serious issue, one that the commissioner office predicts to continue, particularly in clinics who have a lack of technical security controls on their computer systems.

Social engineering, which is tricking someone into divulging information based on false pretenses and assumptions, is a significant danger in the healthcare industry.

 

Social Engineering Example

Somebody posed as a pharmacist and wrote emails to pharmacies in order to get information about a particular patient. The email reads like the patient traveled from one location to another location and the fraudulent pharmacist is asking their buddy pharmacists at the other location to provide some information. 

This social engineering campaign was considered a significant threat and the college of pharmacists actually released an advisory to pharmacies to warn them of this social engineering attack.

This is a good word of caution for all of us is to not make assumptions just because somebody's email signature line says a pharmacist or other healthcare provider. We still need to make sure that we have verified the identity of that individual and not rely on that email signature alone.

You can download the report from the OIPC website. It provides a variety of other statistics and examples about investigations reports and privacy breach trends that may be of interest to you.

Download the OIPC Annual Report Here

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

4 Step Response Plan – Prevent Privacy Breach Pain On-line Webinar

5 Low Cost Steps You Can Take Now To Prevent Employee Snooping In Healthcare And Prevent Privacy Breach Pain

Snooping Conviction Earns 3 Years' Probation

Keeping Privacy Active in the Minds of Clinic Staff

3 Parts To Every Privacy Awareness Training Plan

What Healthcare Providers Need to Know About Computer Security and Standards

Health Information Act, medical clinic, OIPC, privacy and security, privacy breach

New Health Information Policy and Procedure Manuals!

Posted on November 23, 2020 by Meghan in Blog

Written Health Information Policies and Procedures

Most healthcare practices have good systems in place to properly collect, use, and disclose health information – but most practices don’t have these in writing!

Patients have the right to access their personal health information but yet frequently complain about long wait times and uncooperative front office staff when trying to request their personal information.

New staff members are hired and don’t receive clear written instructions on how to perform routine health information management tasks.

Why do these same problems repeatedly appear in practice audits and privacy complaints?

The most common reason that I see is incomplete, outdated or missing written policies and procedures! It doesn’t have to be this way.

I have seen how privacy compliance and patient satisfaction improves when practices have access to written templates. But templates and checklists alone are not enough!

You know your practice better than anyone else. When you customize standard policies and procedures to best reflect your practice, you develop strategies for your daily tasks.

And, when your team receives short on-demand video tutorials about the purpose of the policies and procedures and how it impacts patient care, the staff better understand and more consistently follow the policies and procedures.

That’s why I’ve developed the Health Information Privacy and Security Policies and Procedures Manual with templates and training to help you with your health information practice management and practice management. These policies and procedures have been implemented in hundreds of practices across Alberta and Canada.

I have consulted with medical, pharmacy, chiropractic, nursing, and nurse practitioners to create practical policies and procedures for them. Now, I’ve used these best practices as templates that you can use right away!

Now For Chiropractic and Nursing, Too!

Your healthcare practice needs a Health Information Policy and Procedure Manual. Written policies and procedures assist you to correctly, efficiently, and confidently collect, use, access, and disclose health information so that you can meet your accreditation, privacy impact assessment, and regulatory compliance requirements.

  • Starting with a template saves you time and money
  • Be privacy and security compliant
  • No special software to buy or learn
  • Use your existing MS Word and MS Excel office productivity software
  • One-time fee
  • On-line support
  • Available now!
Health Information Policy and Procedure Manual

Click the >> arrow to watch a short demo of the robust manual you can create quicker than you thought possible!

Different Policy and Procedure versions available for your specific type of healthcare practice

Medical Doctor

Medical Practice

Dental Practice

Dental Practice

Chiropractor

NEW!

Chiropractic Practice

Nurse Practitioner

NEW!

Nurse Practitioner Practice

Registered Nurse

NEW!

Registered Nurse Practice

Health Information Policy and Procedure Manuals ready for you now!

Step 1: Complete the questionnaire and download the templates

Step 2: Easily generate draft 24+ policies and 28+ procedures and forms using MS Word

Step 3: Edit the documents

Step 4: Video coaching and best practices for the policies and procedures and implementation tips

Step 5: Customize for your healthcare practice

Step 6: Video orientation for your employees

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them.

Show me the Policy and Procedure Templates!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies and Procedures Are? 

