Virtual Healthcare Privacy Lessons

Posted on January 14, 2022 by Jean Eaton in Blog No Comments

Virtual Healthcare Privacy Lessons

You've probably heard about the Office of the Information and Privacy Commissioner (OIPC) investigation report into Babylon Health. The investigation report provides privacy guidance for vendors of virtual health solutions and the healthcare providers who use the digital health solutions. This is a great demonstration on why it is so important to ensure that you have current information management agreements with your vendors. Jean Eaton shares tips to help you keep your vendor agreements current and explains why it is important to the protection of patient information and the reputation of your business.

The OIPC issued its findings and recommendations after investigating the Babylon by Telus Health app under HIA. There were eight findings and 11 recommendations made in this investigation.

The recommendations from the Babylon Health Investigation Report can be used to guide healthcare providers, clinic managers, privacy officers, and vendors to develop and implement virtual healthcare solutions in your practice.

In the Practice Management Nuggets Podcasts, Jean Eaton reviews the investigation report and offers practical suggestions that you can use regarding

• key criteria when reviewing (or preparing) your privacy impact assessment (PIA)
• policies, procedures
• information management agreements (IMA)
• privacy and security awareness training
• data storage outside of Alberta

Read the investigation report here: H2021-IR-01 Jul 29 2021Babylon Health Canada Limited et al

Listen To The Podcast

Lessons From The Babylon Telus Health OIPC Investigation Report | Episode #103

Expert tips with Jean L. Eaton on Practice Management Nuggets Podcast For Your Healthcare Practice.

Listen here: Practice Management Nuggets Podcast

Listen To The Podcast Here

If you need virtual care policies, procedures, sample consent notices, risk assessment, and do-it-yourself PIA templates, I can help you with that!

Virtual Care and Remote Working Privacy Impact Assessment on-line course.

PIA Templates for Remote Working and Virtual Care

#PracticeManagementNugget, podcast

Use These Reports To Improve Privacy Compliance

Posted on December 29, 2021 by Jean Eaton in Blog

Use These Reports To Improve Your Privacy Compliance

Investigation reports of privacy breach incidents helps to inform and update policies, procedures, and risk assessments can be used by privacy officers, clinic managers, and healthcare custodians to improve privacy compliance in their healthcare practice.

Recent publications by the Alberta Office of the Information and Privacy Commissioner (OIPC) and the College of Physicians and Surgeons of Alberta (CPSA) are great resources.

We can use these real-world examples to improve our current practices to protect the privacy, confidentiality, and security of personal health information and to protect personal health information from unauthorized access, use, disclosure, and loss.

Alberta OIPC Annual Report

In the Alberta OIPC Annual Report 2020-21, Jill Clayton, the Privacy Commissioner, noted that ‘this past year was a year like no other for access to information and protection of privacy in Alberta as the COVID-19 pandemic raised new challenges for regulated stakeholders and my office.’

Work from home mandates impacted how organizations responded to access to information requests and the security of personal information as employees shifted to remote work. The OIPC received over 150 privacy impact assessments (PIA) and notifications about the implementation of new virtual care (or telemedicine) projects.

Overall, the OIPC reports that there was a 31% increase in the number of PIAs that they had received over the previous years. The healthcare sector may not have applied the usual rigour to assess new virtual care solutions as has been previously applied to, for example, EMR implementation. The urgency of the pandemic may have triggered this weakness, but it's something that now we should be able to do better.

There were 930 breaches reported by health information custodians to the OIPC in 2020-21, representing a slight decrease from 2019-20 (938). There were four convictions under the Health Information Act (HIA) for unauthorized access to health information in 2020-21.

Download the Annual Report from the OIPC here

CPSA Virtual Care Standards of Care

The Alberta College of Physicians and Surgeons (CPSA) released on December 20, 2021, its updated Virtual Care Standards of Practice. This was previously released as telemedicine standards.

Download the CPSA Virtual Care Standards of Care here.

I want to highlight a few things that have changed and a few things that we should know about already. The standard provides clarity about physicians who can provide virtual care services for Albertans. A physician who has been licensed to practice and provide care in Alberta, with some exceptions. Other healthcare providers outside of Alberta should not be providing virtual care to residents of Alberta.

The standards also provide guidance on the procedures that a regulated member providing virtual care must follow, including Standard #8:

provide the patient with their name, location and licensure status during the initial virtual care encounter;
take reasonable steps to confirm the identity and location of the patient during each virtual care encounter;
confirm the patient’s physical setting is appropriate given the context of the encounter and ensure consent to proceed, in accordance with the Informed Consent standard of practice;
offer the patient the opportunity for in-person care; and
ensure there is a plan in place to manage adverse events or emergencies and make patients aware of appropriate steps to take in these instances.

