Add Custodians To Your PIA

Posted on December 28, 2020 by Meghan in Blog

Add Custodians To Your PIA

Congratulations! You have expanded your practice and recruited a new healthcare provider to your team. Now you also need to add a custodian your PIA.

To do this, you need to orientate the provider to your practice including the policies and procedures to protect the privacy, confidentiality, and security of the personal health information and inform the Office of the Information and Privacy Commissioner (OIPC).

When the new healthcare provider is a member of a regulated health profession as defined by the health privacy legislation in Alberta, the Health Information Act (HIA), the provider also has responsibilities as a custodian.

HIA Definitions:

Custodian

A health service provider; specifically, a member of the following regulated health professions: Optometrists, Opticians, Chiropractors, Midwives, Podiatrists, Denturists, Dentists and dental hygienists, Registered nurses, Pharmacists, and Physicians (and others).

Affiliate

An employee of a custodian or as designated by the custodian, for example medical office assistant, receptionist.

The incoming custodian must ensure that the reasonable safeguards to project the administrative, technical, and physical safeguards of the personal health information are implemented in the practice. This includes ensuring that they have reviewed the current privacy impact assessment (PIA).

The lead custodian also has an obligation under the Alberta Health Information Act (HIA) to inform the Office of the Information and Privacy Commissioner (OIPC) when there are changes to the organization management of the clinic.

How To Add Custodians To Your PIA

In Alberta, the lead custodian in a clinic must update their PIA regularly and inform the OIPC when there are significant changes to their PIA.

One common trigger for informing the OIPC is the addition of a custodian to the practice. Often, this PIA amendment can be as simple as a letter to the OIPC.

The lead custodian or privacy officer will prepare an amendment to the previously submitted Privacy Impact Assessment when new custodians join the practice. Often a letter to the OIPC signed by the lead custodian is sufficient.
The PIA amendment must include how the custodian has been made aware of the current PIA and how they are meeting their requirements to enter into an agreement with information managers as defined in the Health Information Act section 66.
The lead custodian will submit the PIA amendment to the OIPC for acceptance.
The new custodian must acknowledge that they have been informed of the Health Information Privacy and Security Policies and Procedures and the submitted PIA and agree to follow these practices. The new custodian will sign the letter to the OIPC and attach it to the PIA amendment from the lead custodian (in step #1 above) to the OIPC for acceptance.

Routine Onboarding Of New Employees

Before the new custodian is granted access to patient health information, your computer network, and your electronic medical record (EMR), you need to ensure that new custodians are aware of your Health Information Privacy and Security Policies and Procedures, PIAs, and information manager agreements, including the information management agreements with Alberta Netcare Portal, patient records management, EMR vendor, billing vendor, and/or others.

You should have a written policy and procedure ‘When a New Physician / Custodian Joins Your Practice’ to guide you when onboarding new custodians. The procedure should include the forms below and template letters to the OIPC. These templates are also available to members of Practice Management Success.

Do You Need Help With Your PIA?

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Top 3 Agreements Your Healthcare Practice MUST Have (and why)

What Is a PIA?

How Do You Declare as an Affiliate?

Podcast – Close, Move, Merge Your Practice | Episode #090

Alberta, amendment, custodian, dental, Health Information Act, medical clinic, OIPC, PIA, Privacy Impact Assessment

OIPC Annual Report

Posted on December 27, 2020 by Meghan in Blog

Alberta Office of the Information Privacy Commissioner Annual Report

Recently, the Alberta Office of the Information Privacy Commissioner (OIPC) released their Annual Report 2019/2020.

The report is from April 2019 to March 2020. This is the first full year of mandatory privacy breach reporting requirements in Alberta.

Because of the volume of the privacy breaches, the OIPC have now chosen to triage privacy breach reports. They are fast tracking any of those breaches where individuals have not yet been notified about that privacy breach or where there is a potential offense is suspected.

If you've submitted a privacy breach report to the commissioner's office and haven't heard from them yet, it may be because it's gone through this triage process and, if you have completed an internal investigation and notified affected individuals, your breach report has not been flagged as a high priority.

OIPC Investigations

The OIPC conducted investigations regarding offences under the Health Information Act (HIA), usually privacy beaches. In that time period, they forwarded 18 cases to the Special Prosecutions Branch of Alberta Justice for further investigation.

Privacy Breach Trends

There were some interesting privacy breach trends that were reported by the commissioner's office that were reported to them under the PIPA legislation, the Personal Information Protection Act. Of the cases that were reported to them, a hundred of them were all electronic systems compromises. So they have lost some security in the computer network system of some kind, either that was in their direct control or by a third party vendor.

