Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Do You Need a PIA for Remote Working or Virtual Care?

Posted on March 31, 2020 by Meghan in Blog No Comments

If your healthcare practice is implementing remote working or virtual healthcare, you need to notify the OIPC.

Health information is sensitive information. Reasonable efforts must be made to ensure that identifying and sensitive information is protected from unauthorized access, loss, or damage during and outside work hours. What a custodian may consider is reasonable efforts during a pandemic may be different than reasonable efforts from normal circumstances.

In Alberta, section 64 of the Health Information Act (HIA) requires custodians to prepare a privacy impact assessment (PIA) and submit it to the Office of the Information and Privacy Commissioner (OIPC) of Alberta prior to implementing a new administrative or technical process in a healthcare practice.

The OIPC in Alberta requests in its notice of March 19, 2020, that custodians notify the Commissioner about new administrative practices or information systems.

How Do I Notify The OIPC?

Step 1: If you have implemented, or plan to soon implement remote working, virtual care or other administrative or technical changes in response to the COVID-19 pandemic, send an email to the OIPC to inform them, in general terms, about your plans.

Step 2: As soon as possible, submit a project specific Privacy Impact Assessment to the OIPC.

To help you get started with Step 1, I have prepared a sample email that you can use.

Yes, send me the Sample Email to the OIPC!

Not sure if remote working is right for your healthcare practice?

Check out the The Practice Management Success Tip, Remote Worker Privacy and Security Checklist, will help you:

  • Determine if remote working is appropriate for your employees.
  • Identify what clinic / business resources need to be provided to the employee remote worker.
  • What reasonable safeguards need to be implemented to protect the privacy, confidentiality, and security of personal (health) information.

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

What Should I Do If I Think I Have COVID-19?

Do You Know Where Your Policies and Procedures Are? 

Is Remote Working a Good Choice for Your Healthcare Practice?

Notice of Collection for Telemedicine and Virtual Health

 

healthcare, medical, OIPC, pandemic, physician, PIA, remote working, risk assessment, virtual healthcare, work from home

Notice of Collection for Telemedicine and Virtual Health

Posted on March 26, 2020 by Meghan in Blog No Comments

     
Grab your Practice Management Success Tip and also receive the audio file for the Notice of Collection

If you are using telemedicine or virtual health, you still need to provide a notice of collection of personal information.

The Advice to the Profession series from the College of Physicians and Surgeons of Alberta (CPSA) offers guidance documents to assist you in assessing the security risks and safeguards of electronic communications, such as telemedicine or virtual health.



From the College of Physicians and Surgeons of Alberta (CPSA):

COVID-19: Virtual Care

Electronic Communications & Security of Mobile Devices

Standard of Practice Telemedicine

Along with helping you the assess the appropriate safeguards you need to take to protect the privacy and confidentiality of personal health information, the CPSA Advice also advises healthcare practices to ensure they have the consent of patients before providing virtual healthcare. 

The collection notice is important to ensure the privacy rights of patients. But the notice is rather wordy to say before every virtual health encounter with your patients.

How can I ensure consent?

I've made it easier for you. I've recorded an audio file that you can download and save to your cell phone. Play the audio notice of collection at the start of each telephone or video call to properly inform the patient before the consult.

When you download the Practice Management Success Tip, Remote Working Privacy and Security Checklist, you will receive an email with a link to the audio file.

I hope that the checklist and the audio file will help you to make good business decisions and, if this is the right fit for you, help you to provide virtual health to your patients.

Download The Remote Worker Privacy and Security Checklist

The Practice Management Success Tip, Remote Worker Privacy and Security Checklist, will help you

  • Determine if remote working is appropriate for your employees.
  • Identify what clinic / business resources need to be provided to the employee remote worker.
  • What reasonable safeguards need to be implemented to protect the privacy, confidentiality, and security of personal (health) information.

And get the Collection Notice audio for FREE.

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

What Should I Do If I Think I Have COVID-19?

Do You Know Where Your Policies and Procedures Are? 

 

healthcare, medical, notice of collection, pandemic, physician, remote working, risk assessment, work from home

Is Remote Working A Good Choice For Your Healthcare Practice?

Posted on March 23, 2020 by Jean Eaton in Blog No Comments

In our healthcare practices, we have policies and procedures to identify the reasonable safeguards we need to take to protect personal and health information entrusted to us. But when employees complete their roles off-site, due to personal circumstances or to ensure business continuity in unusual situations, we need to take action to ensure reasonable safeguards are in place to protect the privacy, confidentiality, and security of personal health information.