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

Do You Use Employee Privacy and Security Policy and Procedure Checklist Templates?

chiropractors, dentist, health information, Health Information Act, healthcare, medical clinic, Nurse Practitioners, Policies and procedures, policy, privacy and security, Privacy Impact Assessment, procedure, Registered Nurses, template

Do You Need An Expedited Netcare Privacy Impact Assessment?

Posted on November 6, 2020 by Meghan in Blog

What Is An Expedited Netcare Privacy Impact Assessment (PIA)?

A privacy impact assessment is a requirement of the Health Information Act (HIA) in Alberta. Alberta Netcare Portal (ANP) is a data repository of health information of Alberta residents. Many healthcare providers request access to the ANP to quickly access lab test results, text reports, and health insurance information to assist them to provide continuing care and treatment to their patients.

We know that privacy and security of health information is critical to the continued accuracy and completeness of health information for all patients. Alberta Health is the custodian of the ANP data repository. To ensure that everyone with access to the ANP also has accepted reasonable standards to protect the privacy, confidentiality, and security of health information, Alberta Health requires each healthcare provider to demonstrate that they have met these reasonable standards before being granted access to the ANP.

Community based healthcare providers who work in independent practices are also known as ‘custodians' as defined in the HIA. The custodians must submit a PIA to the Office of the Information and Privacy Commissioner (OIPC) for their review and acceptance. This PIA demonstrates the custodians' commitment to protect the privacy, confidentiality, and security of health information. Alberta Health and the OIPC have agreed to a streamlined process for healthcare providers and custodians to prepare, submit, and accept the ANP PIA so that healthcare providers can request access to the ANP.

We also know that technology and business practices change over time. It is a good business practice to review your PIA annually and update your risk assessment and mitigation strategies as needed. Updating your Health Information Privacy and Security Policies and Procedures and your PIA and submitting these to the OIPC is recommended best practice and a pre-requisite for continued access to the ANP.

Is It Time To Amend Your Privacy Impact Assessment?

Maybe you want to:

  • add a new digital health app or patient portal to make it easier for patients to book appointments with you, or
  • get access to Alberta Netcare Portal, or the CII or CPAR projects,
  • expedited Netcare Privacy Impact Assessment,
  • use the internet to get telehealth on-line consultations for your patients,
  • update your participating custodians and privacy officer, and
  • regular review to ensure that you are continuing to meet the requirements of the Health Information Act (HIA).

A PIA is a practical business tool in your healthcare practice.

A PIA is an important tool that you can use to help you with project management.

It will help you anticipate risks to the project before it starts and avoid serious problems, and wasted time and money.

The PIA process requires you to have written policies and procedures so that you can implement the project effectively and train your staff consistently.

Sometimes a PIA is a requirement of legislation. But it is always a best practice whenever you implement a project that includes personal health information.

I'd Like To Help You!

I’d like to help you with your Privacy Impact Assessment amendment. Click the button below for the next complimentary workshop!

Sign up for the complimentary workshop HERE!

If you are starting your new practice and need your first Privacy Impact Assessment, see our available consultation options here.

About Jean L. Eaton

Jean Eaton, BA Admin (Healthcare), CHIM, CC is the Practical Privacy Coach and Practice Management Mentor of Information Managers Ltd.

Jean is constructively obsessive about privacy, confidentiality, and security in healthcare.

She is an experienced leader in health information management. She has worked with multi-disciplinary health care service professionals in primary, acute, and tertiary care facilities across Canada.

Jean has successfully assisted primary care physicians, chiropractics, dentists, pharmacists, primary care networks, and other health care providers across Canada to develop privacy impact assessments (PIA) and office policies and procedures and training regarding the collection, use, and disclosure of health information.

You May Also Be Interested In:

 

“What is a Privacy Impact Assessment?”

Read the article and watch the short video now to take a look at what is a PIA, what will a PIA do for you, when you need a PIA, and what is the PIA process.

You can also listen to the Practice Management Nuggets podcast episode here.  

 

“How Long Does it Take to do a New Privacy Impact Assessment?”

Ideally, you should start the Privacy Impact Assessment process 3- 6 months prior to your go-live date. Find out more by reading the article.

Alberta, amendment, expedited Netcare, PIA, privacy consultant, Privacy Impact Assessment

Who Is Doing The Recalls In Your Dental Practice?

Posted on October 30, 2020 by Meghan in Blog

Who Is Doing The Dental Recalls In Your Practice?

If you have an appointment schedule with a lot of openings, you might need a dental recall program.

If you have an appointment schedule with a lot of openings, you might need a dental recall program.