Human error is still a large source of privacy breaches. This can include both misdirected communications, such as miss-sent snail mail, email, or faxes; and unauthorized disclosure, such as when health providers discuss health information with other providers not involved in the patient care.

There were also 20 incidences of theft that they noted in this report and it included rogue employees.

Snooping continues to be an issue, although the report did not provide numbers to go with that.

Ransomware is also a serious issue, one that the commissioner office predicts to continue, particularly in clinics who have a lack of technical security controls on their computer systems.

Social engineering, which is tricking someone into divulging information based on false pretenses and assumptions, is a significant danger in the healthcare industry.

Social Engineering Example

Somebody posed as a pharmacist and wrote emails to pharmacies in order to get information about a particular patient. The email reads like the patient traveled from one location to another location and the fraudulent pharmacist is asking their buddy pharmacists at the other location to provide some information.

This social engineering campaign was considered a significant threat and the college of pharmacists actually released an advisory to pharmacies to warn them of this social engineering attack.

This is a good word of caution for all of us is to not make assumptions just because somebody's email signature line says a pharmacist or other healthcare provider. We still need to make sure that we have verified the identity of that individual and not rely on that email signature alone.

You can download the report from the OIPC website. It provides a variety of other statistics and examples about investigations reports and privacy breach trends that may be of interest to you.

Download the OIPC Annual Report Here

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

4 Step Response Plan – Prevent Privacy Breach Pain On-line Webinar

5 Low Cost Steps You Can Take Now To Prevent Employee Snooping In Healthcare And Prevent Privacy Breach Pain

Snooping Conviction Earns 3 Years' Probation

Keeping Privacy Active in the Minds of Clinic Staff

3 Parts To Every Privacy Awareness Training Plan

What Healthcare Providers Need to Know About Computer Security and Standards

Health Information Act, medical clinic, OIPC, privacy and security, privacy breach

New Health Information Policy and Procedure Manuals!

Posted on November 23, 2020 by Meghan in Blog

Written Health Information Policies and Procedures

Most healthcare practices have good systems in place to properly collect, use, and disclose health information – but most practices don’t have these in writing!

Patients have the right to access their personal health information but yet frequently complain about long wait times and uncooperative front office staff when trying to request their personal information.

New staff members are hired and don’t receive clear written instructions on how to perform routine health information management tasks.

Why do these same problems repeatedly appear in practice audits and privacy complaints?

The most common reason that I see is incomplete, outdated or missing written policies and procedures! It doesn’t have to be this way.

I have seen how privacy compliance and patient satisfaction improves when practices have access to written templates. But templates and checklists alone are not enough!

You know your practice better than anyone else. When you customize standard policies and procedures to best reflect your practice, you develop strategies for your daily tasks.

And, when your team receives short on-demand video tutorials about the purpose of the policies and procedures and how it impacts patient care, the staff better understand and more consistently follow the policies and procedures.

That’s why I’ve developed the Health Information Privacy and Security Policies and Procedures Manual with templates and training to help you with your health information practice management and practice management. These policies and procedures have been implemented in hundreds of practices across Alberta and Canada.

I have consulted with medical, pharmacy, chiropractic, nursing, and nurse practitioners to create practical policies and procedures for them. Now, I’ve used these best practices as templates that you can use right away!

Now For Chiropractic and Nursing, Too!

Your healthcare practice needs a Health Information Policy and Procedure Manual. Written policies and procedures assist you to correctly, efficiently, and confidently collect, use, access, and disclose health information so that you can meet your accreditation, privacy impact assessment, and regulatory compliance requirements.

Starting with a template saves you time and money
Be privacy and security compliant
No special software to buy or learn
Use your existing MS Word and MS Excel office productivity software
One-time fee
On-line support
Available now!

Click the >> arrow to watch a short demo of the robust manual you can create quicker than you thought possible!

Different Policy and Procedure versions available for your specific type of healthcare practice

Medical Practice

Dental Practice

NEW!

Chiropractic Practice

NEW!

Nurse Practitioner Practice

NEW!

Registered Nurse Practice

Health Information Policy and Procedure Manuals ready for you now!

Step 1: Complete the questionnaire and download the templates

Step 2: Easily generate draft 24+ policies and 28+ procedures and forms using MS Word

Step 3: Edit the documents

Step 4: Video coaching and best practices for the policies and procedures and implementation tips

Step 5: Customize for your healthcare practice

Step 6: Video orientation for your employees

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them.