Remote Work May Be Available To Employees

Working from home is at the sole discretion of the custodian and owner of the clinic. Examples when this may be applicable include:

  • Business continuity – due to technical, physical, or other unusual circumstances.
  • Work levelling – volumes of work are distributed to another location usually for a short duration.
  • Illness / personal circumstances – where an employee is unable to report to work at the clinic but can continue to complete their roles off-site.

Some administrative tasks in a healthcare office – for example, incoming phone calls, appointment booking, appointment reminders, billing, and/or transcription – could be done from a home office environment. Sometimes even follow-up and consultations from the healthcare provider can be done remotely, too.

The healthcare provider or custodian is ultimately responsible to ensure the secure collection, use, and disclosure of health information.

For the purposes of this article, the ‘custodian’ may be the healthcare provider defined by the HIA, or the lead healthcare provider or owner in your practice.

p

In Alberta, a ‘custodian’ is defined under the Health Information Act as a health services provider who is designated in the regulations as a custodian, or who is within a class of health services providers that is designated in the regulations. HIA section 1(1)(f)(ix)

This includes:

  • Physicians
  • Pharmacists
  • Optometrists
  • Opticians
  • Chiropractors
  • Midwives
  • Podiatrists
  • Denturists
  • Dentists and dental hygienists
  • Registered nurses

Is Remote Working Good for Your Business?

As the custodian, you must decide if remote working is a good option for your business. When you decide that this is a viable option for your business, you then need to: 

  • Determine if remote working is appropriate for your employees.
  • Identify what clinic / business resources need to be provided to the employee remote worker.
  • What reasonable safeguards need to be implemented to protect the privacy, confidentiality, and security of personal (health) information.

Likely you will continue to have both on-site and remote workers. The custodian will decide what ratio is appropriate to provide patient care and business goals on both a short term and a long term basis.

Regulations, Standards, Policy

Each healthcare business has multiple sources of sensitive information, including employee, financial, business, and health information. Custodians and owners have a responsibility under a variety of regulations, professional practice standards, and internal policies to protect the privacy, confidentiality, and security of personally identifying information (PII).

Health information is sensitive information. Reasonable efforts must be made to ensure that identifying and sensitive information is protected from unauthorized access, loss, or damage during and outside work hours. What a custodian may consider is reasonable efforts during a pandemic may be different than reasonable efforts from normal circumstances.

During a public health crisis, privacy laws still apply, but they are not a barrier to appropriate information sharing.

Privacy Impact Assessments

In Alberta, section 64 of the Health Information Act (HIA) requires custodians to prepare a privacy impact assessment (PIA) and submit it to the Office of the Information and Privacy Commissioner (OIPC) of Alberta prior to implementing a new administrative or technical process in a healthcare practice.

The OIPC in Alberta requests in its notice of March 19, 2020, that custodians notify the Commissioner about new administrative practices or information systems. Your submission to the OIPC should include a description of what the new program is meant to achieve and any safeguards for health information.

Standards

Your professional college may also have standards of practice and recommendations that impact your decision to implement remote working or virtual healthcare.

The Advice to the Profession series from the College of Physicians and Surgeons of Alberta (CPSA) offers guidance documents to assist you in assessing the security risks and safeguards of electronic communications, including laptops and mobile devices, to further assist you to determine appropriate safeguards.



From the College of Physicians and Surgeons of Alberta (CPSA):

COVID-19: Virtual Care

Electronic Communications & Security of Mobile Devices

Standard of Practice Telemedicine

Review Your Current Policies and Procedures

Don’t cut corners. Instead, build privacy into your decision. Create, review, and update your policies and procedures.

Use the Remote Worker Privacy and Security Checklist to help you document your decisions and expectations with eligible employees.

You may also need to consult your information technology support providers to ensure up-to-date computer and network security has been implemented.

Virtual Healthcare

Healthcare providers may consider providing virtual healthcare services to their patients. The healthcare provider may be at their usual clinic or office location and use all of their existing systems and tools to access patient records in paper or electronic medical records (EMR).

Alternatively, the healthcare provider may be working remotely, too. The same privacy, confidentiality, and security safeguards applies to their home working location.

