Do You Want To Be A Confident Healthcare Privacy Officer?

Posted on July 4, 2022 by Meghan in Blog No Comments

What Is a Privacy Officer?

A privacy officer is a key employee in a healthcare organization who is named by the healthcare provider (custodian) and assigned the responsibility to oversee all activities related to the implementation of, and adherence to, the organization’s privacy practices, and to ensure operational procedures are in compliance with relevant privacy laws. The Privacy Officer monitors employees and systems about how information is collected, used, and disclosed and access to identifying information.

A privacy officer may be known by other titles like privacy compliance officer or a security officer.

If your healthcare business involves the collection, use, and disclosure of your clients' and patients’ personal health information, a privacy officer is necessary in order to meet legislated requirements.

If You Don't Have a Privacy Officer

Healthcare practices without a privacy officer often experience confusion about how patients’ personal health information should be collected, used, and disclosed. Patients may complain about lack of access to their personal health information. Without a named privacy officer to assume the responsibility to implement and monitor reasonable administrative, technical, and physical safeguards you are more likely to experience privacy and security incidents, privacy breaches, investigations, fines, and charges under the privacy legislation!

Here are some examples of what can happen if you don’t have a privacy officer:

In 2019, the British Columbia Office of the Information and Privacy Commissioner (OIPC) conducted a privacy audit of 22 medical clinics. OIPC auditors examined 22 clinics and found gaps in privacy management programs at several clinics, including the absence of a designated privacy officer, a lack of funding and resources for privacy and a failure to ensure that privacy practices keep up with technological advances.
A complaint was made against a medical clinic with an employee suspected of accessing health information for an unauthorized purpose. The Alberta OIPC investigated and revealed confusion around the roles and responsibilities of privacy compliance among the custodians and the privacy officer. The OIPC determined that the custodian was in contravention of the regulation which requires custodians to ensure that their affiliates are aware of and adhere to the all of the custodian’s administrative, technical, and physical safeguards with respect to health information. (See Do You Know Where Your Policies and Procedures Are?)
Employees are not aware of privacy requirements and engage in snooping into personal health information. Consequences of employee snooping include firing, charges under the Health Information Act and court ordered fines, jail time, probation, community service and more. (See Snooping Conviction Earns 3 Years Probation )

Roles and Responsibilities

So, what does a privacy officer do? The roles and responsibilities of a privacy officer in a typical healthcare practices include the following:

Identify privacy compliance issues for the business.
Ensure privacy and security policies and procedures are developed and keep them up to date.
Ensure that everyone working at your clinic and your vendors are aware of their privacy obligations.
Monitor your clinic's ongoing compliance with privacy legislation like the Health Information Act (HIA) in Alberta.
Provide advice and interpretation of related legislation for the business.
Respond to requests for access and corrections to personal information.
Ensure the security and protection of personal information in the custody or control of the business.
Act as the primary point of privacy and access contact for staff, patients, vendors, regulators and other stakeholders.

#Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed.

Get the FREE Practice Management Success Tip, Privacy Officer Job Description Template.

Who Should Be The Privacy Officer?

The custodian or the healthcare provider is, by default, the privacy officer. Alternatively, the custodian may designate a responsible affiliate for the purposes of the privacy legislation and given the title of Privacy Officer. In some practices, you may have co-privacy officers or, in practices with multiple locations, a privacy officer at each location.

In small practices, the clinic manager or practice manager is often named the privacy officer. In larger practices, an individual may be given the role and responsibilities of a privacy officer on a full-time basis.

The privacy officer should be in communication with both management and planning decision makers and the front-line staff who collect, use, disclose and provide access to personal health information (PHI).

Who Should A Privacy Officer Report To?

The privacy officer must report to the healthcare provider and custodians in the practice. They may also report to the clinic manager, business manager, or other senior management position.

In practices that are heavily dependent on computer network and medical devices technology, there may be both a privacy officer and a security officer. The security officer typically is focused on intrusion protection and detection and related technology safeguards. The privacy officer is more focused on the collection and use of disclosure of PHI.

What Should Privacy Officer Training Include?

The privacy officer role is challenging yet rewarding. Training should include privacy legislation awareness, privacy awareness, privacy management best practices, privacy breach management, risk assessment and mitigation, reasonable safeguards assessment and implementation. In addition, privacy officers may also learn how to complete a privacy impact assessment.

Training for privacy officers can include formal academic programs (U of A), sessional (CHIMA, Practical Privacy Officer Strategies), supported by professional associations (PACC), and/or self-directed learning including review of resources provided by regulators (like the OIPC) and ministry of health.