Show me the Policy and Procedure Templates!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies and Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

Do You Use Employee Privacy and Security Policy and Procedure Checklist Templates?

chiropractors, dentist, health information, Health Information Act, healthcare, medical clinic, Nurse Practitioners, Policies and procedures, policy, privacy and security, Privacy Impact Assessment, procedure, Registered Nurses, template

Do You Need An Expedited Netcare Privacy Impact Assessment?

Posted on November 6, 2020 by Meghan in Blog

What Is An Expedited Netcare Privacy Impact Assessment (PIA)?

A privacy impact assessment is a requirement of the Health Information Act (HIA) in Alberta. Alberta Netcare Portal (ANP) is a data repository of health information of Alberta residents. Many healthcare providers request access to the ANP to quickly access lab test results, text reports, and health insurance information to assist them to provide continuing care and treatment to their patients.

We know that privacy and security of health information is critical to the continued accuracy and completeness of health information for all patients. Alberta Health is the custodian of the ANP data repository. To ensure that everyone with access to the ANP also has accepted reasonable standards to protect the privacy, confidentiality, and security of health information, Alberta Health requires each healthcare provider to demonstrate that they have met these reasonable standards before being granted access to the ANP.

Community based healthcare providers who work in independent practices are also known as ‘custodians' as defined in the HIA. The custodians must submit a PIA to the Office of the Information and Privacy Commissioner (OIPC) for their review and acceptance. This PIA demonstrates the custodians' commitment to protect the privacy, confidentiality, and security of health information. Alberta Health and the OIPC have agreed to a streamlined process for healthcare providers and custodians to prepare, submit, and accept the ANP PIA so that healthcare providers can request access to the ANP.

We also know that technology and business practices change over time. It is a good business practice to review your PIA annually and update your risk assessment and mitigation strategies as needed. Updating your Health Information Privacy and Security Policies and Procedures and your PIA and submitting these to the OIPC is recommended best practice and a pre-requisite for continued access to the ANP.

Is It Time To Amend Your Privacy Impact Assessment?

Maybe you want to:

add a new digital health app or patient portal to make it easier for patients to book appointments with you, or
get access to Alberta Netcare Portal, or the CII or CPAR projects,
expedited Netcare Privacy Impact Assessment,
use the internet to get telehealth on-line consultations for your patients,
update your participating custodians and privacy officer, and
regular review to ensure that you are continuing to meet the requirements of the Health Information Act (HIA).

A PIA is a practical business tool in your healthcare practice.

A PIA is an important tool that you can use to help you with project management.

It will help you anticipate risks to the project before it starts and avoid serious problems, and wasted time and money.

The PIA process requires you to have written policies and procedures so that you can implement the project effectively and train your staff consistently.

Sometimes a PIA is a requirement of legislation. But it is always a best practice whenever you implement a project that includes personal health information.

I'd Like To Help You!

I’d like to help you with your Privacy Impact Assessment amendment. Click the button below for the next complimentary workshop!

Sign up for the complimentary workshop HERE!

If you are starting your new practice and need your first Privacy Impact Assessment, see our available consultation options here.

About Jean L. Eaton

Jean Eaton, BA Admin (Healthcare), CHIM, CC is the Practical Privacy Coach and Practice Management Mentor of Information Managers Ltd.

Jean is constructively obsessive about privacy, confidentiality, and security in healthcare.

She is an experienced leader in health information management. She has worked with multi-disciplinary health care service professionals in primary, acute, and tertiary care facilities across Canada.

Jean has successfully assisted primary care physicians, chiropractics, dentists, pharmacists, primary care networks, and other health care providers across Canada to develop privacy impact assessments (PIA) and office policies and procedures and training regarding the collection, use, and disclosure of health information.

You May Also Be Interested In:

“What is a Privacy Impact Assessment?”

Read the article and watch the short video now to take a look at what is a PIA, what will a PIA do for you, when you need a PIA, and what is the PIA process.

You can also listen to the Practice Management Nuggets podcast episode here.

“How Long Does it Take to do a New Privacy Impact Assessment?”

Ideally, you should start the Privacy Impact Assessment process 3- 6 months prior to your go-live date. Find out more by reading the article.

Alberta, amendment, expedited Netcare, PIA, privacy consultant, Privacy Impact Assessment

Who Is Doing The Recalls In Your Dental Practice?

Posted on October 30, 2020 by Meghan in Blog

Who Is Doing The Dental Recalls In Your Practice?

If you have an appointment schedule with a lot of openings, you might need a dental recall program.