If you don't have many recall appointments in your schedule, you might need a dental recall program.

If you want to add additional or your first dental hygienist, you might need a dental recall program.

If you have patients that haven't seen you for a long time, you might need a dental recall program.

What 

Joanne Williams of U R DU Appointments is my guest on this episode of Practice Management Nuggets For Your Healthcare Practice!

She will share how a consistent dental recall program will help a dental practice improve dental care and increase your revenues.

Joanne Williams' #1 Tip to Dentists and Practice Managers

Be consistent with your patient recall program! Click to Tweet

 

My Favorite Takeaways From The Podcast

Joanne shared her extensive experience in the dental industry including these nuggets:

  • Don’t rely on digital automated dental recall system.
  • Patient management platform not just recall automation.
  • Expert tips on how to understand practice management software and statistics.
  • Don’t make this common mistake when assigning staff to implement a patient recall program!
  • A personal contact will maximize the patient recall success rates.

Featured Guest: Joanne Williams

U R DU Appointments

Joanne Williams brings 20 years of experience managing a dental clinic in Calgary Alberta. Patient management within a digital environment is one of the strengths the U R DU appointment services. A good patient dental recall program is the heartbeat of the dental clinic. 

From the moment she started her career in dentistry, Joanne Williams knew it would be an interesting and challenging one. With over 20 years of experience managing a dental clinic, she enjoys working and learning the management side of dentistry. After adapting to the introduction of technology to the industry and building systems for a new paperless environment, Joanne is ready to take on new challenges as a member of the U R DU team.

When not at work, Joanne retains her passion for communication and productivity. A passionate biker, gardener, and golfer, she is also a loving partner, mother, and grandmother. Outside of the office, there’s nothing she loves more than being out on the greens under a wide-open sky.

To find more, see https://urduappointments.ca/

 

Be sure to tune in to my interview with Joanne Williams

Who Is Doing The Recalls In Your Dental Practice | Episode #096

Listen To The Podcast Here

You may also be interested in:

Privacy Awareness in Healthcare Training: Dental Practices 

Improved Communication, Improved Dental Business 

#PracticeManagementNugget, dental, dental recall, dental recare, Joanne Williams, podcast, urdu appointments

5 Low Cost Steps You Can Take Now To Prevent Employee Snooping In Healthcare And Prevent Privacy Breach Pain

Posted on October 22, 2020 by Meghan in Blog

Healthcare Employers, Privacy Officers Need To Prevent Employee Snooping

Human curiosity, interpersonal conflicts, shaming or bullying or financial gains are common motivators for snooping. We seem to be hard-wired to want to peek into someone else’s personal and private information. Snooping is a violation of trust between our patients and the healthcare providers and the people who work for them.

We want our patients to trust us. We need the patients to share their personal information with us so that we can provide the appropriate health services to them. When healthcare providers and employees snoop in our patient’s information we destroy that trust with the patient. When one of our team members is snooping, it harms the effectiveness of our teams and damages morale in the clinic.

When employees are snooping in personal health information, it costs the employer time and money.

What Is Snooping?

Looking at someone’s personal information without having an authorized purpose to access that information to do your job is known as ‘snooping’.

Even when you are “just looking” at personal information but don’t share that information with anyone else, this is still a privacy breach.

It is illegal.

Snooping incidents are on the rise and can cost you time, money, heartache, and headache in your practice.

When there is an offence under the privacy legislation like the Health Information Act, there may be an investigation, charges and court appearances, fines, penalties, and loss of employment.

Snooping is entirely preventable. You can easily use the 5 low cost steps to prevent employee snooping in your healthcare practice.

How Can You Prevent Employee Snooping?

Let’s take a look at the pro-active steps that you can take today to prevent employee snooping.

Step 1. Be A Privacy Champion

The first step is to be a privacy champion. Everyone can be a privacy champion in your role in your practice. Make sure that you understand the legal and regulatory obligations about privacy and how it affects your health care practice and your patients is an important step.

In addition, each practice should have a named privacy officer who is responsible for the accountability and management of privacy compliance in your practice. In fact, simply having a named privacy officer increases the likeliness of spotting  and responding to a privacy breach more quickly than a practice that does not have a privacy officer.

The privacy officer will also ensure that there are appropriate policies and procedures related to the correct collection, use, and disclosure of health information – and appropriate monitoring and enforcement when snooping is suspected.

