Safeguards: The What, Why, and How

Posted on July 14, 2019 by Meghan Davenport in Blog No Comments

Guest Blog Post by Tamara Beitel

Health Information Management Student, Centre for Distance Education, May 2015

Picture this, the reception room of the clinic was clean and organized, the patients were happy as they were quickly seen by an efficient, positive and qualified healthcare team. This is what happens when the clinic has taken the time to design their safeguards.

What are safeguards? Why are they important to you? How do you implement these safeguards into your clinic/office?

These are important questions to consider when thinking about safeguards. Implementing safeguards will make your clients/patients feel more confident that their personal information is safe. They will be more willing to share their information.

Why should you safeguard health information?

It is important to safeguard health information to protect your business, your reputation, and helps employees understand privacy, security and confidentiality. When your clients/patients see that you are actively making sure that their personal information is safe, they feel more confident in sharing that information knowing it will be protected.

What are safeguards?

There are three types of safeguards to use in maintaining the privacy and confidentiality of health information in your clinic.

Administrative safeguards are the policies and procedures and other written documents. Policies and procedures direct staff to properly access patient information, privacy training for staff, monitoring the policies and procedures, dealing with receiving and responding to privacy complaints and inquiries, and dealing with transferring, retaining and destroying personal information contained on electronic devices.

There is privacy breach management to help prevent or in case of a breach what the procedure is in dealing with the breach. In the blog, When is a privacy breach a privacy breach?, it discusses the repercussions of not implementing breach policies and also discusses the legislation that is in place to safeguard personal information from breaches. It is important to acknowledge when a breach has occurred, that you have taken the proper steps to address the breach, and have learned from the breach so as not to repeat the same mistakes.

Examples of Policies and Procedures:

Signed oaths of confidentiality for all affiliates
Screens should be private and not viewable from public areas
Prohibit disclosure of patient diagnostic, treatment and care information over the phone, even to an individual who claims to be the patient

Technical Safeguards are controls that protect and control access to personally identifiable and health information. Technical safeguards include electronic devices, surveillance cameras, security systems, and telephone systems. Let’s focus on electronic health information and computer networks for example.

Audits of the security and computer systems are vital to maintain privacy and security of personal information. Through audits you can enforce compliance of the policies and procedures and see where changes, if any, are needed. It helps the staff to be aware of the importance in protecting the client/patient personal information. They see that there are consequences for not following policies and procedures.

You should also be aware of the risks from external threats. These include:

identity theft
loss of information
information shared with unauthorized individuals
Some examples of external threats are: malware (malicious software, designed to infiltrate or damage a computer system), spyware (a type of malware that collects information, such as key loggers), and irresponsible use of the Internet

Mitigation strategies include:

regular training and refreshers on privacy and security
IT professionals reassess any software/hardware additions/changes

Examples of technical safeguards in electronic medical records (EMRs) are:

Strong passwords
Encryption of data
Using role-based access to limit access to health information to a need to know basis (user-based access rights ((secure)), role-based rights ((more secure)) and context-based rights ((most secure))

Physical Safeguards are the physical measures used to protect electronic health information from unauthorized access. This includes precautions to prevent break-ins, theft of computers and files, unauthorized access to personal information, applying physical barriers and control procedures against threats to personal information, and policies and procedures on locking up at night, computer etiquette, and office set up (how and where computers, fax machines etc. are set up).

Examples of physical safeguards are:

Limiting access to the building, clinic and storage areas
Alarms and security cameras, doors and locks, lighting
Placing fax machines and printers out of sight and reach of public areas

Safeguards Next Steps

All three of the safeguards should be used in conjunction with each other. The use of these safeguards will help protect your client/patient information from breach, identity theft, loss and unauthorized access. You have the power to make the clinic/office safe from threats to security, privacy and confidentiality. Your clients/patients will know that you have taken all reasonable steps to ensure that their personal information has been protected and appreciate it. It is beneficial to your clinic to review all of your safeguard measures with staff and have regular audits, reviews, updates to the policies and procedures, systems, and security of the clinic. There are many self-assessment tools available from the Privacy Commissioners in the provinces and from the federal government. See the resources below.