Many privacy officers in small healthcare practices have other roles – as a clinic manager, healthcare provider, computer network technician, or business owner. It is little wonder that new privacy officers can feel overwhelmed when trying to balance these responsibilities each and every day.

You may be missing the systems to monitor routine tasks that will protect privacy and alert you to potential problems before they become privacy and security incidents.

Bottom Line: If you are spinning your wheels trying to figure out how to get started, it will cost you time, money, and frustration!

Which means you never get around to implementing a robust privacy management program.

If you are a privacy officer in a healthcare practice who needs practical privacy management strategies to protect your patients and your healthcare business but can't figure out how to get started, here's the solution you've been looking for.

Introducing Practical Privacy Officer Strategies!

On-line training to help you:

Daily, weekly, monthly, and annual privacy tasks that make sense for your healthcare practice, that you understand, and that you can implement.
Promote a culture of privacy compliance.
Confidence in your role and responsibility as a privacy officer.
Gain confidence in your understanding of the Health Information Act and other privacy legislation.

In this Practical Privacy Officer Strategies course, you will discover the three steps that you can do now to become a confident privacy officer, protect your patients, and your healthcare business.

Register now – and start your journey to become a confident privacy officer!

Practical Privacy Officer Strategies

Online Course with 5 Live Training Sessions:

Next intake will be in September 2022.

The online Privacy Officer course includes:

5 Modules each with live 1 hour on-line training with Jean (and the replays, too!)
Health information privacy principles and legislation
Introduction to the purpose of a privacy management program
Introduction to the purpose of a privacy awareness training program
Introduction to the purpose of a privacy breach management program
Roles and Responsibilities of a Privacy Officer
Healthcare privacy officer job description template

healthcare, healthcare privacy officer, HIA, privacy officer, privacy officer training, webinar

Should You Use Encrypted Emails In Your Practice?

Posted on June 27, 2022 by Jean Eaton in Blog

Should You Use Encrypted Emails In Your Practice?

There are many jokes around these days like “Fax machines? Who still uses those? And why are you still using fax machines? It’s the 2020s, not the 1990s!

People who don’t use them regularly may not realize it, but there are still many places which still use fax machines today—from legal offices, to governments, and yes—doctors offices.

This is because fax machines are much more secure than electronic networks such as email.

One doctor’s office asks: As healthcare professionals, we routinely send our referring physicians a report of the patient’s progress by fax. One clinic would like us to send the reports to them using their encrypted email link instead of fax.

Can we do that?

Today we’ll look at the pros and cons of switching to encrypted email as a method to securely send personal health information and try to answer this question.

What Are The Issues With Email?

First, we need to look at regular, non-encrypted email.

Grant Dakin, President of Solid Technology Solutions reminds us:

“When it comes to sharing sensitive information via email it should always be assumed that it is insecure. Basic email is generally open text, and to many email servers out there, especially on the public side, are not setup to handle encrypted email protocols.”

Even if your email service provider offers message encryption while a message is traveling between computers, this often does not apply on either end, and the message in the outgoing sent box and incoming inbox are often left unencrypted and vulnerable.

If information is not appropriately sorted once it arrives in the recipient’s inbox, there may still be issues with storing information in your email.

If the sender and the receiver do not appropriately manage their in and out boxes to ensure that it has limited information, appropriate access to only the right persons, and has been securely deleted, you have only addressed part of the problem.

When sending information to another clinic or doctor’s office, you may ask what practices does the other clinic have for storing information?

The same questions are important for patients as well:

Does the patient have access to a computer where they can download information?
Are they using a personal computer or an employer’s computer?
Do they have a secure place to access the information?

These are all things which need to be taken under consideration before you send personal information by email in your healthcare practice.

Why Are Some People Switching to From Faxing?

So, a referring partner who typically sends the consultation report to you by fax now wants to send it to you by encrypted email.

It’s not uncommon for places to want to upgrade their technology.

Fax machines can be large and clunky, and using encrypted email for consultation reports, referral requests, and more can be attractive to streamline operations. Many people feel that fax machines are obsolete. In early March of 2021, the Government of Ontario announced it would phase out its use of all fax machines by the end of the year.

However, there isn’t a common alternate communication standard across healthcare, private, and public users that is as common as the fax machine.

There have also been numerous privacy breaches in healthcare related to improper use of fax machines. For example, in the Ontario Information and Privacy Commissioner’s 2020 Annual Report, the IPC found that, in 2020 about 58 per cent of breaches experienced by health information custodians were caused by misdirected faxes.

How Does Encrypted Email Work?

Encrypted email works using an encryption key.

What is Encryption? Encryption is a method to disguise a message into a secret code. Only the people that have the ‘key’ to the secret code can un-scramble the message so that it can be read.