If you don't have many recall appointments in your schedule, you might need a dental recall program.

If you want to add additional or your first dental hygienist, you might need a dental recall program.

If you have patients that haven't seen you for a long time, you might need a dental recall program.

What

Joanne Williams of U R DU Appointments is my guest on this episode of Practice Management Nuggets For Your Healthcare Practice!

She will share how a consistent dental recall program will help a dental practice improve dental care and increase your revenues.

Joanne Williams' #1 Tip to Dentists and Practice Managers

Be consistent with your patient recall program! Click to Tweet

My Favorite Takeaways From The Podcast

Joanne shared her extensive experience in the dental industry including these nuggets:

Don’t rely on digital automated dental recall system.
Patient management platform not just recall automation.
Expert tips on how to understand practice management software and statistics.
Don’t make this common mistake when assigning staff to implement a patient recall program!
A personal contact will maximize the patient recall success rates.

Featured Guest: Joanne Williams

PMN Guest Contact Joanne Williams 2 - ppt Slide

U R DU Appointments

Joanne Williams brings 20 years of experience managing a dental clinic in Calgary Alberta. Patient management within a digital environment is one of the strengths the U R DU appointment services. A good patient dental recall program is the heartbeat of the dental clinic.

From the moment she started her career in dentistry, Joanne Williams knew it would be an interesting and challenging one. With over 20 years of experience managing a dental clinic, she enjoys working and learning the management side of dentistry. After adapting to the introduction of technology to the industry and building systems for a new paperless environment, Joanne is ready to take on new challenges as a member of the U R DU team.

When not at work, Joanne retains her passion for communication and productivity. A passionate biker, gardener, and golfer, she is also a loving partner, mother, and grandmother. Outside of the office, there’s nothing she loves more than being out on the greens under a wide-open sky.

To find more, see https://urduappointments.ca/

Be sure to tune in to my interview with Joanne Williams

Who Is Doing The Recalls In Your Dental Practice | Episode #096

Listen To The Podcast Here

You may also be interested in:

Privacy Awareness in Healthcare Training: Dental Practices

Improved Communication, Improved Dental Business

#PracticeManagementNugget, dental, dental recall, dental recare, Joanne Williams, podcast, urdu appointments

5 Low Cost Steps You Can Take Now To Prevent Employee Snooping In Healthcare And Prevent Privacy Breach Pain

Posted on October 22, 2020 by Meghan in Blog

Healthcare Employers, Privacy Officers Need To Prevent Employee Snooping

Human curiosity, interpersonal conflicts, shaming or bullying or financial gains are common motivators for snooping. We seem to be hard-wired to want to peek into someone else’s personal and private information. Snooping is a violation of trust between our patients and the healthcare providers and the people who work for them.

We want our patients to trust us. We need the patients to share their personal information with us so that we can provide the appropriate health services to them. When healthcare providers and employees snoop in our patient’s information we destroy that trust with the patient. When one of our team members is snooping, it harms the effectiveness of our teams and damages morale in the clinic.

When employees are snooping in personal health information, it costs the employer time and money.

What Is Snooping?

Looking at someone’s personal information without having an authorized purpose to access that information to do your job is known as ‘snooping’.

Even when you are “just looking” at personal information but don’t share that information with anyone else, this is still a privacy breach.

It is illegal.

Snooping incidents are on the rise and can cost you time, money, heartache, and headache in your practice.

When there is an offence under the privacy legislation like the Health Information Act, there may be an investigation, charges and court appearances, fines, penalties, and loss of employment.

Snooping is entirely preventable. You can easily use the 5 low cost steps to prevent employee snooping in your healthcare practice.

How Can You Prevent Employee Snooping?

Let’s take a look at the pro-active steps that you can take today to prevent employee snooping.

Step 1. Be A Privacy Champion

The first step is to be a privacy champion. Everyone can be a privacy champion in your role in your practice. Make sure that you understand the legal and regulatory obligations about privacy and how it affects your health care practice and your patients is an important step.

In addition, each practice should have a named privacy officer who is responsible for the accountability and management of privacy compliance in your practice. In fact, simply having a named privacy officer increases the likeliness of spotting and responding to a privacy breach more quickly than a practice that does not have a privacy officer.

The privacy officer will also ensure that there are appropriate policies and procedures related to the correct collection, use, and disclosure of health information – and appropriate monitoring and enforcement when snooping is suspected.

Step 2. Train Privacy Awareness

Healthcare practices must provide privacy awareness training to all of their employees at their orientation and not rely on the assumption that the employees have learned about privacy awareness in their previous roles.