If you are choosing to implement a new virtual healthcare solution specifically to respond to the current public health emergency, the Office of the Information and Privacy Commissioner (OIPC) of Alberta advises that

“ . . .custodian[s] need to determine what are reasonable safeguards in the circumstances and be prepared to justify their decision. Health custodians should also ensure individuals are aware of any heightened risks to privacy as a result of a new administrative practice or information system being implemented.”

Remember, you can leverage existing technology – like the telephone – to keep in touch with your patients. This likely would not be considered a new administrative or technological practice that would require a PIA. This might also be a great time to fully implement your current patient portal functionality from your EMR vendor, too.

You may decide, based on your evaluation of the potential risks and what reasonable safeguards that you can quickly implement in response to the new public health emergency, that authorizing remote working or a new videoconferencing solution is not the best choice at this time.

Select the process that ensures continuity of care to the patient, including appropriate documentation in the patient record and the protection of the PII.

​Reference

Notice: PIAs During Public Health Emergency, March 19, 2020, Office of the Information and Privacy Commissioner (OIPC) of Alberta

The Practice Management Success Tip, Remote Worker Privacy and Security Checklist, will help you

  • Determine if remote working is appropriate for your employees.
  • Identify what clinic / business resources need to be provided to the employee remote worker.
  • What reasonable safeguards need to be implemented to protect the privacy, confidentiality, and security of personal (health) information.
Show Me The Remote Worker Privacy and Security Checklist

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

What Should I Do If I Think I Have COVID-19?

Do You Know Where Your Policies and Procedures Are? 

 

assessment, healthcare, medical, pandemic, physician, remote working, risk assessment, template, work from home

What Should I Do If I Think I Have COVID-19?

Posted on March 10, 2020 by Jean Eaton in Blog

Symptom Check

If you have symptoms such as fever, cough and difficulty breathing and have traveled outside Canada or have been exposed to someone who has COVID-19, stay home and, if you are in Alberta, call Health Link 811 (Dial 811 or MyHealth.Alberta.ca)

Click the >> arrow to play the video.

     

 

The symptoms of COVID-19 are fever, dry cough or other cold or influenza-like symptoms. Use this online screening tool to determine whether you need to call 811 to get tested.

New! COVID-19 SELF-ASSESSMENT

 

AHS Covid-19 Self Assessment

If you are not seriously ill, do not go to a physician’s office, a health care facility or a lab without consulting with Health Link 811 first.

Call 911 if you are seriously ill and need immediate medical attention and inform them that you may have COVID-19.

Check out FAQs for Public from Alberta Health Services.

How To Encourage Positive Communication

Our troubling times can cause anxiety at home and at work.

Lauren Sergy of Up Front Communication offers tips to create a better communication environment to keep things a little bit more positive and focused.

Listen to her tips here: How to Encourage Positive Communication During COVID-19 Outbreak . . . or Other Difficult Times.

Help Your Neighbours

My friend has created a simple way to help us care for our neighbours even while we are practicing social distancing.  Create a postcard or note which can be left in neighbour's mailboxes with your personal message of support and offer to assist.

When we each share this with our neighbours, we show that we care for each other.

Click here to download this postcard template – no signup required!

stick figure heart

coronavirus, COVID-10, Lauren Sergy

3 Parts to Every Privacy Awareness Training Plan

Posted on February 19, 2020 by Jean Eaton in Blog, Clinic Manager / Privacy Officer, Employee, Established Practice, New Practice, Services

Reasonable Safeguards – the Myth

You may have heard the myth that the Health Information Act (HIA) is a big scary thing that will interrupt your routine, rob you of countless billable hours, impact all of your staff, turn your office inside out, and change the way that you run your entire business!

Myth Buster

The HIA provides structure and framework for reasonable safeguards that apply to any healthcare business.

One of the requirements of reasonable safeguards includes having a privacy awareness training plan.

     
Privacy Awareness Training

 

Privacy Awareness Training

Your Privacy Awareness Training Plan should include learning objectives throughout the year, including

  • Orientation – Standardized training curriculum provided to everyone in you healthcare practice at the time of employment. This is often included during a new employee’s orientation period.
  • Specific – Privacy training that is more detailed and specific to the roles and responsibilities of that individual’s job in your healthcare practice. There may also be specific training when new software, technology, or procedures are introduced anytime throughout the employment.
  • Reward – Keep privacy awareness top of mind all year long. Recognize and reward when individuals follow privacy principles that also add value to your client satisfaction or business efficiency.

It is reasonable to expect regular privacy awareness training, especially at orientation, and a formal review annually.