The standards also remind physicians that prior to implementing new virtual care technologies or practices, that you must prepare a PIA. This applies even if you are ‘just’ using telephone to provide virtual care.

PIA Remote Working and Virtual Care Templates

Last year, Information Managers created a virtual care privacy impact assessment package which includes template policies, procedures, implementation tips, and privacy training. This follows the requirements from the standards from the CPSA and the HIA.

The PIA Remote Working and Virtual Care Templates provide you virtual care procedures, workflow, tips, and Privacy Impact Assessment templates that you can quickly and easily download and customize for your healthcare practice. The training provided will help you to assess privacy and security options to assist you to select the best technology solution for your needs. Then, use the Privacy Impact Assessment templates to document your decisions and submit to the OIPC.

Yes! I Want Virtual Care Templates

privacy compliance

How Long Does It Take to Do a PIA?

Posted on December 3, 2021 by Jean Eaton in Blog

Click the >> arrow above to play the video.

I’m opening my practice next month.

I just learned that I need to complete a Privacy Impact Assessment.

What do I do now?

Unfortunately, I hear this question far too often!

Here’s What You Need to Know About the Timelines Required to Complete a Privacy Impact Assessment

In the perfect world, you will start your PIA process about 6 months before you plan to open your practice.

You will start with developing the privacy and security policies and procedures.

Next, you will discuss with the EMR vendors, computer IT support vendors, and other stakeholders about your operational needs and ensure that the vendors can meet PIA requirements.

At this point, about 4 months before Go Live, you will start writing your Privacy Impact Assessment documents.

You will review and accept the Privacy Impact Assessment internally to your organization and ensure that each of the custodians have reviewed, understood, and accepted the Privacy Impact Assessment.

Then, you will submit the Privacy Impact Assessment to the Office of the Information and Privacy Commissioner (OIPC) about 3 months before your go-live date.

Start With Privacy and Security Policies and Procedures

If you are planning to open your healthcare practice soon or planning to implement a new project in your existing clinic, your first step is to review (or create) your privacy and security policies and procedures..

Templates make it easier to complete your policies and procedures. Make this fast and easy with our templates!

Guidance for Electronic Health Record Systems

To help you with your discussion of PIA requirements with your vendors, the OIPC has produced a document, “Guidance for Electronic Health Record Systems“.

This guide was developed to assess the safeguards in electronic health record (EHR) systems. Custodians and their EHR service providers may use this document to support a Privacy Impact Assessment on an EHR system, or to examine whether changes to a system comply with Health Information Act requirements. Published in June 2016.

This is intended to assist you to have a discussion with your vendors. The guidelines are not part of the PIA submission. The Guideline will help you to ask good questions with your vendors so that you can get good answers. You will include the answers to the questions in your PIA submission.

If you are currently looking for a vendor for your EMR, practice management system, computer network system or, perhaps, your billing system, these are the questions that you need to discuss with your vendor. Their answers will help to inform you and assist you in selecting good vendors for your practice.

If You Are a Vendor That Supports Healthcare Practices

If you are a vendor that supports healthcare practices, I encourage you to download the document, Guidance for Electronic Health Record Systems, and complete it from the perspective of your product or service even if your product isn't an EHR. Then, you can share the completed document with your prospective clients and custodians as a demonstration of your privacy and security practices and support your clients with their PIA submission.

Don't Wait!

If you haven’t done your PIA yet, you definitely need to get this completed. You need to have your policies and procedures completed and your PIA submitted to the OIPC for their review and acceptance before you open your new practice.

Want more content like this?

For more information about Privacy Impact Assessments, see

Click Here to Get More About PIA's

health care, healthcare, medical, plan a PIA, Privacy Impact Assessment, timeline

Do You Know Where Your Policies And Procedures Are?

Posted on November 15, 2021 by Jean Eaton in Blog

Do You Know Where Your Policies and Procedures Are?

This is a cautionary tale.

And it could save you a lot of embarrassment – even legal issues.

The way a healthcare provider collects, uses and discloses personal health information (PHI) is critical to an efficient healthcare practice.

It’s also required by legislation and professional college regulations and standards.

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed. Otherwise, you face all sorts of risks, including privacy breaches and other legal problems.

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed. #Policies Click to Tweet

Don't let this happen to you!

Everyone in a healthcare practice — including front office staff, wellness practitioners and physicians and other custodians — must be aware of and follow these policies and procedures.

These policies and procedures also become the foundation of your privacy impact assessment (PIA).