About the author: Tamara Beitel has successfully completed the Health Information Management Diploma at Centre for Distance Education, she is currently preparing to challenge the National Certification Exam in July 2015. Tamara is looking forward to work as a Certified Health Information Management (CHIM) professional in the area of policy and privacy protection in the Calgary area.

Resources

Privacy Awareness Training– Corridor Interactive – Privacy Awareness in Healthcare: Essentials

Jean Eaton, When is privacy breach a privacy breach? https://informationmanagers.ca/privacy-breach-privacy-breach/

Office of the Information and Privacy Commissioner of Alberta

Office of the Privacy Commissioner of Canada

best practice, clinic management, good security practices, privacy, privacy breach, Safeguards, security

When is a Privacy Breach a Privacy Breach?

Posted on July 13, 2019 by Jean Eaton in Blog No Comments

The biggest mistake in managing a privacy breach is not recognizing the privacy breach.

The second biggest mistake is not knowing what to do about it.

The recent publicity about the privacy breach in Alberta when a laptop with health information was stolen and came to the public's attention several months later is not the first news item of its kind. In fact, this happens frequently in healthcare, retail, government departments and other industries. This doesn't make it any easier to swallow and certainly doesn't make it right. But this is an opportunity for you, healthcare provider or practice manager, and vendor to make sure that you have good practices in place to manage your next privacy breach.

Health information is recognized as being particularly sensitive and important to the person that the information is about. It is so important, in fact, that a new breed of legislation was developed to set out specific rules to ensure that the health information has robust safeguards (administrative, technical, and physical) to keep the health information confidential and secure. In Alberta, the Health Information Act (HIA) was proclaimed in 2001 to help custodians (people or organizations who collect, use, and disclose health information) ensure that they have identified the risks to breach of health information and how to prevent those risks. The legislation also ensures that the people who the health information is about have access to their personal health information.

In August 2018, amendments to the HIA were proclaimed that make it mandatory to report a privacy breach that could result in harm to the Office of the Information and Privacy Commissioner (OIPC).

Privacy breaches come in all types and sizes. One of the most common forms of a privacy breach is when a clinic or healthcare provider intends to send a report to another healthcare provider for continuing care and treatment but it is sent to the wrong physician. Or, the referral request went to the correct physician but included extra information about another patient that was not part of the referral.

What Is Considered a Privacy Breach?

A privacy breach is an unauthorized access to or unauthorized collection, use, disclosure , loss, or disposal of personal or health information.

To each of us, our own personal health information is important. As a healthcare industry, we need to ensure that we recognize this and acknowledge that each privacy breach is important to the person the information is about. We need to make sure that we minimize the risk of the information being used inappropriately or maliciously. We need to acknowledge to ourselves and to our patients and clients that we are human and that sometimes we do make mistakes and we will strive to do better.

A ‘small' breach of one person one time might have a big impact to the individuals involved.

A ‘big' breach of a lost laptop might have a bigger magnitude affecting many individuals.

When a breach also meets the requirements of mandatory notification, a custodian must report the breach regardless of how many people's information have been included in the breach.

4 Step Response Plan

When you have a privacy breach, follow these four steps to manage the privacy breach incident.

Step 1 – Spot and Stop the Breach

Each breach is important and needs to be recognized. Contain the breach so that it doesn't get any bigger.

Step 2 – Evaluate the Risks

Your privacy officer will investigate the incident and learn about the size, scope, and details about the breach. Consider if there is a reasonable basis to believe that there is a risk of harm to an individual

Step 3 – Notify

Notify the custodian, the affected individuals and (now, with the 2018 amendments), the Alberta OIPC, Minister of Health, Alberta Health (if the breach includes Netcare) and others.

The individual who's information has been breached needs to be made aware of the problem and the risk that might be experienced so that they can be prepare to limit the risks. The custodian needs to know how to manage the privacy breach and report it – internally and perhaps to other stakeholders.

Step 4 – Prevent the Breach From Happening Again

Correct and monitor the incident(s). Actively take steps so that the breach does not happen again.

Not Sure What To Do?

You never know when a privacy breach will happen! Prepare now with a privacy breach management program and coaching from the Practical Privacy Coach!