In order to use them, both the sender and the receiver need to have a key—the sender uses it to encrypt the message before sending it, and the receiver needs a key to decipher the message.

Grant Dakin explains: “Encrypted email services are a third-party service that will securely store the message, typically a secure web page, until a verification process is completed. This is key. The recipient needs to prove their identity to be able to view the message. At minimum, this can be a username / password challenge using a verified recipient owned email address. When possible, it is recommended to have multifactor authentication (MFA) employed. The use of MFA is dictated by compliance requirements, the type of information and your user base.”

This might seem overly complicated if you’re not used to using encryption services, which may not be an issue when sending information to another clinic, especially if they’re the ones who suggested using encrypted email.

Encrypted Email Process Diagram

When it comes to sending information to patients, especially those who aren’t very tech savvy, you need to consider if encrypted email is the right option.

Things to Consider When Implementing Encrypted Email

If you’re considering implementing encrypted email into your practice, you’ll want to first do a risk assessment, which should include:

Discussions with IT vendor / Managed Service Provider
Assess the reputation of the encryption vendor
Does the encrypted email meet industry compliance requirements?
Review your existing policies and procedures
Update those policies and procedures as required
Approval from Privacy Officer / Custodian / CEO
Prepare / update your privacy impact assessment (PIA)
Training for your staff on how to use the encryption software
Is there a verification process to ensure that the right person is viewing / accessing the information?
Verify that there are encryption protocols being used (If retrieving from a browser, verify that there is a valid SSL certificate)

For further guidance on choosing an encrypted email service, Grant Dakin offers the following:

“When looking for an encrypted email service, be certain that the service provider can demonstrate compliance. Most third-party providers base their compliance on HIPAA, which is a US based compliance, but it is very much in line with Alberta's Health Information Act (HIA) and our various Privacy Acts. For us, at SolidTech, the most common encrypted email service provider that we deploy would be Microsoft 365, which is HIPAA / HIA compliant, providing it is set up properly.”

Consider also that if you send information via encrypted email, there will probably be a learning curve for the receiver of the information as well. You may want to offer a basic outline to patients who opt to receive email this way about how it all works.

It may seem surprising at how much time it takes to appropriately and correctly implement an email encryption service in your healthcare practice. But if you will “axe the fax” and discontinue the use of a fax machine, you need to complete a risk assessment and plan an alternate solution.

What Else Can I Use, Instead of Encrypted Email?

If you aren’t ready to make the jump to encrypted email systems but want to get away from using fax machines in your practice, there are alternatives to encrypted email to consider.

Some of these include:

Portals from electronic medical record (EMR) systems
Sharing networks
Secure messaging

PrescribeIT^® enables prescribers to electronically transmit a prescription directly from an electronic medical record (EMR) to the pharmacy management system (PMS) of a patient’s pharmacy of choice. See the blog post, “Using PrescribeIT To Streamline Your Workflow”.

Any changes to how you send personal information, whether to patients or other clinics can’t just be a unilateral decision on your part.

Just because you’re ready to make a change, it doesn't mean that the recipients are ready to receive it in that way. You must communicate with your partners and patients about your plans and ensure everyone is on board.

Furthermore, it’s always good to have a business continuity plan in case your chosen method ceases to work as expected.

I’m Ready To Implement Encrypted Email—What’s Next?

If you think encrypted email might be the right choice for your practice, you might wonder, “What next?”

Getting started with a change like this may seem overwhelming, but you don’t have to do it alone.

Connect with Grant Dakin of Solid Technologies Solutions Inc.

Also see, “Texting with Patients; Can You Use Text Messaging With Patients?”

digital health, healthcare practice management, privacy

When Your Patient Requests Tax Receipts

Posted on March 22, 2022 by Meghan in Blog

When Your Patient Requests Tax Receipts

Ever thought that someone might want to submit your tax returns for you?

No problem.

They will even collect your refund – their payday when they scam your personal identity.

Michael Kaiser Blog, Executive Director of Stay Safe Online, notes on his blog that tax cyber crimes are on the rise. The Tax ID thieves usually file returns early using the taxpayers' stolen personal information so that they can cash the refunds before the taxpayer can file their legitimate tax return.

We can help to prevent this theft when we implement proper release of information practices.

Help Your Patient Requests Their Information for Tax Receipts

It's tax time! When patients or clients ask you for their account statement information, take the time to ask them for photo ID and a proper authorization to disclose their personal information.

Help them to understand that you can release information to the patient or to another person (a spouse, for example) only with the patient's written authorization. Even ‘just' health care billing information is important.

You Care About Patient Access and Privacy for Tax Receipts

Show your patients that you care about the safety of their information by taking steps to make sure we are protecting their patient and client information.