That’s why, in this Privacy Breach Nugget, we’ll review a privacy breach investigation report from Alberta's Office of the Information and Privacy Commissioner (OIPC). Whether you have a new practice, or an existing practice, we have a number of services and resources designed to help you manage your practice in a way that not only meets legal requirements, but is streamlined and efficient, and keep your information secure.

What Happened

This report started with an employee suspected of accessing health information for an unauthorized purpose.

It started with at the clinic with a conflict between the employees and the employer.

An employee (Employee A) was on leave from her position at the clinic. Her access to the electronic medical record (EMR) was suspended during her leave.

Employee A wanted to access patient information to support her dispute with management. Over two months, Employee A used Employee B’s credentials to access patient records.

This action is in contravention of the Health Information Act (HIA) sections 27 and 28.

This is where this case becomes even more convoluted and, in fact, a better case study of what not to do.

Employee Dispute

Understanding the Health Information Act

The Health Information Act (HIA) requires the custodian (the physician, in this case) to take reasonable steps to maintain administrative, technical, and physical safeguards to protect patient privacy as required by sections 60 and 63 of the HIA, and section 8 of the Health Information Regulation.

In November 2013, the clinic submitted a privacy impact assessment (PIA) to the OIPC prior to its implementation of an electronic medical record (EMR).

The PIA included written policies and procedures.

The letter to the OIPC accompanying the PIA was signed by two physicians, as well as Employee A who was the privacy officer at that time.

The physician named in the investigative report is not the current custodian at the clinic. The physician was hired in 2015 and therefore not a member of the clinic in 2013 and not involved in the initial PIA submission.

During the investigation, both employees indicated that the policies and procedures to protect patient privacy were in a binder in the clinic, but it was never used or shared with the staff.

Oaths of confidentiality may have been previously signed by the employees, but the documents could not be produced during the investigation.

Section 8 (6) of the Regulation states the ‘custodian must ensure its affiliates are aware of and adhere to all of the custodians administrative, technical, and physical safeguards in respect of health information.’

It’s common practice for clinics to require employees to sign confidentiality agreements and ensure that they receive patient privacy awareness training with regular updates.

But in this investigation, the employees said they never received privacy awareness training.

Privacy-Breach-Nugget-023-Policies-Procedure-Manual

Show Me Policy and Procedure Checklist

Access To Patient Information

The employees also stated it was common practice at this clinic for individuals to not log off of their EMR account on the computers at the reception desks. It was common practice for other employees to access an open session to quickly perform a task in the EMR.

The investigator concluded that the physician was in contravention of the HIA section 63(1) which requires custodians to establish or adopt policies and procedures that would facilitate the implementation of the Act and regulations.

These specific findings were made:

The custodian failed to ensure the clinic employees were made aware of and adhered to the safeguards put in place to protect health information in contradiction contravention of section 8(6) of the regulation.
The custodian was in contravention of section 8(6) of the regulation which requires custodians to ensure that their affiliates are aware of and adhere to all of the custodian’s administrative, technical, and physical safeguards with respect to health information. It’s important to note any collection use or disclosure of health information by an affiliate of a custodian is considered to be the collection, use, and disclosure by the custodian.
The custodian failed to ensure the employee and the other clinic staff adhered to technical safeguards as required by section 60 of the HIA and section 8(6) of the regulations.

Privacy Breach Nuggets You Need to Know

Privacy breaches are in the news every day. The more you know how breaches can affect you allows you to be more proactive to prevent privacy breach pain.

Get Your Privacy Documents In Order

To protect yourself and your practice from patient privacy breaches (and massive fines, see the conclusion to this article), follow these steps.

Find your policies and procedures and review them with all staff and custodians. Make sure you document that this has been done.
Review and update your privacy awareness training and ensure all staff, including custodians, have completed this recently. Make sure you have this documented, including certificates of attendance if available.
Oath of confidentiality documents should be signed by all of all clinic staff and custodians and maintained in a secure location.
Review your privacy impact assessment and ensure all of your current custodians have read this and understand it. Visit this post for more information to help you determine if you need a PIA amendment.

Monitor

This incident occurred in 2016. The OIPC office did not recommend any additional sanctions against the clinic, physicians, or employees.

To get templates of policies and procedures for your healthcare practice, be sure to sign up for the Practice Management Success Membership

New Amendments To The HIA

This case might have turned out differently today.

New amendments, as of 2018, provide a provision for fines under the HIA ranging from $2,000 to $200,000.

The public — and our patients — expect and trust us to make sure that their personal health information is kept secure and confidential.

It’s our responsibility to make sure we have these administrative, technical, and physical safeguards in place and are maintained in a consistent fashion.