When the training includes examples of snooping and clear expectations about the potential consequences and sanctions, you have set the stage to define the culture that snooping is not acceptable. Unfortunately, there are many examples of snooping privacy breach incidents in the news. When you discuss these examples, you can increase privacy awareness and learn from someone else's privacy breach.

Use These Examples as part of your training to inform employees about the consequences of snooping
Snooping Conviction Earns 3 Years’ Probation
Recent Privacy Breach Convictions Under Alberta’s Health Information Act

Step 3. Reasonable Safeguards

Implementing reasonable safeguards makes it easier for people to do the right thing and avoid the temptation of snooping.

There are three types of safeguards.

Administrative. Written policies, procedures, training, and oaths of confidentiality are examples of administrative safeguards. When there are clear, written, expectations about privacy and confidentiality, including snooping, we are more likely to achieve positive privacy practices.

Technical. This often includes security related to computers. For example, making sure that we have role-based access to systems and personal health information supports the need to know principle. Computer networks and electronic medical record systems that have user management audit logging and enforce unique user ID are other examples about technical safeguards that allows us to prevent and monitor snooping incidents.

Physical. Restricted access to paper records, ensuring that documents are shredded appropriately are examples of physical safeguards that can prevent employee snooping.

Step 4. Monitor to Prevent Snooping

Knowing that their supervisor, co-worker, or privacy officer is observing their interactions with personal information may help to deter employees from snooping.

The supervisor or privacy officer may routinely monitor user audit logs of systems containing personal information to search for unusual activity or pro-active review of users looking up patient information with the same last name or access to VIP records.

Listen to the podcast, How AI Improves EMR Auditing | Episode #094 to learn about an easy way to perform user monitoring and quickly recognize risks from external bad actors and employee snooping incidents!

Step 5. Consequences When Employees Snoop

Well documented and implemented consequences is step 5 to prevent snooping incidents.

Written sanctions and discipline policy are required both as a deterrent to snooping and to facilitate the quick response to a privacy incident.

When proactive measures fail, consequences may be appropriate. The consequences need to be reasonable, consistent across all providers and employees, and fair to the circumstances.

Written sanctions and discipline policy are required both as a deterrent to snooping and to facilitate the quick response to a privacy incident.

Snooping is a privacy breach, and it will require investigation and reporting. Your written privacy breach policies, procedures and forms will help you to respond quickly to a snooping incident.

Sanctions might also be applied outside of the organization. When a privacy breach is reported to the OIPC or a privacy complaint is made to the OIPC, charges may be laid under the HIA.

Listen to the podcast, 5 Steps to Prevent Employee Snooping | Episode #097 to learn more about snooping and how to prevent it in your healthcare practice!

When we know better, we do better

Download the Practice Management Success Tip, ‘5 Steps To Prevent Employee Snooping'.

Share and discuss examples of snooping and your related policies and procedures to support privacy awareness in your practice.

The Practice Management Success Tip, 5 Steps to Prevent Employee Snooping, will help you

Take 5 practical steps to prevent employee snooping.
Provide clarity about what is considered a privacy breach.
Contribute to the health information privacy compliance in your healthcare practice.

Show Me The 5 Steps to Prevent Employee Snooping

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Snooping Conviction Earns 3 Years’ Probation

Keeping Privacy Active in the Minds of Clinic Staff

Not sure what is considered a privacy breach? See When is a Privacy Breach a Privacy Breach?

employee snooping, employee training, prevent employee snooping, privacy, privacy breach, privacy officer role and responsibility, reasonable safeguards

Why Medical Practices Will Have to Offer Telemedicine in the Future to Compete

Posted on September 22, 2020 by Meghan in Blog

Did you know – it's a myth that patients don't want to use telehealth!

When your practice has efficient processes and in-office practice is streamlined, then you are ready to embark on seeing patients with telemedicine. The COVID-19 pandemic has been the catalyst for growth in telemedicine, and it will be an essential tool for healthcare providers in the future.

Dr. Michael Greiwe, founder of OrthoLive and SpringHealthLive telemedicine platforms is my guest on this episode of Practice Management Nuggets For Your Healthcare Practice!

He’s going to share with us how to increase your practice revenue, efficiency and patient satisfaction with telemedicine!