Step 2. Train Privacy Awareness

Healthcare practices must provide privacy awareness training to all of their employees at their orientation and not rely on the assumption that the employees have learned about privacy awareness in their previous roles.

When the training includes examples of snooping and clear expectations about the potential consequences and sanctions, you have set the stage to define the culture that snooping is not acceptable. Unfortunately, there are many examples of snooping privacy breach incidents in the news. When you discuss these examples, you can increase privacy awareness and learn from someone else's privacy breach.

Use These Examples as part of your training to inform employees about the consequences of snooping
Snooping Conviction Earns 3 Years’ Probation
Recent Privacy Breach Convictions Under Alberta’s Health Information Act

Step 3. Reasonable Safeguards

Implementing reasonable safeguards makes it easier for people to do the right thing and avoid the temptation of snooping.

There are three types of safeguards.

Administrative. Written policies, procedures, training, and oaths of confidentiality are examples of administrative safeguards. When there are clear, written, expectations about privacy and confidentiality, including snooping, we are more likely to achieve positive privacy practices.

Technical. This often includes security related to computers. For example, making sure that we have role-based access to systems and personal health information supports the need to know principle. Computer networks and electronic medical record systems that have user management audit logging and enforce unique user ID are other examples about technical safeguards that allows us to prevent and monitor snooping incidents.

Physical. Restricted access to paper records, ensuring that documents are shredded appropriately are examples of physical safeguards that can prevent employee snooping.

Step 4. Monitor to Prevent Snooping

Knowing that their supervisor, co-worker, or privacy officer is observing their interactions with personal information may help to deter employees from snooping.

The supervisor or privacy officer may routinely monitor user audit logs of systems containing personal information to search for unusual activity or pro-active review of users looking up patient information with the same last name or access to VIP records.

Listen to the podcast, How AI Improves EMR Auditing | Episode #094 to learn about an easy way to perform user monitoring and quickly recognize risks from external bad actors and employee snooping incidents!

Step 5. Consequences When Employees Snoop

Well documented and implemented consequences is step 5 to prevent snooping incidents.

Written sanctions and discipline policy are required both as a deterrent to snooping and to facilitate the quick response to a privacy incident.

When proactive measures fail, consequences may be appropriate. The consequences need to be reasonable, consistent across all providers and employees, and fair to the circumstances.

Written sanctions and discipline policy are required both as a deterrent to snooping and to facilitate the quick response to a privacy incident.

Snooping is a privacy breach, and it will require investigation and reporting. Your written privacy breach policies, procedures and forms will help you to respond quickly to a snooping incident.

Sanctions might also be applied outside of the organization. When a privacy breach is reported to the OIPC or a privacy complaint is made to the OIPC, charges may be laid under the HIA.

Listen to the podcast, 5 Steps to Prevent Employee Snooping | Episode #097 to learn more about snooping and how to prevent it in your healthcare practice!

When we know better, we do better

Download  the Practice Management Success Tip, ‘5 Steps To Prevent Employee Snooping'.

Share and discuss examples of snooping and your related policies and procedures to support privacy awareness in your practice.

prevent employee snooping

The Practice Management Success Tip, 5 Steps to Prevent Employee Snooping, will help you

  • Take 5 practical steps to prevent employee snooping.
  • Provide clarity about what is considered a privacy breach.
  • Contribute to the health information privacy compliance in your healthcare practice.
Show Me The 5 Steps to Prevent Employee Snooping

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Snooping Conviction Earns 3 Years’ Probation

Keeping Privacy Active in the Minds of Clinic Staff

Not sure what is considered a privacy breach? See When is a Privacy Breach a Privacy Breach?

 

 

employee snooping, employee training, prevent employee snooping, privacy, privacy breach, privacy officer role and responsibility, reasonable safeguards

Why Medical Practices Will Have to Offer Telemedicine in the Future to Compete

Posted on September 22, 2020 by Meghan in Blog

Did you know – it's a myth that patients don't want to use telehealth!

When your practice has efficient processes and in-office practice is streamlined, then you are ready to embark on seeing patients with telemedicine. The COVID-19 pandemic has been the catalyst for growth in telemedicine, and it will be an essential tool for healthcare providers in the future.

Dr. Michael Greiwe, founder of OrthoLive and SpringHealthLive telemedicine platforms is my guest on this episode of Practice Management Nuggets For Your Healthcare Practice!

He’s going to share with us how to increase your practice revenue, efficiency and patient satisfaction with telemedicine!