Learn what to do if you have a privacy breach.

4 Step Response Plan, Alberta, breach, Health Information Act, HIA, OIPC, privacy, privacy breach, training

How To Capture Patient Satisfaction With CareSay

Posted on July 2, 2019 by Jean Eaton in Blog

‘This call may be recorded to ensure quality control.’

We’ve all heard the recorded message when we call our bank or service provider .

But, is this the best way to capture patient satisfaction with their healthcare visit experience?

Are you looking for options to capture patient satisfaction with their interactions with your office staff during phone calls and their entire visit?

There are other options that require less technology, easier to implement, respects privacy, provides a more meaning constructive, helpful, feedback for your clinic team and engages your patients to improve their satisfaction.

I reached out to Brian Lee from Custom Learning Systems about his suggestions on how to explore patient satisfaction.

Brian Lee is my guest expert on Practice Management Nuggets Podcast for Your Healthcare Practice. Brian Lee is one of North America’s leading experts in the field of World-Class patient experience, staff engagement and culture change.

In this 16 minute episode, Brian Lee, shares options for the healthcare provider and business owner to easily capture and measure the patient's experience and give them an opportunity for feedback so that you can improve patient satisfaction and patient care in your healthcare practice.

Brian Shares His Key Tips Including

Options to create a patient experience survey (including CGCAPS).
New tools that empowers the patient to provide clinics with feedback about their experience.

New tools empowers the patient to provide clinics with feedback about their experience.

My Favorite Takeaways From The Podcast

Ensure that we do constructive, positive education with our caregivers.
Measure the patient's experience.
Empower the patient to provide the clinic and the caregivers with feedback.

Be sure to tune in to my interview with Brian Lee on How To Capture Patient Satisfaction With CareSay | Episode #077

Then, click here to get the free CareSay Review app: the unique new app to help you Connecting service providers and patients in a whole new way!

If you are a member of Practice Management Success, login here and view the webinar replay.

#digitalhealth, #PatientCenteredClinic, #PatientEngagement, #PracticeManagementNuggets, Brian Lee, CareSay, CGCAP, clinic, Everyone's a Caregiver, healthcare, medical, patient centered clinic, patient satisfaction, podcast, review

Can You Predict Successful Privacy Awareness Compliance Training?

Posted on June 13, 2019 by Jean Eaton in Blog

Protect your organization and your patients.

Investing in privacy awareness compliance training that is engaging, practical, and easy to access will prevent a privacy breach in your healthcare practice.

But, how do you find the right training?

Look for a strong completion rate.

A high completion rate is the single best predictor of successful privacy awareness compliance training. Most on-line courses have a 6-15% completion rate.

The Privacy Awareness in Healthcare: Essentials program from Corridor Interactive has a completion rate of 95%.

And the investment is only $35 per person.

Give your patients the gift of privacy. Improve your healthcare practice with privacy awareness education.

HURRY! A privacy breach can happen at any time!

health care, healthcare, HIA, PHIPA, privacy, privacy awareness compliance training

Are You Drowning in Patient Referrals?

Posted on May 13, 2019 by Jean Eaton in Blog

Are you drowning in patient referrals?

Playing telephone tag with specialists and patients?

Faxing is old technology, a massive time waster, and can be very costly both financially and emotionally when faxes get lost in the system.

In our Practice Management Nugget Webinars for Your Healthcare Practice series on October 12, 2017, I spoke with Dr. Denis Vincent, Physician Founder of ezReferral. There are many things that you can do right away to improve patient referral management.

Dr. Denis Vincent's #1 Tip to improve the patient referral process:

“Find more effective ways to involve and engage the patient in the referral process.”

The traditional referral workflow is inefficient

Using phone and fax messages from the referring provider to the consulting provider and back to the referring provider and then to the patient takes time. And every time that the message is transferred, there is a risk that the message is not understood or is lost.

So, we have a tendency to create complicated backup systems to double-check and make sure that none of the steps get missed. Many practices have created a ‘referral binder’ monster – the master referral list for the clinic. This binder is full of post-it notes, tags, and phone messages and reminders to help us make sure that the referral appointment is booked, the patient is notified, and the appropriate follow-up takes place.