This Practice Management Success Tip, Patient Health Information for Tax Reporting includes

Tips to help you implement this procedure
Template authorization form
Poster to quickly explain to your patients how your procedure helps to protect their privacy

Yes! I want the Poster and Procedure Template!

Practice Management Success

If you are a member of Practice Management Success, login and access the poster, procedure, and form template.

Not a member? Join today!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Release of Information Checklist

Do You Know Where Your Policies And Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

When we know better, we can do better…

Jean L. Eaton is constructively obsessive about privacy, confidentiality, and security expecially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

consent disclosure for tax, healthcare, patient access, patient access to information, tax cyber fraud, tax fraud

Why You Need Policies and Procedures

Posted on March 15, 2022 by Jean Eaton in Blog

Why You Need Health Information Policies and Procedures

Maybe you’ve heard you need written policies and procedures for your health information, but you’re left asking yourself why it’s so important?

The truth is, without written policies and procedures, you open a healthcare practice up to a whole host of problems, including major legal issues.

In fact, every business needs good practices that apply to your:

Information that you collect from patients/clients
Website
Email
Business practices including electronic (or paper) patient records, and computer network
Financial information
Billing, collection, and payment processing

Within the healthcare industry, there are additional legislation requirements that require specific written health information policies and procedures.

The Health Information Act (HIA) and the Personal Information Privacy Act (PIPA)

As we mentioned, when a custodian collects health information, you must follow the Health Information Act (HIA) in Alberta.

Like most other private businesses in Alberta, private healthcare practices must also comply with the Personal Information Privacy Act (PIPA).

The colleges of regulated health professionals (like the Alberta Dental Association and College (ADAC) and the College of Physicians and Surgeons of Alberta (CPSA), require dentists and physicians to meet the standards of practice which includes compliance to HIA and PIPA legislation.

In addition, the college has other standards of practice that you must meet, including policies and procedures for the collection, use, disclosure, and access of health information.

So, let’s explore further why written policies and procedures are so essential, as well as what can happen without them, and why healthcare practices may not think they need them in the first place.

Benefits of Policies and Procedures

One of the most critical benefits of having policies and procedures in place is that they’re good for business.

Here’s how:

They contribute to consistent, efficient workflow.
You can figure it out once, write the procedure, tweak it to make it better, and then repeat the same procedure again and again.
They help you make better business decisions, like buying supplies, choosing services, and selecting vendors.
They help support your accreditation efforts.
On-boarding employees the right way with no missed steps is much easier with policies and procedures in place.

If you’re looking for even more proof of the benefits of having written procedures, it can also help you avoid:

Internal disputes within your team and external disputes with your patients and clients
Re-work and re-training employees
Poor customer service
Poor reputation
Fines and penalties

Fines And Penalties For Not Having Written Policies And Procedures

You might be wondering why you would face fines and penalties for not having written policies and procedures in the first place.

The HIA requires the custodian – which includes the physician, pharmacist, dentist or dental hygienist – to take reasonable safeguards to protect the privacy and confidentiality of patients’ health information.

Having written policies and procedures is a common, expected, and reasonable safeguard.

Let’s say you have a privacy breach in your practice or an error (like sending a fax to the wrong number or you are a victim of a phishing or ransomware attack).

You can learn more about what makes a privacy breach a privacy breach here.

If you can’t demonstrate that you had the appropriate reasonable safeguards, like written policies and procedures in place, you are guilty of an offence under the law.

It’s illegal not to have policies and procedures when you collect health information.

If you are guilty of this offence, you are liable for a fine of a minimum of $2,000 and not more than $500,000. (HIA section 107(7)).

3 Policies and Procedures Myths

One reason some healthcare practices fail to have written policies and procedures is because they believe they don’t need them.

Often, this is because they’ve fallen prey to the common myths about policies and procedures.

There are 3 of the common myths that stop healthcare providers and their clinic managers from creating written policies and procedures:

It’s Too Hard

While it does take some skill to write clear, easy to read, and easy to understand policies and procedures, it doesn’t have to be heard. In fact, you can even purchase templates to make this easier.

It Takes Too Much Time

Writing policies and procedures does take some time.

But investing the time to create policies and procedures pays off by preventing suffering from inconsistent or broken procedures, using or disclosing health information in error, and having to pay fines, penalties, public relations nightmares, or spending the time required to run a privacy or security investigation.

It’s A Waste Of Time

Here are a few good reasons that prove writing policies and procedures is not a waste of time:

Practical privacy policies and procedures will create a more efficient practice and help you make better business decisions.
The policies and procedures become the foundation of your privacy impact assessment.
Policies and procedures are pre-requisites for other initiatives, like access to Netcare or other community integration initiatives, and privacy impact assessment (PIA). Click here to learn more about PIAs.
You must have them as part of your legislative compliance.
It’s the law. Not having policies and procedures regarding the collection, use, disclosure, and access of health information is illegal.