 

Dr. Michael Greiwe's #1 Tip to Healthcare Providers, Clinic Managers, and Privacy Officers

90% of Patients Prefer Telemedicine over in-office visits. Click to Tweet

 

My Favorite Takeaways From The Podcast

  • Telemedicine is the next tool that is going to make the job easier for physicians and better for patients
  • It's a digital health misconception that patients don't want to use telehealth
  • Patient access is the beauty and power of telemedicine
  • Get your office processes in good working order so that you can confidently implement telehealth solutions

Featured Guest: Dr. Michael Greiwe

OrthoLive & SpringHealthLive

Michael Greiwe, M.D., is a surgeon by day and tech guru by night. He is a practicing orthopaedic surgeon with OrthoCincy, near Cincinnati, Ohio, and the founder of the OrthoLive and SpringHealthLive telemedicine platforms. The platforms allow medical practices to deliver telemedicine visits through real-time HIPAA compliant video conferencing between provider and patient – increasing practice revenue, efficiency and patient satisfaction.

Dr. Greiwe is a nationally recognized expert on how telemedicine technology is changing the practice of medicine. TV news stations and podcasts across America have interviewed him about the future of telemedicine, and how to use it to improve the patient experience.

He attended the University of Notre Dame, where he won the prestigious Knute Rockne Award for excellence in academics and athletics. He completed his orthopaedic surgery training at the University of Cincinnati Department of Orthopaedic Surgery and Sports Medicine. In 2010, Dr. Greiwe completed his fellowship in shoulder, elbow and sports medicine at Columbia University, training with the head team physician for the New York Yankees, Dr. Christopher Ahmad.

To find out more, see OrthoLive and SpringHealthLive.

 

Be sure to tune in to my interview with Dr. Michael Greiwe

Why Medical Practices Will Have to Offer Telemedicine in the Future to Compete | Episode #095

Listen To The Podcast Here

You may also be interested in:

Remote Working and Virtual Care Privacy Impact Assessment Templates

#PracticeManagementNugget, clinic manager, COVID-19, Dr. Michael Greiwe, healthcare, medical, OrthoLive, pandemic, patient experience, podcast, SpringHealthLive, telehealth, telemedicine

How To Make LinkedIn Work For You

Posted on August 17, 2020 by Meghan in Blog

Are you a clinic manager or healthcare provider who wants to build your network and re-fresh your professional connections so that you are better prepared for your next career move or, maybe, start or build your own business?

You have heard that LinkedIn is THE place to grow your career and your professional presence.

But are you wondering what the correct etiquette is, and the best practices for your LinkedIn profile?

Janice Porter knows the essentials to using LinkedIn that will make a big difference in improving your visibility and credibility – both crucial to prepare for your next job or move your healthcare practice towards profitability.

Janice will help you develop and use LinkedIn as a primary tool for bringing in new business.

Janice Porter is my guest expert on Practice Management Nuggets For Your Healthcare Practice.

Janice Porter's #1 Tip to Healthcare Providers

Keep your LinkedIn profile fully optimized! Click to Tweet

My Favorite Takeaways From The Podcast

  • LinkedIn is great for professional to professional connections
  • Keep your profile fully optimized – if someone searches your name, Google indexes LinkedIn so highly that your profile will be a top hit
  • First impressions are important! Make sure your profile is completed and professional
  • You need to have a LinkedIn profile for legitimacy
  • A professional headshot can improve your profile by over 93%
  • Be authentic
  • Create an optimized headline
  • Personalize your background
  • Be active and share content on your newsfeed
  • When you connect with people, write personalized messages 
  • Make new connections
  • When you build connections online, always aim to bring the relationship offline (Zoom coffee calls are a great idea!)

Featured Guest: Janice Porter

Janice Porter & Associates

Janice is known as a master communicator, and her passion is specializing in working and teaching professionals online and offline networking and marketing strategies for attracting, developing, nurturing, and retaining relationships that enhance business growth and profitability.

Janice believes anyone in business or looking for a new position, needs to have a professional LinkedIn profile, and that LinkedIn is a powerful, under-utilized online platform for attracting new clients, new referral partners, or being found by recruiters.

Connecting like-minded people is one of her innate gifts, because she cares and deeply values each person in her network. It is with deep insight and a steadfast belief in relationship marketing that Janice makes the introductions, and only when she is knows it will be beneficial to both parties.

To find more from Janice, download 16 Steps To A Fully Optimized LinkedIn Profile.