Even in practices with an electronic medical record (EMR), we use a paper process to ‘make it easier’ to track patient referrals.

But the binder can only be used by one person at a time and only seen by the people in that office. The patient has no idea about the status of their referral so they phone the office regularly to ask for updates.

But wait! We want to make sure that everyone knows what is happening with the referral. We leave phone messages and voice mail and talk to the patient, the specialist, the referring provider to remind, confirm, and follow-up.

Save 60 minutes for each patient referral

Denis Vincent suggests that his family physician office referral coordinator used to spend an average of 75 minutes on each patient referral. That referral cycle can take months just to get to the point where the specialist appoint is confirmed and the patient is notified.

Now, using ezReferral, the entire referral process takes an average of 15 minutes of staff time per patient referral. That is a savings of 60 minutes per referral!

You can do this when you use a synchronous patient referral management system. EzReferral is a secure cloud-based solution that manages the patient referral process with clear real-time communication that the referring provider, specialist provider, and the patient can see at any time.

Multi-disciplinary healthcare team

ezReferral is designed to work with any multi-disciplinary referral pattern in your practice. For example, family physician to specialist physician or any other healthcare provider.

14 days from referral order to confirming appointment. Can you do that?

Starting in January 2017, physicians in Alberta must meet new time frames for acknowledging and responding to referral requests. If you are asked to consult on a patient, you will have:^[1]

7 days to acknowledge receipt of the request to the referring healthcare provider.
14 days to let the referring healthcare provider know whether you can accept the referral.
14 days to contact the patient to schedule an appointment or to confirm the status of the referral, if no appointment date has been determined.
30 days to provide the referring healthcare provider with a written report after your first appointment with the patient.
Consulting physicians will also need to be reasonably available to respond to referral requests and ensure their process is accessible.
Referring physicians will have to make sure they include all pertinent clinical information (including relevant investigation results) and the purpose of the consultation with their request, to enable the consulting physician to determine whether he/she can accept the referral within the mandated 14-day time frame.

([1] College of Physicians and Surgeons of Alberta)

These are good standards to meet for every type of healthcare provider.

You can meet these standards when you use a synchronous patient referral management system. EzReferral is a secure cloud-based solution that manages the patient referral process with clear real-time communication that the referring provider, specialist provider, and the patient can see at any time.

Patient Benefits

Patient Engagement
Patient Satisfaction
Patient Peace of Mind
Better Patient Care

Referrer Benefits

Happier patients
Reduce workload
Eliminate the “black hole”
Satisfied Staff

Specialist Benefits

Reduced workload
Reduce no-shows
Reduce phone calls
Reduce overhead
Audit trail

Testimonial from Edmonton Eyelids

“Our office has been using ezReferral since July 2016. It’s easy to rave about this powerful communication tool – each referral received through this system takes a fraction of the time required through our faxed referral system, due mainly to the fact that most patients choose to receive referral notifications by text and/or email (thereby eliminating the “middle ground” in which some referrals can get lost). What truly sets ezReferral apart from ANY online interface that I have ever used: the support staff is accessible, proactive, and fast.”

Shawna Sazwan
Edmonton Eyelids

Dr. Vincent has implemented ezReferral in his family practice. I have to admit, I’m blown away with his experience that 95% of the patients choose to receive their notifications by text messaging. That’s much better than I anticipated.

This solution is ideal for healthcare practices with referrals within the medical community and even better when you are working with multidisciplinary referral teams. This works well for both paper based and electronic medical record based practices.

Watch the webinar replay now to see how you can save time, money, while improving the patients’ access to health care in a timely, efficient manner. You will also discover the key steps and timelines to prepare for implementation in your practice.

Practice Management Nugget webinar interview with Denis Vincent was recorded live on October 12, 2017.

Watch the Webinar

If you are a member of Practice Management Success, login here and view the webinar replay and access the members-only resources.

#PracticeManagementNuggets, Dr. Denis Vincent, ez Referral, ezReferral, fax, health care, healthcare, medical, patient referral management, practice management, review ezReferral

International Receptionist Day is just one day, but recognition of this important role should occur all year

Posted on May 8, 2019 by Jean Eaton in Blog, Guest Post

A Guest Post by Nelson Scott

It seems at times that receptionists “don’t get no respect,” to paraphrase the late comedian Roger Dangerfield.