What a Privacy Awareness Training Plan Can Do For You

When you implement regular privacy awareness training, you will see:

  • Privacy and security expectations clearly communicated among your team.
  • Team members demonstrate their commitment to privacy, confidentiality, security of personal health information.
  • Efficient practices that protect the privacy and save you time and money
  • Team members confidently and correctly handle personal health information using reasonable safeguards

Are You a Myth-Buster?

You can be a myth-buster, too, and implement privacy awareness training in your healthcare practice.

You can easily implement reasonable safeguards and meet HIA requirements to ensure privacy, confidentiality, and security of health information that saves you time, frustration and money.

If you need a little help, I have written a practical privacy awareness training course designed for the community health care practice. This is ideal for orientation of new employees and a refresher for the rest of us.

Privacy Awareness in Healthcare: Essentials

Understand basic health care privacy principles and how to handle personal information, use safeguards, and recognize and report a privacy breach.

Ideal for community-based health care professionals and staff, direct care providers, or anyone working with a health care or social services organization.

An effective privacy compliance program promotes organizational adherence to the Health Information Act (HIA), Personal Information Protection Act (PIPA) Alberta, Personal Health Information Protection Act (PHIPA) Ontario and the Personal Information Protection of Electronic Documents Act (PIPEDA) requirements. A compliance program is your first line of defense to promote the prevention of criminal conduct, and enforce government rules and regulations, while providing quality care to patients. All three training products help protect practices against privacy and security breaches, improper payments, fraud and abuse, and other potential liability areas through education.

Canadian Health Care Privacy Training Solutions

Corridor’s online training makes it easy for health care organizations to comply with provincial and federal legislation that mandates regular privacy training for all health care providers, staff, and vendors.

Select the training that best fits your needs:

Privacy Awareness in Health Care Training – Canada includes detailed resources for each province and territory with key terminology and links to applicable privacy legislation. Resources are provided for our ten provinces: Alberta, British Columbia, Manitoba, New Brunswick, Newfoundland & Labrador, Nova Scotia, Ontario, Prince Edward Island, Quebec, Saskatchewan, and three territories: Northwest Territories, Nunavut and Yukon. This new product is ideal for both organizations and vendors who provide health care services or have health care clients in more than one province.

Privacy Awareness in Health Care Training – Alberta includes the mandatory privacy breach notification amendments to the Health Information Act (HIA).

Privacy Awareness in Health Care Training – Ontario specifically covers all legislation and rules specific to the province of Ontario including the Personal Health Information Protection Act (PHIPA).

Refresher: Privacy Awareness in Health Care – Alberta is a quiz-based review of Corridor’s full Privacy Awareness course. The Refresher starts with an initial quiz to assess knowledge on the topics and information covered in the full course. Based on the quiz results, one or more of eight Refresher topic quizzes must be completed, each focusing on a specific subject area. The Refresher also includes access to the original course content.

 

Privacy Awareness in Healthcare: Essentials

Grab your on-line course from Information Managers and Corridor Interactive

for just $30 per individual 3 month subscription now!

Click Here to Grab Your On-Line Privacy Awareness Course Now!
Alberta, Canada, Corridor Interactive, Health Information Act, Ontario, Personal Health Information Protection Act (PHIPA), PHIPA, PIPEDA, privacy awareness training, reasonable safeguards

Why You Need To Get The Right Agreements With Your Vendors

Posted on February 4, 2020 by Jean Eaton in Blog

Donna Grindle knows having a business arrangement agreement between a healthcare provider and their business associate is very important in defining clearly the responsibilities of both parties.  

But, many healthcare providers, business owners, and vendors don’t get this right!

Donna shares her observations on the HIPAA violations trends from the United States so that healthcare providers and vendors in Canada can prevent similar experiences and avoid massive fines and penalties.

Donna Grindle is my guest expert on Practice Management Nuggets For Your Healthcare Practice.