 

Be sure to tune in to my interview with Janice Porter,

How To Make LinkedIn Work For You | Episode #092

 

Listen To The Podcast Here
#PracticeManagementNugget, healthcare, healthcare careers, Janice Porter, LinkedIn, networking, podcast, profile

Keeping Privacy Active in the Minds of Clinic Staff

Posted on August 10, 2020 by Meghan in Blog

As an employer and health care provider, you are responsible to provide training to all of your employees about privacy awareness. If you don’t provide the training, if the employees don’t understand the policies and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

Protect your organization and your patients. Equip your staff with the information they need to confidently and correctly handle personal health information. Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

How do you keep privacy active in the minds of your clinic staff?

Below are a number of simple, low-cost tips that you can use right away to build privacy awareness training in your practice.

Start a privacy awareness training program

The super-easy way to start a simple privacy awareness training program in your organization is to start with your Health Information Privacy and Security Policies and Procedures Manual. Take one policy or procedure a week or month, circulate it for review, and then circulate a short follow-up quiz specific to your organization.

If you circulate the quiz by email, depending on which email service you use, you may be able to use the built-in poll feature. You send out the question and in the poll, your team replies with the best answer. That way, you also build in a way to document that people received and responded to your quiz.

 

Listen to podcasts or watch YouTube videos on privacy awareness during a team meeting

Practice Management Nuggets For Your Healthcare Practice is a regular interview series with practice managers, healthcare providers, or trusted vendors who support healthcare practices. Topics include things you need to know to help you start, grow, fix, or maintain your healthcare practice. The events will be short – about 30 minutes – with nuggets of information that you can use right away. You can listen to these interviews as a podcast or watch them on YouTube.

Recent training topics have included:

  • Remote Working Privacy Breach Pain
  • PIPEDA's Mandatory Privacy Breach Notification
  • Privacy Awareness Quiz #PrivacyMatters

 

Take a Privacy Awareness Training course as a team

Regular privacy awareness training protects patients, employees, and your business.

Privacy Awareness in Healthcare Online Training and Privacy Awareness in Health Care Training – Dental Practices are online courses offered by Corridor Interactive.

In the course best fit for your practice, you and your staff will learn:

  • Understand patient and client privacy rights.
  • Respect personal health information and your obligations.
  • Confidently and correctly handle personal health information.
  • Use reasonable safeguards to protect personal health information (PHI).
  • Recognize and respond to a privacy breach
  • Support key policies, procedures and risk management programs in your healthcare practice.

 

Health Privacy SummitBecome a Practice Management Success member

Practice Management Success is an online community with tips, tools, and templates you can use right away to start, grow, fix, or maintain your healthcare practice. Membership is open to all healthcare practices of any size. Members have access to online resources and networking and support from other clinic managers, practice managers, and healthcare providers in independent community practices!

When you are a member of Practice Management Success, you also have access to the Q&A With Jean training library.Use these privacy awareness training videos where you can select the topics that are of interest to your practice. Each Q&A recording includes training (usually 10-30 minutes), and most have training notes or resources that you can download and use right away.

Members also have access to Policy and Procedure Orientation For Your Employees training videos.

 

Subscribe to Privacy Nuggets Newsletter

Privacy Nuggets are posted on the Information Managers blog and also sent to you by email when you subscribe to the Privacy Nuggets newsletter. These articles explore recent privacy breaches and provide a training tip on how to prevent a similar breach from happening in your practice and tips on how to respond to a similar privacy breach incident. You are welcome to share the articles and emails with your team and use this as a training tool, too!

Recent articles include:

  • 3 Parts to Every Privacy Awareness Training
  • Recent Privacy Breach Convictions Under Alberta's Health Information Act
  • When is a Privacy Breach a Privacy Breach?

CyberSecurity Awareness Month

Cybersecurity Awareness Month

The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.

The overarching theme for Cybersecurity Awareness Month 2020 is “Do Your Part. #BeCyberSmart.” The theme empowers individuals and organizations to own their role in protecting their part of cyberspace, with a particular emphasis on the key message for 2020: “If you connect it, protect it.”  If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone. 

Information Managers Ltd has been a Cyber Security Champion for many years – and now you can, too!

Cyber Security Awareness Month was launched by the National Cyber Security Alliance (NCSA) & the U.S. Department of Homeland Security in October 2004. This US organization sponsors a multi-media resource campaign each October.

Become a Champion

You can become a Champion, too – and get direct access to all the resources.