To some eyes, the job just consists of answering the phone, directing visitors to “have a seat” while waiting for their appointments, and maybe a few other tasks.

This is why the second Wednesday of May each year is designated as International Receptionists Day (IRD). According to information on the website www.internationalreceptionistsday.com, the purpose of IRD is to “foster a recognition of the importance of a receptionist's role.”

Being a receptionist is about much more than dealing with telephone calls or offering visitors coffee while they wait. Receptionists are often the first people visitors and callers encounter, and as such are the people who create initial impressions of the organization.

First Impressions Matter

Outsiders form an opinion of the organization on what the receptionist does and says. Receptionists are the face of the organization to the world.

If that first impression is negative, it will take several positive experiences to overcome that perception.

Some organizations get this. Rather than relying on the generic title “receptionist,” one company designated the person in this position as the “Manager of First Impressions.”

Recognition All Year

Hopefully, the focus on the contributions of receptionists will continue beyond this single day. The danger of designated days that pop up on the calendar throughout the year is that they create the impression that having acknowledged the contributions of receptionists, administrative professionals (fourth Wednesday in April) or teachers (October 5) on their designated day, we can check “recognize the receptionist” off our to-do list for another year and move on.

Bob Nelson, who initiated Employee Appreciation Day (first Friday in March) in 1994, shortly after publication of his book 1001 Ways to Reward Employees, described the concept of a designated day to recognize staff as “silly” in a 2015 article in Business Insider.

“I’m a big advocate of using recognition on a daily basis,” he is quoted as saying. “But I did want to have one day where we could call attention to the topic and have conversations about its importance.”

Designated dates are reminders that recognition is important and they create focus on specific positions.

The 3-F Approach

When looking for ways to mark IRD and other designated days, organizations frequently default to what I describe as the “3-F” approach: Food, Flowers and Fudge (and other Fattening treats). While there’s nothing wrong with expressing appreciation by taking receptionists to lunch, bringing them flowers or leaving a box of chocolates on their desks, I challenge you to be more creative when planning to celebrate your receptionist(s).

Make it Personal

Here are a few ideas to kick-start your creativity (you can likely come up with better ideas):

Leave a note of appreciation on the receptionist’s desk, where it will be the first thing that person sees in the morning.
Receptionists often bring coffee and tea to visitors while they wait. Turn things around by delivering a drink purchased from the receptionist’s favourite coffee shop to his/her desk.
Invite other staff to answer the question, “How does our receptionist support your work?” Have them write their responses in a card or a poster-sized sheet of paper which will be presented to the receptionist. Remind the staff that the more Explicit the description of the contribution, the greater the impact of their words.
Is there a job title that better captures the value that these individuals contribute to your organization? Ask other staff to devise titles, such as “Manager of First Impressions” that describe the essence of what receptionists do.

Recognizing receptionists—and all other staff members—is a good place to begin, but recognition should be ongoing. Recognition is a task that should never disappear from our to-do lists.

Nelson Scott

Nelson Scott – Guest Author

Nelson Scott is an Edmonton-based speaker, trainer and author who provides tools, tips and techniques to enable managers and supervisors to hire, engage and retain the right people. For more tips and articles about hiring and recognizing staff, subscribe to his newsletter Briefly Noted.

Contact Nelson here or Visit the website www.greatstaffrecognition.com or

Connect on LinkedIn or Twitter @NelsonScott_

Want to learn more from Nelson?

Sign up for his newsletter, Briefly Noted,

for more tips on how to improve your employee recognition

Yes, please send me the newsletter!

Admin Assistant Day, GREAT staff recognition, International Receptionist Day, Nelson Scott, Secretaries Day

Privacy Awareness Week 2019

Posted on May 7, 2019 by Jean Eaton in Blog

Privacy Awareness Week (PAW), an initiative of the Asia Pacific Privacy Authorities forum (APPA), is held every year to promote awareness of privacy issues and the importance of protecting personal information. This year, Privacy Awareness Week is celebrated May 6-10, 2019.