Dr. Michael Greiwe's #1 Tip to Healthcare Providers, Clinic Managers, and Privacy Officers

90% of Patients Prefer Telemedicine over in-office visits. Click to Tweet

My Favorite Takeaways From The Podcast

Telemedicine is the next tool that is going to make the job easier for physicians and better for patients
It's a digital health misconception that patients don't want to use telehealth
Patient access is the beauty and power of telemedicine
Get your office processes in good working order so that you can confidently implement telehealth solutions

Featured Guest: Dr. Michael Greiwe

OrthoLive & SpringHealthLive

Michael Greiwe, M.D., is a surgeon by day and tech guru by night. He is a practicing orthopaedic surgeon with OrthoCincy, near Cincinnati, Ohio, and the founder of the OrthoLive and SpringHealthLive telemedicine platforms. The platforms allow medical practices to deliver telemedicine visits through real-time HIPAA compliant video conferencing between provider and patient – increasing practice revenue, efficiency and patient satisfaction.

Dr. Greiwe is a nationally recognized expert on how telemedicine technology is changing the practice of medicine. TV news stations and podcasts across America have interviewed him about the future of telemedicine, and how to use it to improve the patient experience.

He attended the University of Notre Dame, where he won the prestigious Knute Rockne Award for excellence in academics and athletics. He completed his orthopaedic surgery training at the University of Cincinnati Department of Orthopaedic Surgery and Sports Medicine. In 2010, Dr. Greiwe completed his fellowship in shoulder, elbow and sports medicine at Columbia University, training with the head team physician for the New York Yankees, Dr. Christopher Ahmad.

To find out more, see OrthoLive and SpringHealthLive.

Be sure to tune in to my interview with Dr. Michael Greiwe

Why Medical Practices Will Have to Offer Telemedicine in the Future to Compete | Episode #095

Listen To The Podcast Here

You may also be interested in:

Remote Working and Virtual Care Privacy Impact Assessment Templates

#PracticeManagementNugget, clinic manager, COVID-19, Dr. Michael Greiwe, healthcare, medical, OrthoLive, pandemic, patient experience, podcast, SpringHealthLive, telehealth, telemedicine

How To Make LinkedIn Work For You

Posted on August 17, 2020 by Meghan in Blog

Are you a clinic manager or healthcare provider who wants to build your network and re-fresh your professional connections so that you are better prepared for your next career move or, maybe, start or build your own business?

You have heard that LinkedIn is THE place to grow your career and your professional presence.

But are you wondering what the correct etiquette is, and the best practices for your LinkedIn profile?

Janice Porter knows the essentials to using LinkedIn that will make a big difference in improving your visibility and credibility – both crucial to prepare for your next job or move your healthcare practice towards profitability.

Janice will help you develop and use LinkedIn as a primary tool for bringing in new business.

Janice Porter is my guest expert on Practice Management Nuggets For Your Healthcare Practice.

Janice Porter's #1 Tip to Healthcare Providers

Keep your LinkedIn profile fully optimized! Click to Tweet

My Favorite Takeaways From The Podcast

LinkedIn is great for professional to professional connections
Keep your profile fully optimized – if someone searches your name, Google indexes LinkedIn so highly that your profile will be a top hit
First impressions are important! Make sure your profile is completed and professional
You need to have a LinkedIn profile for legitimacy
A professional headshot can improve your profile by over 93%
Be authentic
Create an optimized headline
Personalize your background
Be active and share content on your newsfeed
When you connect with people, write personalized messages
Make new connections
When you build connections online, always aim to bring the relationship offline (Zoom coffee calls are a great idea!)

Featured Guest: Janice Porter

Janice Porter & Associates

Janice is known as a master communicator, and her passion is specializing in working and teaching professionals online and offline networking and marketing strategies for attracting, developing, nurturing, and retaining relationships that enhance business growth and profitability.

Janice believes anyone in business or looking for a new position, needs to have a professional LinkedIn profile, and that LinkedIn is a powerful, under-utilized online platform for attracting new clients, new referral partners, or being found by recruiters.

Connecting like-minded people is one of her innate gifts, because she cares and deeply values each person in her network. It is with deep insight and a steadfast belief in relationship marketing that Janice makes the introductions, and only when she is knows it will be beneficial to both parties.

To find more from Janice, download 16 Steps To A Fully Optimized LinkedIn Profile.

Be sure to tune in to my interview with Janice Porter,

How To Make LinkedIn Work For You | Episode #092

Listen To The Podcast Here

#PracticeManagementNugget, healthcare, healthcare careers, Janice Porter, LinkedIn, networking, podcast, profile

Keeping Privacy Active in the Minds of Clinic Staff

Posted on August 10, 2020 by Meghan in Blog

As an employer and health care provider, you are responsible to provide training to all of your employees about privacy awareness. If you don’t provide the training, if the employees don’t understand the policies and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

Protect your organization and your patients. Equip your staff with the information they need to confidently and correctly handle personal health information. Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

How do you keep privacy active in the minds of your clinic staff?