As you can see, written policies and procedures help ensure consistent office procedures and good communication between team members in your healthcare practice.

In addition to those good reasons, you must have good written policies and procedures about how you collect, use, disclose, and provide access to health information to avoid legal problems, fees, penalties, and other problems.

Not Sure Which Policies and Procedures That You Need?

Show Me Policy And Procedure Checklist

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies and Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

Privacy Impact Assessments (PIA)

Alberta, clinic, custodian, health, Health Information Act, healthcare, HIA, medical, physicians, PIPA, Policies and procedures, privacy, Privacy Impact Assessment, reasonable safeguards

Piles of Paper: Shredding Options For Employees Who Work From Home

Posted on March 10, 2022 by Jean Eaton in Blog

Piles of Paper: Shredding Options For Employees Who Work From Home

In the spring of 2020 many workplaces and employees had to make fast pivots to deal with the reality of the COVID-19 pandemic.

Kitchen tables and spare bedrooms became home offices and remote classrooms.

Employee commutes were drastically reduced down to the time it takes to walk from the kitchen after breakfast to their makeshift workspaces.

Many people have found they enjoy the freedom and extra time this has given them, to spend time with family, work on hobbies, or simply just not having to sit in traffic or on transit every day.

As the pandemic starts to wind down, many employees and employers are taking a critical look at where and how we work.

Managers are realizing their staff can be just as productive from a home office, and they don’t need to always be present in the office to be productive.

Companies are offering more flexibility, continuing to allow work from home arrangements or hybrid models for those who prefer it in order to retain staff.

However as the landscape of work has changed, employers continue to have a responsibility to ensure privacy of data from clients and patients, even when employees are working at home.

It’s been nearly two years since many employees shifted to working from home as a result of the onset of the COVID-19 pandemic, and many have accumulations of records which need to be disposed of properly.

Do you have a plan in place to manage shredding services for employees who have been, and continue to work remotely?

We know it is a common privacy breach to have confidential information discarded in the garbage or recycling bin and subsequently disclosed to unauthorized persons.

Many offices may have overlooked this in the rush to have employees work from home at the start of the pandemic, when many of us thought this would just be a temporary measure, maybe a few weeks and then back in the office.

However, this has gone on much longer than anyone could have anticipated, and now there is a workforce with papers piling up at home, many of will continue to work remotely going forward.

Now is a good time to review previous procedure decisions and tweak them as necessary.

Spring might be a good time for a little house (or home office) cleaning.

Prevent Paper Privacy Breaches

The ultimate goal is to prevent privacy breaches from paperwork being disposed of improperly.

With this in mind, there are a few options to consider:

Having employees return the confidential paper to their place of employment for secure shredding. This could be difficult for those who normally commute by public transit or simply don't want the hassle to carry boxes of paper to the office.
Arranging for a shredding company to do a home office pick-up. This could be done through a courier service or arranged with your current shredding company. Both would likely already be covered by existing contracts and security precautions – but check this for surety.
The employee arranges to have a shredding service pick up at their home office. The employee pays for the service and either bills back to the employer for expenses or, perhaps, include in their home office expenses at tax time for a tax credit. In this case you may want to vet shredding companies in your area first and make suggestions as to which ones are approved for this purpose.

Arranging remote shredding services for your work from home employees means happier employees (as they no longer have to worry about papers piling up), and more peace of mind for clients as well.

Choose Convenience And Security

The cost of having a secure shredding service attending the home office is far more likely to be managed securely and completed.

Some things to look for when choosing a shredding company include:

Do they have an understanding of compliance requirements for shredding personal health information?
What training do their staff have?
Are their staff subject to background checks?
Mobility – Will they come directly to you?
What prep work do they require of you (for instance do you need to remove all of the staples from your files before shredding)
Do they have a reputation for arriving on schedule? (check reviews)
Can they shred documents on site, rather than taking them to a secondary location?
How do they handle the waste from shredding, will it be responsibly recycled?
Transparent pricing with no surprises
Do they offer a certificate of destruction?

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Managing Records When Transitioning from Work to Home Alberta OIPC

Is Remote Working A Good Choice For Your Healthcare Practice? Information Managers

healthcare practice management

Going Digital: Using PrescribeIT® To Streamline Your Workflow And Modernize Your Healthcare Practice

Posted on February 17, 2022 by Jean Eaton in Blog

Using PrescribeIT Makes Prescribing Easier And More Convenient

As a family physician you have a lot of responsibilities.

One of which involves writing, and refilling prescriptions for your patients.