When you've done the hard work to implement your patient privacy policies and procedures and your privacy impact assessment, make sure you continue your journey and keep these documents up-to-date and current. To help you, sign up for the Practice Management Success Membership.

There are many patient privacy breaches in the news each day, and you never know when it could happen to you.

The more you know about the breaches and how they can affect you allows you to be more proactive to prevent privacy breach pain. If you need to prepare your privacy breach management plan, start your on-line training 4-Step Response Plan right away!

If you need templates of policies and procedures for your healthcare practice, be sure to sign up for the Practice Management Success Membership. These tips, tools, templates, and training will help you save time and money to develop and maintain policies and procedures in your healthcare practice.

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

Click Here To Register for the FREE Training Video "Can You Spot the Privacy Breach?"

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

When Do You Need a PIA Amendment?

When is a Privacy Breach a Privacy Breach?

References and Resources

Alberta Office of the Information and Privacy Commissioner. Investigation Report H2019-IR-01 Investigation into alleged unauthorized accesses and disclosures of health information at Consort and District Medical Society Clinic. May 21, 2019. https://www.oipc.ab.ca/media/996888/H2019-IR-01.pdf

Alberta, clinic, custodian, health, Health Information Act, healthcare, HIA, medical, Patient privacy, physicians, Policies and procedures, Prevent privacy breaches, privacy, privacy breach, Privacy Impact Assessment, reasonable safeguards, templates

How To Make A Profit In Your Healthcare Business

Posted on September 13, 2021 by Jean Eaton in Blog

How To Make A Profit In Your Healthcare Business

Healthcare providers learn their skills at medical school, but don’t learn how to make their business profitable. One of the best ways you can serve your customers better is by having a more profitable business.

However, healthcare practitioners face unique pitfalls and business challenges. Many health professions naturally lend themselves to self-employment but often don’t receive training on entrepreneurship and how to start a healthcare business and especially the financial side having a profitable business. This can very quickly lead to feelings of stress and overwhelm which can cause otherwise skilled healthcare providers to leave their profession.

Many healthcare providers find that their job is physically demanding and, if their health requires them to work less for a period of time, they worry that they don’t have the financial resiliency to fund a reduced work schedule.

Independent healthcare practices often have small numbers of clinic staff who are expected to fulfill many roles. Clinic managers are often tasked with bookkeeping even when they haven’t received training to help them with that.

Consequently, many healthcare providers and business owners don’t have simple systems to manage the finances of their business and are making business decisions on wishes.

My Takeaways

Tammy Hyska’s personal experiences as the financial manager of her husbands’ chiropractic business and as an accountant to healthcare businesses in Alberta helps her to break things down for non-accounting people to understand without feeling overwhelmed.

On the most recent episode of Practice Management Nuggets podcast, I interviewed Tammy Hyska. Tammy shares practical tips for all practice owners, healthcare providers, and clinic managers who have an active role in managing the billing and the finances in the healthcare practice.

Tammy understands the common problems that healthcare providers experience when they manage their own business. She knows that people don’t train to be healthcare providers to have an excuse to do bookkeeping.

Instead, Tammy provides 5 practical tips to have a healthy business without becoming an accountant.

Have a separate business bank account and a separate personal bank account
Have a spending plan
Read Profit First by Mike Michalowicz
Use an accounting software
Avoid debt

Tammy Hyska's #1 Tip to Healthcare Practices

It's not what you MAKE but what you KEEP that matters! Click to Tweet

Listen To The Podcast

5 Critical Things Healthcare Practitioners Need To Have A Profitable Business | Episode #102. Expert tips with Tammy Hyska on Practice Management Nuggets Podcast For Your Healthcare Practice.

Listen here: Practice Management Nuggets Podcast

Listen To The Podcast Here

Featured Guest: Tammy Hyska

Tammy Hyska Can Help You Enjoy A Profit In Your Healthcare Business From Day #1!

Tammy Hyska will help you avoid money stress with these tips to set up the financial side of your business the right way with a simple strategy that will teach you just enough to have financial success without the overwhelm.

Get started right away with the free 5 Critical Things Healthcare Practitioners Need To Have A Profitable Business.

Download this free guide from Tammy here:

Download the free guide from Tammy here

Financial Confidence Formula

Then, check out the Financial Confidence Formula For Healthcare Practitioners training from Tammy Hyska. This is a complete system for operating a profitable business.

This course is ideal for new business owners and existing business owners and clinic managers who haven’t yet implemented the blueprint to a highly profitable business.

When you receive support to simplify and streamline the accounting side of things in your practice, you will reduce money stress.