  • Demonstrate to team the importance of cyber security at work.
  • Share with your patients – by posters in your practice, blog posts, or your email newsletters – and demonstrate that your practice is cyber aware and you want to share tips with them.
  • If you have team members who work remotely, work from home, use their own mobile devices, or use the internet to connect with apps and resources – give them additional skills to do their work as safely as possible.
  • Help your team members better manage their own personal information in their personal lives – good habits that will help them at work, too!

Becoming a Champion is easy and does not require any financial support. Become a Champion here https://staysafeonline.org/ncsam/champions/.

Throughout October, NCSA will focus on the following areas in our promotions and outreach. Partners are welcome to follow along with NCSA but also encouraged to create their own areas of focus relevant to their organization:

There is a #BeCyberSmart theme for each week in October.

October 1 and 2: Official kick-off for the month

Week of October 5 (Week 1): If You Connect It, Protect It

Week of October 12 (Week 2): Securing Devices at Home and Work

Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare

Week of October 26 (Week 4): The Future of Connected Devices

Watch for resources from Information Managers during Cyber Security Month.

 

 When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.  

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

 

#BeCyberSmart, cyber security, healthcare, privacy, privacy awareness in healthcare, privacy awareness training

Merging Your Healthcare Practice – PIA Considerations

Posted on August 3, 2020 by Meghan in Blog

Merging Your Healthcare Practice – PIA Considerations

 

Mergers and acquisitions and closing and consolidating are activities that healthcare practices undertake at various times in the life cycle of a business.

There are many reasons why a practice may consider buying or acquiring an existing healthcare practice.

You might be expanding your practice to rapidly expand the scope of your services, location, or space. Or you might be downsizing your practice. Or maybe you're merging multiple practices into one streamlined practice so you can better manage your profit margins.

You might be looking to diversify your services or, perhaps, create an area of super-specialty that will provide a competitive advantage for your healthcare practice.

You might be wanting to acquire skilled employees or healthcare providers that you couldn't recruit in your current circumstances.

You might be acquiring or consolidating real estate infrastructure, medical equipment or electronic medical records, computer networking, or perhaps the management team. Or you might be exploring opportunities for economies of scale or cost-cutting.

As a custodian (including physicians, pharmacists, dentists, chiropractors, nurse practitioners, optometrists, and more) you need to ensure that the patient's health information remains private and secure, and that patients have continued access to their health information.

 

Thinking about merging your healthcare practice? Important privacy impact assessment steps for you to consider. #PIA #Privacy #ProtectYourPractice Click to Tweet

5 Important Steps Before You Merge Or Close Your Healthcare Practice To Ensure Your Continued Privacy Compliance

  1. Inventory All Your Existing Patient Records
  2. Patient Records Systems
  3. Agreements
  4. Existing Documents
  5. Privacy Impact Assessment Amendment Plan

 

Read the full article below!

Or listen to the podcast here

Inventory All Your Existing Patient Records

 

When you assume a new practice, you need to know where all the patient records are maintained. If you are closing your practice, you need to ensure the continued security and access of patient records to the patient.

To do this, you need to know which patient records are included in the practice. Create an inventory of the existing patient records.

Remember that you must meet the records retention period (which often is 10 years plus the age of majority) for all the patient records. Make sure that you are meeting the records retention periods and that you have correctly inventoried all of the patient records. This includes all locations and record types including paper, off-site storage, and records that have been backed up to an electronic drive or a separate memory device.

Include all types of patient records – including appointment records, appointment books or electronic scheduling software, billing records, paper records, diagnostic medical devices, electronic medical records and audit logs.

When you assume a new practice, you need to know where all the patient records are maintained.

Patient Records Systems

 

Make sure that you review all the existing patient record systems – electronic medical record, billing systems, records storage, etc. – and the associated termination clauses with the vendors. If you need to transfer the management of patient records between custodians or to a different system, you need to thoroughly explore the data migration and archiving options and the associated costs.

Remember, you must maintain the complete patient record – including the clinic notes, test results reporting, task management, internal messaging, and audit logs – for the entire retention period. Often, exporting a patient record to a PDF file format does not include the complete patient record. Instead, you may need to maintain a read-only version of the electronic medical record.

Agreements

 

Collect all the existing agreements between the custodians and the vendors and stakeholders with whom the custodian has authorized the collection, use, and disclosure of patients’ health information. This may include the EMR vendor, billing agent, custodians, Primary Care Network, and successor custodian agreements.