Below are a number of simple, low-cost tips that you can use right away to build privacy awareness training in your practice.

Start a privacy awareness training program

The super-easy way to start a simple privacy awareness training program in your organization is to start with your Health Information Privacy and Security Policies and Procedures Manual. Take one policy or procedure a week or month, circulate it for review, and then circulate a short follow-up quiz specific to your organization.

If you circulate the quiz by email, depending on which email service you use, you may be able to use the built-in poll feature. You send out the question and in the poll, your team replies with the best answer. That way, you also build in a way to document that people received and responded to your quiz.

Listen to podcasts or watch YouTube videos on privacy awareness during a team meeting

Practice Management Nuggets For Your Healthcare Practice is a regular interview series with practice managers, healthcare providers, or trusted vendors who support healthcare practices. Topics include things you need to know to help you start, grow, fix, or maintain your healthcare practice. The events will be short – about 30 minutes – with nuggets of information that you can use right away. You can listen to these interviews as a podcast or watch them on YouTube.

Recent training topics have included:

Take a Privacy Awareness Training course as a team

Regular privacy awareness training protects patients, employees, and your business.

Privacy Awareness in Healthcare Online Training and Privacy Awareness in Health Care Training – Dental Practices are online courses offered by Corridor Interactive.

In the course best fit for your practice, you and your staff will learn:

Understand patient and client privacy rights.
Respect personal health information and your obligations.
Confidently and correctly handle personal health information.
Use reasonable safeguards to protect personal health information (PHI).
Recognize and respond to a privacy breach
Support key policies, procedures and risk management programs in your healthcare practice.

Become a Practice Management Success member

Practice Management Success is an online community with tips, tools, and templates you can use right away to start, grow, fix, or maintain your healthcare practice. Membership is open to all healthcare practices of any size. Members have access to online resources and networking and support from other clinic managers, practice managers, and healthcare providers in independent community practices!

When you are a member of Practice Management Success, you also have access to the Q&A With Jean training library.Use these privacy awareness training videos where you can select the topics that are of interest to your practice. Each Q&A recording includes training (usually 10-30 minutes), and most have training notes or resources that you can download and use right away.

Members also have access to Policy and Procedure Orientation For Your Employees training videos.

Subscribe to Privacy Nuggets Newsletter

Privacy Nuggets are posted on the Information Managers blog and also sent to you by email when you subscribe to the Privacy Nuggets newsletter. These articles explore recent privacy breaches and provide a training tip on how to prevent a similar breach from happening in your practice and tips on how to respond to a similar privacy breach incident. You are welcome to share the articles and emails with your team and use this as a training tool, too!

CyberSecurity Awareness Month

The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.

The overarching theme for Cybersecurity Awareness Month 2020 is “Do Your Part. #BeCyberSmart.” The theme empowers individuals and organizations to own their role in protecting their part of cyberspace, with a particular emphasis on the key message for 2020: “If you connect it, protect it.” If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone.

Information Managers Ltd has been a Cyber Security Champion for many years – and now you can, too!

Cyber Security Awareness Month was launched by the National Cyber Security Alliance (NCSA) & the U.S. Department of Homeland Security in October 2004. This US organization sponsors a multi-media resource campaign each October.

Become a Champion

You can become a Champion, too – and get direct access to all the resources.

Demonstrate to team the importance of cyber security at work.
Share with your patients – by posters in your practice, blog posts, or your email newsletters – and demonstrate that your practice is cyber aware and you want to share tips with them.
If you have team members who work remotely, work from home, use their own mobile devices, or use the internet to connect with apps and resources – give them additional skills to do their work as safely as possible.
Help your team members better manage their own personal information in their personal lives – good habits that will help them at work, too!

Becoming a Champion is easy and does not require any financial support. Become a Champion here https://staysafeonline.org/ncsam/champions/.

Throughout October, NCSA will focus on the following areas in our promotions and outreach. Partners are welcome to follow along with NCSA but also encouraged to create their own areas of focus relevant to their organization:

There is a #BeCyberSmart theme for each week in October.

October 1 and 2: Official kick-off for the month

Week of October 5 (Week 1): If You Connect It, Protect It

Week of October 12 (Week 2): Securing Devices at Home and Work

Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare

Week of October 26 (Week 4): The Future of Connected Devices

Watch for resources from Information Managers during Cyber Security Month.