Tammy will cover everything you need to get it right and avoid all the unnecessary pitfalls to make a profit in business.

Tammy Hyska, CPA, CA, has been a Chartered Accountant for over 20 years. As the Financial Freedom Coach in her independent consultancy, Tammy helps entrepreneurs have more profitable businesses. Tammy has in-depth understanding of health care businesses as her husband is a health care provider and Tammy helps her husband run the financial side of his practice. Tammy is passionate about helping small business owners have a more profitable business.

#PracticeManagementNugget, dental, dental business, healthcare, healthcare business, podcast

Zoom In Healthcare Is Easy!

Posted on September 12, 2021 by Meghan in Blog

Using Zoom in Healthcare is Here to Stay

In healthcare, it is important that patients trust you before they will share their personal information, listen to you, and before they will carry out your treatment recommendations.

In telemedicine, your patients need to be able to see your face, hear your voice in order to trust you.

When you appear confident on camera during telemedicine call this will build trust with your patient and remove distractions so that your patient better listens to your advice.

This on-line training will help you become more confident using Zoom for meetings, virtual care, and telemedicine.

The Communicate & Meet With Zoom in Your Healthcare Practice course will look at the basics of both joining and hosting a meeting, as well as the difference between the free and pro plan options.

Communicate and Meet with Zoom Training in Healthcare Video Cover

Communicate and Meet Using Zoom In Your Healthcare Practice

Online training

Are you using Zoom for your Telemedicine or Virtual Care Encounters? Build trust with your patients when you confidently use Zoom to Communicate and Meet.

Ideal for physicians, dentists, chiropractic, physio, optometry – every healthcare professional who use Zoom for telehealth, virtual care, or team meetings!

25 step-by-step videos to get started quickly and be successful with Zoom
Bonus downloadable Zoom instructions for patients
Bonus training: Easily Improve Your Video Conference Presence with Lauren Sergy
Bonus: Virtual Care Workflow
Bonus: Virtual Background templates and training

New to Zoom?

If you are new to Zoom, I suggest that you follow the on-screen videos step by step.

If you are familiar with Zoom, and just need to dig a little deeper into the advanced settings or have specific questions, you can select the training that would most help you.

Note: This training is not specific to Zoom Healthcare; however, many of the features are similar between the public and the Healthcare versions of Zoom.

The Practice Management Success Tip, Communicate and Meet Using Zoom In Your Healthcare Practice, will help you

Gain your patients' trust.
Communicate confidently on-camera with your patients and your employees.
Document your new virtual workflow process.
Present yourself professionally.

Show Me Communicate and Meet Using Zoom In Your Healthcare Practice

healthcare, healthcare business, medical, physician, small business, Social Media for the Small Healthcare Practice, telehealth, telemedicine, template, videoconferencing, virtual care, zoom

How to Manage a Privacy Breach with Confidence

Posted on August 31, 2021 by Jean Eaton in Blog, Services, Training, Upcoming events/workshops

How to Manage a Privacy Breach with Confidence

The new mandatory privacy breach notification provisions to the Health Information Act (HIA) effective August 31, 2018. Are YOUR policies and procedures up to date?

Custodians will be required to notify the Office of the Information and Privacy Commissioner (OIPC) and the Minister of Health, privacy breaches with risk of harm.

If you haven’t updated your privacy breach management policy, trained your staff, and prepared your reporting procedures yet, let me help you with done-for you templates and training!

If you're a healthcare practice manager, owner or privacy officer who really needs to know how to respond to a privacy breach but doesn't have a step-by-step plan ready to implement, then here's the answer you've been looking for…

Introducing the “4 Step Response Plan” on-line education with quick and helpful content so that you will properly manage a privacy breach. This is critical to the continued success of your business.

Privacy Incidents Happen!

60% of small and medium business owners go out of business within 6 months after a privacy and security breach. Patients, clients, employees and business partners trust you to keep their private and sensitive information confidential and secure.

Mandatory privacy breach reporting is quickly becoming a legislated requirement – and many businesses are not prepared!

Not recognizing and not notifying a privacy breach quickly and properly could result in fines and even jail time for the business, healthcare provider, employee, or vendor!

Learn NOW how to manage a privacy breach – Don’t get caught scrambling when a privacy breach happens.

The biggest mistake in managing a privacy breach is not recognizing the privacy breach.

The second biggest mistake is not knowing what to do about it.

Many healthcare practice managers, owners and privacy officers can’t get past the idea that simply hoping that you won’t have a privacy breach is not a good business strategy!

But nothing could be further from the truth!