This task, in and of itself, is simple enough, however, there’s often much more to it.

You’re dealing with patients calling in to get a refill, or the pharmacy looking for clarity, or wanting to make a substitution.

Managing all of this can be time consuming and frustrating – but there is a better way.

Would you like to take back the time and reduce frustration in your practice?

PrescribeIT® might be the solution you’ve been waiting for.

PrescribeIT® makes prescribing easier and more convenient for Canadians, prescribers, and pharmacists. It also improves patient safety and health outcomes and protects patient privacy.

A project of the Canada Health Infoway initiative, which aims to help bring healthcare into a digital world, so that physicians can better connect with patients and pharmacies.

Benefits of Using PrescribeIT Digital Prescriptions

Paper and fax-based prescriptions are outdated, inefficient, and costly – going digital can help you reclaim your valuable time and money.

Prescribe IT® can help reduce errors in prescriptions, due to lack of legibility, and eliminate patients calling to have a script re-done because they’ve lost it.

Some of the benefits to managing prescriptions digitally using Prescribe IT® Include:

The ability to electronically generate, accept, renew, and cancel prescriptions directly from your electronic medical records (EMR) at no additional cost
Avoid errors which can arise with fax transmissions
Offers secure transmission from your office to the pharmacy – email isn’t secure, and you never know who is on the other side of a fax machine
Streamlined system for pharmacies to request refills and renewals
Enhanced patient safety and privacy

All of these benefits can be implemented with minimal changes to your current workflow processes.

Paper Prescriptions Are Inefficient

Did you that over 600 million prescriptions dispensed in Canada annually?

At a recent in-service with the Edmonton and District Clinic Managers Association, guest speaker Joelle Withers, Manager, Prescriber Relations & Deployment, Canada Health Infoway revealed the following statistics about prescriptions in Canada:

Nine percent are narcotics or another controlled drug
Over forty percent of prescriptions are handwritten
Thirty five percent of prescriptions are computer generated and taken to the pharmacy in person
Over four million Canadians have admitted to losing or damaging a prescription, including:
- 415,000 prescriptions have taken a spin in the wash cycle
- 140,000 prescriptions decided to go puddle jumping in the rain
- 88,000 of those prescriptions were eaten by dogs (tell this to every teacher who has heard the “my dog ate my homework excuse)

As a result of lost or damage prescriptions, over seven hundred thousand Canadians have decided to go without their medications, rather than calling to have a new one issued.

Finally, as many as seventy eight percent of Canadians prefer to go directly to the pharmacy right after receiving their prescription to pick up their medication.

Workflow Efficiencies

Using Prescribe IT® in your practice, allows you to electronically send your patients prescriptions directly to the pharmacy of their choice.

This will create efficiencies and save you time:

No more lost prescriptions, no more time wasted needing to redo paperwork.
No more telephone or fax tag with pharmacies – Instead, Prescribe IT® offers secure physician to pharmacy messaging.
Integration into the patient record in your EMR – you can view that the prescription is dispensed.
Patients select the pharmacy of their choice – and arrive to pick up the prescription with no waiting to drop-off and pick-up delay.
Patients who prefer a paper copy of their prescription still have this option
Prescribe IT® is approved for use with the Triplicate Prescription program.

Which Pharmacies Accept PrescribeIT?

Many pharmacies have been approved to participate in PrescribeIT including Rexall, Guardian, IDA, Shoppers, and Safeway.

I’m Ready To Try Prescribe IT In My Practice – What’s Next?

Are you ready to bring Prescribe IT® into your practice?

Let’s take a look at how to get started.

I’m Opening A New Clinic

If you’re opening a new clinic and want to use Prescribe IT®, you’ll need to follow the following steps:

Prepare your Privacy Impact Assessment which describes your organization management system and your selected electronic medical records (EMR) solution.
PrescribeIT integration is currently available with the following EMR solutions: Telus Medaccess, Microquest Healthquest, QHR Accuro (soon).
Submit your application of interest to PrescribeIT now to be ready to implement when your Privacy Impact Assessment is accepted by the Office of the Information and Privacy Commissioner (OIPC).
Once your application is approved, Canada Health Infoway will send to you a Privacy Impact Assessment for PrescribeIT that you will review, edit if necessary, and submit to the OIPC.

I Have An Existing Clinic

You can apply to Canada Health Infoway to start using PrescribeIT® in your current clinic, if

You are using one of the accepted EMR vendors, and
You have an accepted Privacy Impact Assessment for your EMR implementation.

After your application submission, Canada Health Infoway will send to you a Privacy Impact Assessment for PrescribeIT that you will review, edit if necessary, and submit to the OIPC.

Get Started with Prescribe IT® Today

Are you ready to do away with paper prescriptions?