Protect Your Organization and Your Patients

Equip your staff with the information they need to confidently and correctly handle personal health information.

Healthcare businesses need privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Reasonable Safeguards

As an employer and health care provider, you are responsible to provide training to all of your employees about privacy awareness.

If you don’t provide the training, or if the employees don’t understand the policies and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

Patients value the privacy and security of their information.

Healthcare providers and clinic managers value privacy and security, and they value not having adverse results as a lack of compliance or patient safety issues.

Privacy Awareness Quiz

Patients trust their healthcare providers with their sensitive, personal, and financial information.

If patients don’t feel that the healthcare provider will keep their information confidential and secure, patients may choose not to share their information which may impact their healthcare and treatment.

When we are privacy aware, we can better respond to patients’ questions and build their trust in the quality of services that we provide.

Avoid Fines

On August 31, 2018, amendments to the Health Information Act (HIA) came into force that introduce a fine of not less than $200,000 for a person who fails to take reasonable steps in accordance with HIA regulations to maintain safeguards to protect against reasonably anticipated threats to the security of health information (sections 107(1.1)(a) and 107(7)).

SAY NO TO SNOOPING! If an individual affiliate knowingly breaches the privacy and security of health information, and the custodian can demonstrate that reasonable safeguards (including privacy awareness training) were in place, the individual affiliate can be charged under the Health Information Act. Fines of up to $50,000 per may be applied to the individual in addition to other sanctions from their employers and/or their professional regulatory colleges where applicable. (HIA s.107)

What Will You Do To Be More #PrivacyAware?

Join Information Managers for Privacy Awareness Week! May 6-10, 2019. #PrivacyMatters!

Information Managers would like to spread the message of #PrivacyMatters to raise privacy awareness in healthcare everyday.

Share these resources in your healthcare practice to keep privacy top-of-mind and demonstrate your commitment to privacy awareness!

Privacy Awareness in Healthcare: Essentials

Improve your healthcare practice with privacy awareness education.
#PrivacyAwareness training in healthcare to support key policies, procedures and risk management programs.

Grab this from Corridor Interactive!

Special Privacy Awareness Week Pricing! EXTENDED!

Hurry! Expires soon!

Grab Your Privacy Awareness Training

Download Your Privacy Awareness Quiz!

Common scenarios in healthcare.

Grab Your Quiz

I Heart Privacy! #PrivacyMatters

Print badges for your team.

Or, use the done-for-you sheet of labels that you can print right away and slip into badge holders or print to stickers or labels.

You can even customize the labels and add your business name!

Instant Download Here

Download Your Monthly Privacy and Security Awareness Audit Template

Grab Your Free Privacy and Security Monthly Audit Template

#PrivacyMatters, health, healthcare, privacy awareness, training

How Will Netcare Patient Portal Impact Your Healthcare Practice?

Posted on April 3, 2019 by Jean Eaton in Blog

⇓ ⇓ Click the >> arrow button to play the video!

It's Here!

After many long years of waiting, residents of Alberta can now access their personal immunization history, medication history, lab test results, and more in their own MyHealth Records – the patient portal view of Alberta Netcare.

Watch the short video above for my quick review of MyHealth Records.

Alberta Netcare has announced the next step to grant patients access to their own record in Alberta Netcare Portal (ANP).

MyHealth Records

The Alberta Netcare website says that MyHealth Records is a Personal Health Record for Albertans to access some of their health information, such as lab results, medications, and immunizations drawn from Alberta Netcare.

MyHealth Records also provides access to several health and wellness tools to help track and maintain overall health. (See the complete list of features here.

Alberta Health has announced that the first step for patients to access thier own records is to request your MyAlberta Digital ID (MADI) which will eventually act as your login credentials to the ANP.

If you have not already registered for MADI access you may do so here: MyAlberta Digital ID.

You will see 2 options – one for a basic account and one for a verified account. Select the verified account.

You will receive a personal identification number (PIN) in the mail.

When you have a verified account, you can go to your MyAlberta Digital ID account and add a new MyHealth Records access.

You can do this now – no need to wait!

You will (probably) have access to medications dispensed by pharmacists and lab and diagnostic imaging tests results for the last 18 months. Remember, not all test results are available.