What people are saying about the ‘4 Step Response Plan’

Well it happened! We recently had a privacy breach. It was an ‘oops’ but never the less a privacy breach. I had started the 4 Step Response Plan – Prevent Privacy Breach Pain but thought I had time to go through it. Unfortunately not. Your course has been a godsend with all the information and forms that I need to work through this privacy breach and notifying process. Nancy D

Results Oriented Learning

The 4 Step Response Plan will help you with prevent privacy breach pain and give you the tips, templates, training, and tools that you can use right away to prepare your privacy breach response plan.

Learn to

Recognize a privacy breach.
Understand why a privacy breach is a significant problem.
Understand the cost of a privacy breach and why you need to be prepared now.
Use the 4 Step Response Plan to develop a privacy breach management plan.
Prevent a privacy breach from happening again.

… and much, MUCH more!

When you have a privacy breach you must recognize the breach, contain it, notify the affected individuals, and prevent it from happening again. When you have this plan you will have confidence that you have identified and managed your areas of risk and dramatically reduce the risk of a privacy breach. Your staff will recognize a privacy breach early and respond quickly. You will manage the breach with minimum of risk to your patients, clients, and your practice.

In the world of privacy breaches ‘If’ has become ‘When’. Are you be ready?

The 4 Step Response Plan includes

6 interactive lessons
60 minute training webinar
Video introduction to each lesson
Template policies and procedure NEW! Updated Privacy Breach Management Policy
Scenarios and examples
Downloadable resources, checklists and templates New! Privacy Breach Reporting Form to make it easy for you to meet your notification requirements.

BONUS – Discussion Group (not Facebook!)

Exclusive to registered participants – collaboration with others to help you solve problems and Jean will be there to answer your questions and encourage your progress.

BONUS – Monthly Q&A With Jean

Monthly incident response training using recent real-world reported privacy breaches and mentoring with live Q&A with Jean to help you overcome obstacles so that you can get your privacy breach management plan finished!

BONUS – Privacy Breach Awareness Training for YOUR Employee’s Orientation

Video (8 min) – “Can You Spot the Privacy Breach?”
Learning Resources Guide to download
Post Test
Certificates of Completion

This on-line education program may be eligible for Continuing Professional Development credits with your professional association.

Self-paced And Self-learning – All Lessons Are Available Right Away – No Waiting To Get The Content That You Need Most!

Get Started Right Now!

Not having your privacy breach management policies and procedures in place will

make it harder to respond to a privacy breach
mis-steps – opens you up to fines, sanctions, and re-work that will cost you time and money
blind-sided by mandatory privacy breach reporting requirements

So if you’re a privacy officer, practice managers, healthcare providers, or a clinic manager who needs to know how to respond to a privacy breach but doesn't have a step-by-step plan ready to implement you need to act on this right now.

When you have your privacy breach response plan in place you will have confidence that you are prepared to respond to the breach with confidence.

Get the step-by-step help to customize your policies and training and

You will save time and save money.
Your staff will recognize a privacy breach early and respond quickly.
You will respond to the breach with a minimum of risk to your patients, clients, and your practice.

Click the Button Below to Get Started Right Away!

You will be re-directed to Stripe to make your purchase by credit card or debit.
Your receipt will indicate payment has been made to Information Managers Ltd.
Your confirmation and receipt will be provided to the email address that you complete your registration.
Use your best email address – you don't want to miss access to all the resources!

What people are saying about the ‘4 Step Response Plan’

Jean L. Eaton Your Practical Privacy Coach

Jean L. Eaton, BA. Admin (Healthcare) CHIM, CC is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal information, particularly in primary health care settings.

Jean provides solutions that are practical and effective for today’s healthcare providers so they can implement privacy by design and best practices to protect privacy, confidentiality, security of personal information.

Jean specializes in making practical recommendations for 1000’s of independent health care providers and comply with privacy legislation while improving efficiency in their practice management. Jean is a consultant and speaker on the topic of privacy breach management, including ‘virtual privacy officer’ on demand.

She is the privacy awareness training facilitator to hundreds of medical clinics and healthcare practices and organizations that support independent healthcare businesses and privacy officers across Canada and the US. With over twenty years of experience, I have the knowledge and tools to help your business improve your information privacy practices.

I’m delighted to share this with you now in this course.

So go ahead, click the order button right now and you're well on your way to privacy breach management plan success!

Here Is My Personal Guarantee

Email Jean with your questions.

4 Step Response Plan, incident response, online education, prevent privacy breach pain, privacy breach, privacy officer training, training

Healthcare Privacy Breach Training

Posted on August 11, 2021 by Jean Eaton in Blog

Learn From Someone Else's Privacy Breach!