Donna Grindle's #1 Tip to healthcare providers and vendors

Don’t assume. Ask questions!Click to Tweet

My Favorite Takeaways From The Podcast

  • Healthcare privacy and security regulations are more similar than different.
  • Educate as many people as possible about the importance of privacy and cybersecurity.
  • Don't assume that you don't have to ask questions.
  • Privacy is a civil right.
  • Under HIPAA, any business that provides a service to covered entities (healthcare providers) that requires them to have access to protected health information is then considered a business associate (BA).
  • BA's are separately and equally liable to protect patient information.
  • You must have a written agreement between your vendors and your healthcare providers that describes how you will protect patient health information. If you disclose personal information without a written agreement, you are breaking the law.
  • BAA / IMA must include liability clause.
  • Tips: Healthcare Provider Selecting A Vendor
  • Tips: Vendor Selecting A Healthcare Client
  • Cybersecurity insurance

Featured Guest: Donna Grindle

Image ladyFounder & CEO Kardon and
Co-Host Help Me With HIPAA Podcast

Donna brings over 30 years experience in healthcare IT which is the solid foundation of Kardon’s HIPAA privacy and security consulting. Donna stays busy with speaking engagements, the weekly Help Me With HIPAA podcast, and managing a business with a growing client list. Donna’s sense of humor and southern charm spills out into everything she does.

Be sure to tune in to my interview with Donna Grindle,

What Healthcare Practices Should Know About Vendor Vetting And Accountability | Episode #085

Listen To The Podcast Here
#PracticeManagementNugget, BAA, business associate agreement, Donna Grindle, healthcare, HIA, HIPAA, IMA, information manager agreement, podcast, privacy compliance, vendor vetting

PIPEDA Mandatory Privacy Breach Notification

Posted on January 19, 2020 by Jean Eaton in Blog

Organizations subject to PIPEDA are required to report to the OPC any breaches of security safeguards involving personal information that pose a risk of significant harm to the individuals.

PIPEDA

PIPEDA is a Canadian federal law that sets out the rules for the collection, use and disclosure of personal information in the course of those commercial activities. PIPEDA outlines the 10 Fair Information Privacy Principles that businesses must follow regardless of their size. Organizations need to know privacy rules and make sure that you have the appropriate safeguards implemented in your business.

 

Does PIPEDA Apply To You?

image of map of Canada

PIPEDA applies to most businesses across Canada, excepting Quebec, British Columbia, and Alberta. These provinces have their own private sector laws that are substantially similar to PIPEDA.

But even in those provinces, PIPEDA covers federally regulated industries like transportation, telecommunications and banking. In addition, all businesses that operate in Canada and handles personal information that crosses provincial or national borders are subject to PIPEDA, regardless of which province or territory that they're based in. All businesses in the three territories also fall under PIPEDA.

In Alberta, we have privacy legislation called the Health Information Act (HIA) that takes precedence over PIPEDA and Alberta's Personal Information Protection Act, (PIPA). If a business, like a physician's office, has a privacy breach which includes health information, then the custodian of the physician office must report the privacy breach following the HIA regulations. If employee information or other non-health information is included in the breach then that triggers privacy breach notification under PIPA. Sometimes, a breach can include both types of information and the physician office must notify under each legislation.

In BC, the Personal Information Protection Act (PIPA) is BC's private sector privacy law that has also been deemed substantially similar to the federal private sector privacy law. BC does not have health information specific privacy legislation, so PIPA applies to private organizations in BC, including physician practices, and governs how the personal information about patients, employees and volunteers may be collected, used and disclosed.

If you are a business in Canada, for example, an electronic medical records (EMR) business and you have a data center in Canada where all of your clients across Canada provide their information and store it in your data center, the EMR vendor likely falls under the PIPEDA regulations.

The vendor may be responsive to other legislation as well. If you are an EMR vendor, you do not directly comply with the HIA in Alberta because that applies only to custodians. However, as an information manager of a custodian under the HIA, you have some obligations under the HIA in the event of a privacy breach. But that does not mean that you don't also have obligations under PIPEDA.

 

What Is Included In Personal Information?

image file folders

Personal information is more than just a name or an address. It's data about an identifiable individual that can, by itself or combined with other information, identify a person. It could be a person's age, ethnicity, medical information, credit card number or even an income level. It might also include their Internet Protocol (IP) address or their website or email information.

Regular surveys done by the Office of the Privacy Commissioner of Canada says that small businesses tend to be less aware of their privacy responsibilities than larger organizations. In 2017, 65% of large organizations with more than 100 employees indicated that they were privacy aware. But only 43% of small businesses indicated that they were privacy aware. Smaller companies may not have dedicated compliance officers or privacy officers, and they may not have a sense of privacy knowledge.

The compliance challenge for smaller organizations is made more difficult by the limited human and sometimes the financial resources available to them and the gap on the knowledge about the privacy obligations.

Lack of awareness can potentially lead to complaints about your business, which has an impact on your business's reputation.