Existing Documents

 

Request a copy of the existing documents that support the business of managing the patient records, including the health information privacy and security policies and procedures and privacy impact assessments. This will help you to respond to inquiries about previous patient records management practices and assist you in preparing your next privacy impact assessment.

Privacy Impact Assessment Plan

 

Consider the history of the current practices and plan your new operations plan. Complete a risk assessment to ensure the appropriate reasonable safeguards of previous, current, and future patient health information. Then, complete a Privacy Impact Assessment and update the Health Information Management Privacy and Security Policies and Procedures. In Alberta, the Health Information Act (HIA) requires the custodian(s) to submit the Privacy Impact Assessment to the Office of the Information and Privacy Commissioner (OIPC) for review prior to implementing new practices.

 

If you want to know more about Privacy Impact Assessments with step by step instruction, training, and mentoring, register for the on-line training, Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments. 

Related Resources

Watch these Practice Management Nuggets For Your Healthcare Practice Videos:

  •  When You Close Your Healthcare Practice on YouTube
  • What to Consider Before Sub-Leasing on YouTube

Download:

  • Top 3 Agreements Your Healthcare Practice MUST Have (and Why)
healthcare practice, merging healthcare practice, PIA, privacy, Privacy Impact Assessment, protect your practice

CHIMA’s Emerging Privacy Management Practices in Health Care series

Posted on July 30, 2020 by Meghan in Blog

Emerging Privacy Management Practices in Health Care 

I'm tickled pink to be the facilitator for CHIMA's new continuing education series.

The Canadian Health Information Management Association (CHIMA) recently launched a live, 5-part privacy series, Emerging Privacy Management Practices in Health Care, beginning on August 6, 2020.

Telehealth and virtual care implementation has advanced 10 years in the last 3 months in response to the coronavirus (COVID-19) pandemic. This series covers the critical aspects of implementing modern privacy management practices in your health care organization. This series is suitable for individuals with privacy-related roles (e.g., managers, vendors, or employees) across the continuum of health care (e.g., acute, primary, long-term or community care).

Each module will cover a privacy-related topic area including privacy awareness, release of information (ROI), access and disclosure, security/cybersecurity, and breach management. Environment overviews are shared throughout the series along with new opportunities for health information professionals in both traditional and emerging roles. By keeping current with these trends, health information professionals will be better prepared to assume new roles within privacy management.

Attend the live webinars to participate in a Q&A period with series facilitator and industry expert Jean L. Eaton.

Learn more at echima.ca/privacy-series

Speakers:

Jean L. Eaton, Your Practical Privacy Coach and Practice Management Mentor with Information Managers Ltd.

Jean L. Eaton is a Certified Health Information Management (CHIM) professional, and privacy awareness training facilitator.

She has had the honour of sharing her passion for practical privacy and confidentiality advice with hundreds of medical clinics, health care practices, and organizations across Canada and the United States.

Jean has over 20 years of experience in health information management and health care administration and over 15 years in her independent privacy consulting practice. She makes practical recommendations for thousands of independent health care providers to help them comply with privacy legislation and create efficient practices.

Jean is also a keynote speaker on the topic of privacy breach management and serves as an on-demand ‘virtual privacy officer’.

The live webinars will occur on the first Thursday of each month from August to December.

 

Module Date Time
1. Privacy awareness August 6, 2020 12:00 – 1:30 pm EST
2. Release of information September 3, 2020 12:00 – 1:30 pm EST
3. Access and disclosure in patient portals, information sharing, and health information exchange environment October 1, 2020 12:00 – 1:30 pm EST
4. Security/cybersecurity November 5, 2020 12:00 – 1:30 pm EST
5. Privacy breach management December 3, 2020 12:00 – 1:30 pm EST
Purchase Your Series Pass Here!
access, cybersecurity, health care, Health Information Management, healthcare, medical, privacy, privacy awareness, privacy management, security, telehealth, virtual care
1234

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

It is a rare privilege to work with an authentic expert who fulfills their role of consultant and coach with curiosity and respect for the specific nature of their client's unique enterprise. Jean Eaton was always prepared, sat every meeting on time, listened to an endless barrage of questions and answered every one with patience, grace, and wise counsel. The end product Information Managers Ltd provided ECHO Health was exceptional; their ongoing support will be a large measure of our success going forward. I highly recommend their services.

- Dr. Gregg Trueman-Klein, NP, ECHO Health

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

0 shares
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}