Using privacy breach examples from other healthcare practices makes realistic privacy breach training content to prevent them from happening in your clinic!

The cost of a data breach continues to rise, and healthcare is the costliest industry, according to IBM’s Cost of Data Breach Report 2021.

This report indicates that the average cost of a data breach including personally identifying information (PII) is

$180 per record containing PII
Assuming that a family practice physician has a panel size of 2,000 patients, the cost of a privacy breach could be $180 x 2,000 = $360,000
If you work in a group practice with 4 physicians and all of your patient records were included in the privacy breach, this could cost your practice up to $1.4 M

Privacy breach notification requirements are changing, and so are the fines if your practice is in violation of privacy legislation in Canada like the Alberta Health Information Act (HIA) and the Ontario Personal Health Information Protection Act (PHIPA).

In this free 60-minute workshop, Jean will share recent privacy breach examples in healthcare and discuss how to prevent them from happening in your clinic.

Who Should Attend the Privacy Breach Training?

Everyone in your medical, dental, chiropractic, podiatry, practice should attend this workshop. This is a great orientation for new employees and a timely refresher for everyone else.

I believe that practical privacy breach training is a reasonable safeguard to protect patient information and the reputation of the healthcare providers and the clinic.

Make this a lunch and learn event!

Confidently Respond to a Privacy Breach…You'll Sleep Better at Night!

Privacy incidents happen!

60% of small and medium business owners go out of business within 6 months after a privacy and security breach.

Patients, clients, employees and business partners trust you to keep their private and sensitive information confidential and secure.

Not recognizing and not notifying a privacy breach quickly and properly could result in fines and even jail time for the business, healthcare provider, employee, or vendor!

The Biggest Mistake In Managing A Privacy Breach

The biggest mistake in managing a privacy breach is not recognizing the privacy breach.

biggest mistake privacy breach training head in sand

Your Practical Privacy Coach has prepared this FREE 60-minute workshop with recent privacy breach examples to help you spot a privacy breach in your healthcare practice!

Use these privacy breach examples to

improve your privacy management program and prevent similar incidents
prepare your privacy incident response plan so that you can quickly spot and stop a similar privacy breach in your practice
reduce privacy breach costs, harm to patients, loss of reputation
train your team and privacy officer

Join us on Thursday, August 19th, 2021

12 Noon MT

Learn From Someone Else’s Privacy Breach Workshop

Register for Your FREE LIVE Workshop

In the world of privacy breaches ‘If' has become ‘When'. Will you be ready?

If you want to confidently and properly manage a privacy breach, start by attending this workshop. If you need to create or update your privacy breach incident response plan, check out the 4 Step Response Plan on-demand training, too.

This Workshop Includes:

Live webinar
Q&A with Jean L. Eaton, Your Practical Privacy Coach when you join the webinar live
Access to the replay for a limited time
PDF cheat sheets
BONUS – Privacy Breach Awareness Training for YOUR employee's orientation. Includes Video – “Can You Spot the Privacy Breach?”, Learning Guide, Post Test, and Certificates of Completion

This webinar may be eligible for Continuing Professional Development credits with your professional association.

Jean L. Eaton, BA Admin (Healthcare), CHIM, CC is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal information, particularly in primary health care settings.

So go ahead, register right now before it is too late!

Health Information Act, prevent a privacy breach, privacy breach, respond to a privacy breach

Sharing Your Vaccine Status – Privacy Tips

Posted on July 19, 2021 by Meghan in Blog

Sharing Your Vaccine Status – Risks and Benefits

For the safety of yourself and others, schools, employers, or event organizers may ask you for proof of vaccination against the COVID-19 virus. It is your right to decide if you share your personal information with others.

Your personal health information can be misused to access services, apply for credit cards using your name, or other fraudulent purposes.

Throughout the pandemic, each of us have had to make decisions about our health safety and the risks and benefits of our actions. You can apply a similar risk and benefit approach to decide if, when and how you share your vaccine status.

Why Share?

Consider the purpose of providing your vaccine status.

Are you giving this information to a physician or nurse for your health care?

Before attending a concert or football game?

Is it a pre-requisite before you can attend school or a sports program?

You may also need to consider the benefit of sharing your vaccine status. If you want to travel out of country, a vaccine passport may be required for international travel purposes.

Protect your gold – your personally identifiable information.

If you decide to share your vaccine status:

provide the least amount of information needed.
know and trust the person (or the app) that you are sharing your information with. Remember, read the privacy policy!
understand how your information will be used.

Don't Overshare

Sometimes, answering the question ‘Is your vaccine up-to-date?’ is good enough. You don't always need to share your date of birth, family physician, and health care number, too.