 

Privacy Breach

A privacy breach occurs when there is an unauthorized access to or the collection, use, disclosure, our disposal of personal information. There are many things that could qualify as a privacy breach. If you have a financial transaction that includes clients’ information and now is publicly available on your website, that's a privacy breach. If you have somebody in your organization who has access to personally identifying information as part of their job, but they use it for some purpose other than their job, that's snooping, and that is a privacy breach.

There are many examples about what is a privacy breach, but any time that you view, use, or disclose without aauthorization is considered a privacy breach.

Privacy breaches also have a negative impact to our business because it takes time and resources to manage a privacy breach, and it has a huge impact to the reputation of an organization.

 

Privacy Breach Notification

image timeline

The November 2018 PIPEDA mandatory privacy breach notification regulations requires you to know where all of your personally identifiable information sources are and know the safeguards implemented to protect the data.

Then, you need to monitor the data to identify any breaches. If there is a breach of those security safeguards, you need to record all breaches. So even if there is a breach of a safeguard that nobody has exploited, you still need to record that you have identified that there is a potential risk and what you've done to be able to manage that risk and prevent that from happening again.

Next, you need to determine the risk of significant harm, or ROSH. (more about this later.)

The risk of harm test that identifies what information had been included in the breach and the type of harm that could happen to that individual as a result of the breach. When it reaches that ROSH threshold, then you need to notify the Office of the Privacy Commissioner of Canada office. Or, if you are in BC, Alberta or Quebec, you need to report that to the provincial privacy commissioner.

You also need to notify other people about that privacy breach.

You probably need to notify your clients. If you are an EMR vendor or another vendor that's providing a service to healthcare providers, you need to notify them about the breach.

As an example, if you are an EMR vendor that has been breached–perhaps a security compromise or hack into your data centre–you have a responsibility to notify the healthcare providers who collected the personal information. The EMR vendor must also report the privacy breach to the Office of the Privacy Commissioner.

You might also have an obligation to notify the individuals that have been affected by that breach. In your information manager agreement in Alberta, you should have clear written expectations about whether or not a vendor should notify the patients directly about a privacy breach or if the custodian or the health care provider is going to assume that responsibility. This is an important detail that you need to identify in your information manager agreement.

Also see the Practice Management Success Tip Top 3 Agreements Your Healthcare Practice Must Have (And Why) from Information Managers at https://InformationManagers.ca/top-3 for more on information management agreements (IMA.)

 

ROSH

image lady with paper

The risk of significant harm (ROSH) is a framework for assessing the risk to the individual as a result of the breach of individually identifying information. Adopt and use a framework for your organization to assist you to quickly and consistently assess a breach for ROSH.

If there is personally identifying information included in the breach, we can assume that the information is sensitive information to the individual. Generally, I recommend a default that if individually identifiable information is included in the breach, then assess that there is a significant risk of harm to the individual.

The circumstances of a breach may make the information more or less likely to be used maliciously. For example, additional questions that you may want to consider include how did the breach occur? How likely is it that someone would be harmed by the breach? Who actually accessed or could have accessed that personal information? How long has that personal information been exposed? Is there evidence of malicious intent, like hacking? Or was it a theft? Or did somebody intentionally tried to use that information and use it in a very covert way? Were a number of pieces of personal information breached therefore, increasing the risk of misuse? Is the breached information in the hands of an individual that represents a reputation to the risk of that individual or themselves? Or, was the information exposed to a limited, known number of entities who have committed to destroy and not disclosed the data.

 

Privacy Is Good For Business

image people in business

As always, good privacy is good for business. Poor privacy protection can damage your company's reputation and cut into your profit margin. When your practice proactive privacy, you enjoy the confidence and trust of your customers. Canadians tell us that the more they trust a company, the more likely they are to do business with it. Getting privacy right is your opportunity to demonstrate that you deserve their trust and their business.

Remember that one of the fair information principles is accountability. At the end of the day, you are responsible for protecting the personal information that you have collected.

 

Reference: Privacy and your business: An introduction to the Personal Information Protection and Electronic Documents Act. Office of the Privacy Commissioner of Canada. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/pipeda-compliance-and-training-tools/pp_bus/

Privacy Management Program

Build privacy protections into everything you do is a business. Having clear policies and procedures for the collection, use and disclosure of personal information is of vital importance for your business.