You can now also add your own journal entries for your weight, food diary, exercise diary and other tools to help you manage your health.

This is a patient portal into your health information maintained by Alberta Health Services and Alberta Netcare.

The original or ‘source’ data continues to be securely managed in the service providers’ originating electronic systems. The originating systems and their custodians are required to keep the records for the entire records retention period; generally 10 years.

The information in the MyHealth Records portal may only be available to you for 18 months to 2 years. If you choose to add information to your account, I believe that information will be maintained for a limited time (for example, 2 years).

Patient portal

Patient Portals Can Reduce Barriers

The use of a patient portal can reduce barriers for patients to access their own records. Other benefits to patient portals may include:

Increased empowerment to patients who can access their own results in a timely fashion
Better communication with patients
Fewer access requests (and increased administration efficiencies)
Fewer missed appointments (and increased access to care)

How Will Patient Portals Affect Your Healthcare Practice?

Will you tell your patients that they can access some of their lab results themselves directly from MyHealth Records?

Let me know your experiences with patient portals and your questions. I really would like to know your thoughts on how portals may impact your healthcare practice.

#digitalhealth, Alberta Netcare Portal, ANP, benefits, health, healthcare, MyHealth Records, Netcare, Patient portals

Tax Season and Fraud Prevention Patient Access to Information

Posted on April 2, 2019 by Jean Eaton in Blog

Ever thought that someone might want to submit your tax returns for you?

No problem.

They will even collect your refund – their payday when they scam your personal identity.

Michael Kaiser Blog, Executive Director of Stay Safe Online, notes on his blog that tax cyber crimes are on the rise. The Tax ID thieves usually file returns early using the taxpayers' stolen personal information so that they can cash the refunds before the taxpayer can file their legitimate tax return.

Help Your Patients to Understand How to Safely Access Their Information

When patients or clients ask you for their account statement information, take the time to ask them for photo ID and a proper authorization to disclose their personal information.

Help them to understand that you can release their own information to the patient or to another person (a spouse, for example) only with the patient's written authorization. Even ‘just' health care billing information is important.

Show your patients that you care about the safety of their information by taking steps to make sure we are protecting their patient and client information.

This Practice Management Success Tip includes

Tips to help you implement this procedure
Template authorization form
Poster to quickly explain to your patients how your procedure helps to protect their privacy

Yes I Want the Poster and Procedure Template! authorization, disclosure, patient access to information, Phishing email, privacy breach, tax cyber fraud, tax fraud

Does Your Healthcare Practice Need an Information Manager Agreement For Your Shredding Service?

Posted on April 1, 2019 by Jean Eaton in Blog

Q: We are selecting a vendor to look after our shredding. Do we need an information management agreement (IMA)?

A: Yes, you need an information manager agreement (IMA) with your shredding vendor.

Think about all the health information that you have authorized them to manage on your behalf. You certainly want to select a reputable vendor who will pick up the paper and securely transport it to their facility for secure shredding.

The Health Information Act (HIA) allows custodians to contract with other health service providers and vendors for the purposes of providing information management or information technology services, like shredding. This requires the custodian to give the vendor access to the papers with health information so that the vendor can securely destroy the paper.

The shredding vendor is known under the HIA as an information manager.

The custodian must ensure that the vendor has reasonable safeguards in place to protect the sensitive health information. The custodians must also ensure that there is a written agreement between the custodian and the information manager. These agreements are known as “Information Manager Agreements.” This requirement is stated in the HIA section 66(2).

There are many reputable vendors from which to choose

Some vendors will do the shredding right in your parking lot; others will transport it to their processing facility.

Remember to ask for a certificate of destruction at the completion of the shredding to document the secure destruction of the paper. Some vendors require a witness from the clinic to confirm that the shredding was done securely.

Some vendors can offer a recycling program for the paper after it has been securely shredded.

Ask your shredding vendor for an IMA. This is different than a service agreement where you agree to pay a fee for the shredding service.

For more information on what is an IMA, see the e-book, Top 3 Agreements Your Healthcare Practice MUST Have (and Why).

health, healthcare, information management agreement, information manager agreement, shredding

1 2 3 ›»