Tired of playing phone tag with the pharmacy, or having to redo paperwork due to patients losing paperwork?

To get started with PrescribeIT®, please fill out an application of interest form HERE

Do You Need A Privacy Impact Assessment?

If you’re looking for assistance with your Privacy Impact Assessment, we’re here to help you.

Contact Information Managers today!

PrescribeIT® is registered by Canada Health Infoway. Used with permission.

digital health, healthcare practice management

Build Your Authority, Appeal, and Profit as an Author

Posted on February 8, 2022 by Meghan in Blog

Build Your Authority, Appeal, and Profit as an Author

If you have ever thought about self-publishing, becoming an author-preneur, or if you want to publish in a traditional format, Linda Stirling can help you with that!

Would you like to help family members of your patients be better prepared to support your patient after treatments?
Would you like to coach your patients in between in-person visits?
Do you ever feel that you could help more people avoid / prevent illness if they just did this one thing that you specialize in?
Do you want your patients to be more compliant with the follow-up actions that will help them patients recover faster?
Would you like more referrals from other providers to your practice?

You can accomplish these goals when you build your authority, appeal, and profits as an author.

When it comes to writing a book, people are usually in one camp or another. The first camp thinks it’s easy and the second camp thinks it’s too daunting to tackle.

The fact of the matter is that both groups need strategies and with these strategies they can be successful.

Breaking strategies down into manageable nuggets is where authors find success.

Before you even consider strategies, however, you need to think about your why. That’s where the power of success lies. Once you are clear about your why, that gives you the mental energy to complete your book.

Linda will walk you through some of the essentials for creating a profitable book that represents you well.

My Takeaways – Build Your Author Platform

We are each looking for ways to give our clients more of us without giving more of our time. When you build your author platform, you can leverage your time to support your current clients and attract your ideal clients.

You have a big message to share. Your next step is to publish your message so that the people who need your expertise can easily find and be inspired by you.

There are many steps to publish and promote your book. I hear from many entrepreneurs who have published their book – and haven’t made any sales. You need a mentor like Linda Stirling will help you navigate the tricky path to publish, promote, and profit from your book.

Linda Stirling's #1 Tip to Healthcare Practices

Know your why! Click to Tweet

Listen To The Podcast – Build Your Authority, Appeal, and Profit an an Author

Build Your Authority, Appeal, and Profit as an Author| Episode #104. Expert tips with Linda Stirling on Practice Management Nuggets Podcast For Your Healthcare Practice.

Listen here: Practice Management Nuggets Podcast

Listen To The Podcast Here

Featured Guest: Linda Stirling

Linda Stirling Can Help You Build Your Authority, Appeal, and Profits as an Author!

Linda Stirling will walk you through some of the essentials for creating a profitable book that represents you well.

Get started right away with the free A Writers Strategy Guide: Your Guide to Breaking Free, Starting Right & Keeping On Track.

Download the free guide from Linda here

Watch and Launch: An Innovative Action-Lab Training

Then, check out the Watch And Launch: An Innovative Action-Lab Training from Linda Stirling. This IS NOT just another how-to-write-a-book or how-to-publish-program.

Nothing else on the market compares to this training.

You can learn this piecemeal from multiple sources, or you can devote the necessary time to master all the techniques and create sustainable income

(a) from your novels if you’re writing fiction; or

(b) from your nonfiction sales. Plus you can make even more income if you’re using your book as a lead magnet for your other products or services.

Once you have in-depth publishing knowledge, you can create the kind of life-affecting income successful authors enjoy.

And you can do it all by devoting just two hours a month for six months to build your author platform and career.

Click here to get your Watch and Launch!

Don't forget your coupon code! Use JEANEATON for a $100 discount!

Linda Stirling has built her successful business by Guiding Writers to Prosperity and Visibility

Linda Stirling’s heart is in helping every writer she works with achieve his or her dreams, whether that’s through publishing their work through The Publishing Circle or teaching them to self-publish through The Publishing Authority.

Her coaching helped multi-award-winning author David Crow, author of the international bestseller The Pale-Faced Lie, reach sales of just under $30,000 per month with his book.

She helped author Lorena Angell take her series to an average of 60 sales per day from its previous 6 per day; sell her work in 47 countries, and rank alongside authors such as Stephen King, and George R.R. Martin of Game of Thrones success.

Stirling also got the series optioned for film and television.

Many of the authors she’s published have achieved international acclaim.

“When we know better, we can we do better.”

I help healthcare practices with practical tips, tools, templates and training to help you in your career and help you to start, grow, or fix the business of a healthcare practice.