 

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

How to Manage a Privacy Breach with Confidence

The 4 Step Response Plan will help you with prevent privacy breach pain and give you the tips, templates, training, and tools that you can use right away to prepare your privacy breach response plan:

In the world of privacy breaches ‘If’ has become ‘When’. Will you be ready?

The best way to do this is by developing a privacy management program that covers all aspects of how you handle personal information. The 4 Step Response Plan will help your organization be prepared to prevent privacy breach pain. 

Click here for more information on the on-line 4 Step Response Plan course available now!

image

 

 

Learn How To Manage A Privacy Breach With Confidence
#PracticeManagementNugget, Canada, healthcare, mandatory notification, mandatory privacy breach notification, personal information protection electronic documents act, PIPEDA, podcast, privacy breach

Data Privacy Day 2020 Events And Resources for You!

Posted on January 14, 2020 by Jean Eaton in Blog

Data Privacy Day is an internationally recognized day dedicated to creating awareness about the importance of privacy and protecting personal information.

Information Managers Ltd is a Data Privacy Champion!

As a DPD Champion, Information Managers recognizes and supports the principle that organizations, businesses, and government all share the responsibility to be conscientious stewards of data by respecting privacy, safeguarding data and enabling trust.

“Each of us is responsible to manage our name and our identity. When you share your personal information, you have the right and responsibility to ask the person or business why they need the information and how they will protect your personal information.”

 Jean L. Eaton, Your Practical Privacy Coach of Information Managers Ltd.

Data Privacy Day Activities

Understanding Mandatory Privacy Breach Notification

To celebrate Data Privacy Day, Information Managers is hosting a free 30-minute webinar on Tuesday January 28, 2020.

Mandatory Privacy Breach Reporting is here!

Do you know how this will affect your healthcare practice?

. . then this free webinar is for you!

If you are a custodian–including physicians, pharmacists, optometrists, dentists, dental hygienists, chiropractors,  nurse practitioners, podiatrists, midwives, optometrists, opticians, and more!–as defined by Alberta's Health Information Act, then  . . then this free webinar is for you!

What you need to know about mandatory privacy breach notification!

In this Free Webinar, Jean L. Eaton, Your Practical Privacy Coach will explain

  • what is a privacy breach
  • why a privacy breach is a significant problem
  • why have mandatory privacy breach notification
  • lessons learned in the first year of mandatory notification
  • offence and penalty provisions of the HIA
  • privacy breach notification requirements
  • what you need to do now

Click Here to Register for the Free Webinar

Data Privacy Day Tip: How expensive is a privacy breach?

This tool from AlexioCorp quickly helps an office see the potential cost of a data breach.

Please use and share!!

button link

Privacy Protection In The Pink Seat with
Dr. Angela Mulrooney & Jean Eaton

While privacy is not technology driven, the lack of privacy, perhaps, is impacted by technology.

Many dental practices are overwhelmed with creating and implementing privacy and security policies and procedures and how to prepare a privacy impact assessment.

Angela and I discussed practical privacy tips for your dental practice to help reduce the overwhelm.

These tips apply to all types of healthcare practices.

“Talk Shop – Protect Your Business from Information Breaches”

Jean Eaton is a guest on Lauren Sergy’s “Talk Shop” YouTube channel.

Talk Shop learn from industry experts to be a better communicator in work and in life hosted by @lsergy. Privacy tips for business owners just in time for Data Privacy Day!

Talk Shop learn from industry experts to be a better communicator in work and in life hosted by Lauren Sergy!

 

 

I Heart Privacy!

Just in time for Data Privacy Day!

Print badges for your team.

I heart privacy Right-Click the image and select ‘Save As' to download and insert the image into your favourite templates to make badges or stickers or labels.

 

 

 

 

 

 

Or, use the done-for-you sheet of labels that you can print right away and slip into badge holders or print to stickers or labels.

I Heart Privacy DPD Badges      I Heart Privacy Badges

You can even customize the labels and add your business name!

 

Follow Us On Social Media!

Each day from Jan 22 – 28, we will have for daily privacy tips, and free links to additional resources on our social media accounts that you can download right away! Follow us!

Twitter

 

Stay Safe Online

For more information about how to get involved in Data Privacy Day and the Champions program, visit https://staysafeonline.org/data-privacy-day. You can also follow the campaign on Twitter at @DataPrivacyDay or Facebook at https://www.facebook.com/DataPrivacyNCSA and use the official hashtag #PrivacyAware to join the conversation.

Please use the social share buttons to share these Data Privacy Day activities with your friends and colleagues.