You may be asked to show your proof of vaccine status, but don’t allow the casual requester to make a copy of the vaccination report. (There are some exceptions. Sometimes, you may need to share the information with your healthcare provider or a government official).

Instead, the requester can make a simple notation on their records that you were asked about your vaccine status, and you showed an appropriate proof of vaccination. (See the blog post How To Correctly Identify Patients And Use Photo ID for tips on how to implement this practice in your business).

If You Are Collecting Vaccine Status

If you are a business owner who is collecting personal information like a vaccine status, remember that you must follow the appropriate privacy legislation. In Alberta, private businesses must follow Personal Information Privacy Act (PIPA) legislation.

See the advice document from the Alberta Office of the Information and Privacy Commissioner (OIPC) regarding the reasonable purpose to collect personal information and your responsibilities to keep the information secure.

How Do You Get Your Vaccine Report?

Most often, you will receive a paper confirmation from the healthcare provider at the time that you receive your first and second vaccine dose. In Alberta, you can also download your vaccine record from MyHealth Record, the Personal Health Record for Albertans to access some of their health information, such as lab results, medications, and immunizations drawn from Alberta Netcare.

I shared a short video here to show you how you can register for your own personal account. Some other provinces have a similar provincial electronic health record that individuals can access their own health information.

Keep It Safe

You will probably need to refer to your vaccine status often over the next few years. Keep this information safe and easy to retrieve.

Take reasonable steps to protect your information so that other people can't easily view or take your information without your permission. Will you keep your information in:

paper format?
your wallet or purse?
as a photo on your phone?
- If so, also consider how you will share the photo. If you give your phone to someone to hold and view the photo of your vaccine status or passport, they may also use the access to your phone for other purposes.
upload your vaccine status to a digital app?

Evaluate the Risks and Benefits

Remember to ask yourself why you need to share the information and evaluate the risks and the benefits. It's your information, and you get to decide if, when, and how to share your vaccine status. Take the time that you need to ask the right questions and make an informed choice.

After you share your information, it’s too late to take it back.

Instead, be prepared to respond to a request for your vaccine status with these privacy tips to protect your personal health information.

COVID-19, digital vaccine passport, personal health information, privacy, proof of vaccination, vaccine status

Release Of Information In Your Healthcare Practice

Posted on July 13, 2021 by Meghan in Blog

Release Of Information In Your Healthcare Practice

Individuals have the right to access information about themselves and to request that their information be shared to others. We have a duty to assist individuals when they make these requests. Custodians have an obligation to receive and process these release of information requests promptly, consistently and correctly.

How we respond to patients request about their personal information is a key opportunity to further develop a relationship with our patients and their family.

Access and disclosure processes are regulated requirements that we must understand and follow.

Release of Information Workshop

In this 45-minute workshop, we will review:

Health privacy legislation as it relates to consent to collect personal information
Procedures for access and disclosure requests
Release of Information models, including centralized and decentralized models
Release of Information tools, including disclosure logs and EMR indexing
What is valid consent?
What are disclosure notations?

We will also go over common Release of Information scenarios that you will likely encounter in your healthcare practice, including:

Patient requests a copy of their own information
Parent requests a copy of their young child’s information
Patient requests a copy of their information to be sent to another physician / healthcare provider
Patient requests a copy of their information to be sent to someone else

Join us on Thursday, July 22

12:00pm Noon Mountain

Release of Information For Your Healthcare Practice

Register for Your FREE LIVE* Workshop

*Even if you can't attend live, register now to get access to the limited time replay and resources!

Yes! I want to attend the workshop

Learning Objectives:

Understand the difference between access and disclosure requests
Describe the difference between access and disclosure requests
Explain the routine steps to process an access request
Explain the routine steps to process a disclosure request

This Workshop Includes:

Live on-line training
Q&A with Jean Eaton, Your Practical Privacy Coach when you join the webinar live
Access to the replay for a limited time
Learning Resources Guide

What's in the Learning Resources Guide?

Collection notices
Access request / consent
Authorization to request information from another physician
Access checklist
Disclosure checklist

Yes! I want to attend the workshop

Who Should Attend?

If you collect health information from your patients you need consistent, efficient, procedures to provide patients access to their own information and disclose it to other people with the patients’ consent.

If you are a release of information clerk, medical office assistant, receptionist, clinic manager, or privacy officer in a community based healthcare practices – medical, dental, pharmacy, optician, chiropractic, physiotherapy, counselling – then you should register for this free live workshop!

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

disclosure requests, healthcare, patient access requests, patient release of information, privacy officer, release of information

1 2 3 ›»