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

#BeCyberSmart, cyber security, healthcare, privacy, privacy awareness in healthcare, privacy awareness training

Merging Your Healthcare Practice – PIA Considerations

Posted on August 3, 2020 by Meghan in Blog

Merging Your Healthcare Practice – PIA Considerations

Mergers and acquisitions and closing and consolidating are activities that healthcare practices undertake at various times in the life cycle of a business.

There are many reasons why a practice may consider buying or acquiring an existing healthcare practice.

You might be expanding your practice to rapidly expand the scope of your services, location, or space. Or you might be downsizing your practice. Or maybe you're merging multiple practices into one streamlined practice so you can better manage your profit margins.

You might be looking to diversify your services or, perhaps, create an area of super-specialty that will provide a competitive advantage for your healthcare practice.

You might be wanting to acquire skilled employees or healthcare providers that you couldn't recruit in your current circumstances.

You might be acquiring or consolidating real estate infrastructure, medical equipment or electronic medical records, computer networking, or perhaps the management team. Or you might be exploring opportunities for economies of scale or cost-cutting.

As a custodian (including physicians, pharmacists, dentists, chiropractors, nurse practitioners, optometrists, and more) you need to ensure that the patient's health information remains private and secure, and that patients have continued access to their health information.

Thinking about merging your healthcare practice? Important privacy impact assessment steps for you to consider. #PIA #Privacy #ProtectYourPractice Click to Tweet

5 Important Steps Before You Merge Or Close Your Healthcare Practice To Ensure Your Continued Privacy Compliance

Inventory All Your Existing Patient Records
Patient Records Systems
Agreements
Existing Documents
Privacy Impact Assessment Amendment Plan

Read the full article below!

Or listen to the podcast here

Inventory All Your Existing Patient Records

When you assume a new practice, you need to know where all the patient records are maintained. If you are closing your practice, you need to ensure the continued security and access of patient records to the patient.

To do this, you need to know which patient records are included in the practice. Create an inventory of the existing patient records.

Remember that you must meet the records retention period (which often is 10 years plus the age of majority) for all the patient records. Make sure that you are meeting the records retention periods and that you have correctly inventoried all of the patient records. This includes all locations and record types including paper, off-site storage, and records that have been backed up to an electronic drive or a separate memory device.

Include all types of patient records – including appointment records, appointment books or electronic scheduling software, billing records, paper records, diagnostic medical devices, electronic medical records and audit logs.

When you assume a new practice, you need to know where all the patient records are maintained.

Patient Records Systems

Make sure that you review all the existing patient record systems – electronic medical record, billing systems, records storage, etc. – and the associated termination clauses with the vendors. If you need to transfer the management of patient records between custodians or to a different system, you need to thoroughly explore the data migration and archiving options and the associated costs.

Remember, you must maintain the complete patient record – including the clinic notes, test results reporting, task management, internal messaging, and audit logs – for the entire retention period. Often, exporting a patient record to a PDF file format does not include the complete patient record. Instead, you may need to maintain a read-only version of the electronic medical record.

Agreements

Collect all the existing agreements between the custodians and the vendors and stakeholders with whom the custodian has authorized the collection, use, and disclosure of patients’ health information. This may include the EMR vendor, billing agent, custodians, Primary Care Network, and successor custodian agreements.

Existing Documents

Request a copy of the existing documents that support the business of managing the patient records, including the health information privacy and security policies and procedures and privacy impact assessments. This will help you to respond to inquiries about previous patient records management practices and assist you in preparing your next privacy impact assessment.

Privacy Impact Assessment Plan

Consider the history of the current practices and plan your new operations plan. Complete a risk assessment to ensure the appropriate reasonable safeguards of previous, current, and future patient health information. Then, complete a Privacy Impact Assessment and update the Health Information Management Privacy and Security Policies and Procedures. In Alberta, the Health Information Act (HIA) requires the custodian(s) to submit the Privacy Impact Assessment to the Office of the Information and Privacy Commissioner (OIPC) for review prior to implementing new practices.

If you want to know more about Privacy Impact Assessments with step by step instruction, training, and mentoring, register for the on-line training, Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments.

Related Resources

Watch these Practice Management Nuggets For Your Healthcare Practice Videos:

When You Close Your Healthcare Practice on YouTube
What to Consider Before Sub-Leasing on YouTube

Download:

Top 3 Agreements Your Healthcare Practice MUST Have (and Why)

healthcare practice, merging healthcare practice, PIA, privacy, Privacy Impact Assessment, protect your practice