#DataPrivacyDay, #PrivacyAware, Data Privacy Day, Data Privacy Day Champion, Data Privacy Day Edmonton, healthcare

The Future Of Privacy Virtual Summit

Posted on January 7, 2020 by Jean Eaton in Blog

Discover why privacy, protecting personal information and securing critical data assets are priorities for business leaders in 2020.

I'm tickled pink to be presenting ‘Privacy of Health Information, an IFHIMA Global Perspective’ with Lorraine Fernandes at Bright Talk’s upcoming Data Security and Privacy Virtual Summit. All professionals with an interest in Data Security and Privacy are welcome!

The increasingly mobile, rapidly digitizing world of data is transforming all aspects of information and leading to new policies and regulations to support data privacy.

Beyond its primary purpose of improving personal healthcare outcomes, health data is being used for a wide range of purposes from improving population health, disease surveillance and the study of health economics. There are dramatic changes in how patients, consumers, or individuals access and use their health data. And, new technologies such as machine learning, artificial intelligence and biometric authentication are further compounding health information privacy challenges. Now more than ever, it is critical that the privacy of health information be protected.

Lorraine Fernandes and Jean L. Eaton will share:

  • The role of The International Federation of Health Information Management Associations (IFHIMA)
  • The need for a privacy information sharing agreement (ISA) explored in the IFHIMA healthcare whitepaper
  • High level overview of global privacy trends impacting healthcare
  • Why privacy is a priority for business leaders in 2020
  • The importance of a privacy management program and privacy awareness training to protect personal information and secure critical data assets
  • Prepare for emerging privacy trends

Register here (https://ifhima.org/sign-up-for-ifhima-global-news-whitepaper-and-events/) to receive this free white paper and learn more about IFHIMA.

Join BrightTALK’s upcoming virtual summit for a global, three-day online event.

Register for free thought leadership from the world’s top speakers, vendors and evangelists in the form of live webinars, panel discussions, keynote presentations and webcam videos. From Data Protection Officers, to CISOs and CTOs, all professionals with an interest in Data Security and Privacy are welcome!

Register To Attend Bright Talks' Free Virtual Summit

Three Virtual Summit Tracks

The 2020 Compliance Landscape – January 21, 2020 Learn what’s needed to achieve and maintain your CCPA, GDPR, PCI and HIPAA compliance.

The Future of Privacy – January 22, 2020 Discover why privacy, protecting personal information and securing critical data assets are priorities for business leaders in 2020.

Data Security Done Right – January 23, 2020  Find out how to improve security from the ground up and what’s needed for building security-by-design.

#IFHIMA, Bright Talk, privacy, virtual summit

Top 3 Practice Management Nuggets Blogs and Podcasts in 2019

Posted on January 2, 2020 by Jean Eaton in Blog

I wish you a prosperous New Year and personal and professional growth.

Practice Management Nuggets blog posts and podcasts is designed to help you achieve that. I started this in January 2014. We’ve grown over the years and improved the technology and platforms to better help you start, grow, and improve your healthcare practice. I help you to manage the pink elephant in the room!

Over the last year, you have made these blog posts and podcasts rank in the top 3 for 2019. If you missed these, or want to re-visit them, follow the links below.

Check out these top 3 Practice Management Nuggets blog posts and podcasts.Click to Tweet

Here Are The 3 Best Blog Posts And Podcasts Of 2019

Top 3 Blogs 

Recent Privacy Breach Convictions Under Alberta’s Health Information Act

Curiosity Is NOT Need-To-Know

The Top 3 Agreements Your Healthcare Practice MUST Have (and Why)

 

Top 3 Practice Management Nuggets Podcasts For Your Healthcare Practice

Privacy Awareness Quiz #PrivacyMatters | Episode #076

How Improved Patient Satisfaction Saves You Time And Money | Episode #074

Fax Received in Error – Is this a Notifiable Privacy Breach? | Episode #067

Stay tuned for more guest experts, tips, tools, templates and training in 2020!

blog, healthcare, podcast, privacy
123›»

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

Well it happened! We recently had a privacy breach. It was an ‘oops’ but never the less a privacy breach. I had started the 4 Step Response Plan - Prevent Privacy Breach Pain but thought I had time to go through it. Unfortunately not. Your course has been a godsend with all the information and forms that I need to work through this privacy breach and notifying process.

- Nancy D.

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2020 Information Managers Ltd.