Affiliate Compensation: From time to time, I promote, endorse, or suggest products or services of others. In most cases, I will be compensated – either as an affiliate with a commission based on sales, or with a free product to review or use. My recommendations are always based on (i) my personal belief in the high quality and value of the product or service, and (ii) my review of the product or service, or a prior relationship or positive experience with the sponsoring person or organization.

Jean L. Eaton, Your Practical Privacy Coach with Information Managers Ltd.

#PracticeManagementNugget, author, content writer, healthcare, healthcare business, podcast, profits, self-publishing

Data Privacy Day 2022 Events and Resources For You!

Posted on January 25, 2022 by Jean Eaton in Blog

Data Privacy Day 2022 Events and Resources for You!

Data Privacy Day is an internationally recognized day dedicated to creating awareness about the importance of privacy and protecting personal information.

That means a lot to me and I think it means a lot to you, too. I think it is important that we give our patients and clients the gift of privacy. And that we have the right tools and resources for our employees to make good privacy and security decisions in our businesses.

Information Managers Ltd. is a Data Privacy Champion!

As a DPD Champion, Information Managers recognizes and supports the principle that organizations, businesses, and government all share the responsibility to be conscientious stewards of data by respecting privacy, safeguarding data, and enabling trust.

Each of us is responsible to manage our name and our identity. When you share your personal information, you have the right and responsibility to ask the person or business why they need the information and how they will protect your personal information.

Jean L. Eaton

Your Practical Privacy Coach, Information Managers Ltd.

You can be a Data Privacy Day Champion, too! Follow this link and complete the Organization Champion Form with the National Cyber Security Alliance.

Data Privacy Day Activities

5 Steps To Prevent Employee Snooping

SAY NO TO SNOOPING!

If an individual affiliate knowingly breaches the privacy and security of health information, and the custodian can demonstrate that reasonable safeguards (including privacy awareness training) were in place, the individual affiliate can be charged under the Health Information Act. Fines of up to $50,000 may be applied to the individual, in addition to other sanctions from their employers and/or their professional regulatory colleges where applicable (HIA s.107).

What Is Snooping?

Looking at someone’s personal information without having an authorized purpose to access that information to do your job is known as ‘snooping’.

Even when you are “just looking” at personal information but don’t share that information with anyone else, this is still a privacy breach.

It is illegal.

Snooping incidents are on the rise and can cost you time, money, heartache, and headache in your practice.

When there is an offence under the privacy legislation like the Health Information Act, there may be an investigation, charges and court appearances, fines, penalties, and loss of employment.

Snooping is entirely preventable.

How Can You Prevent Employee Snooping?

Let’s take a look at the pro-active steps that you can take today to prevent employee snooping.

Download the Practice Management Success Tip 5 Steps to Prevent Employee Snooping

The Practice Management Success Tip, 5 Steps to Prevent Employee Snooping, will help you

Take 5 practical steps to prevent employee snooping.
Provide clarity about what is considered a privacy breach.
Contribute to the health information privacy compliance in your healthcare practice.

Download 5 Steps to Prevent Employee Snooping HERE!

I Heart Privacy!

Just in time for Data Privacy Day! Print badges for your team.

Right-click the image and select ‘Save As' to download and insert the image into your favourite templates to make badges or stickers or labels.

Or, use the done-for-you sheet of labels that you can print right away and slip into badge holders or print to stickers or labels.

You can even customize the labels and add your business name!

Get the label sheets using the buttons below.

I Heart Privacy Badges with Data Privacy Day logo

I Heart Privacy Badges

Protect Your Organization and Your Patients With a Privacy Awareness Quiz

Equip your staff with the information they need to confidently and correctly handle personal health information.

Healthcare businesses need privacy awareness training to support key policies and procedures, and risk management programs need a privacy awareness training program.

Reasonable Safeguards

As an employer and healthcare provider, you are responsible to provide training to all of your employees about privacy awareness.

If you don't provide the training, or if the employees don't understand the policies and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties, including fines and even prison!

Patients value the privacy and security of their information.

Healthcare providers and clinic managers value privacy and security, and they value not having adverse results as a lack of compliance or patient safety issues.

Patients trust their healthcare providers with their sensitive, personal, and financial information.

If patients don't feel that the healthcare provider will keep their information confidential and secure, patients may choose not to share their information, which may impact their healthcare and treatment.

When we are privacy aware, we can better respond to patients' questions and build their trust in the quality of services that we provide.

Download the Privacy Awareness Quiz to use today to train your employees and protect your patients' health information.

Download the Privacy Awareness Quiz!

Privacy Protection In The Pink Seat with Dr. Angela Mulrooney & Jean Eaton

While privacy is not technology driven, the lack of privacy, perhaps, is impacted by technology.

Many dental practices are overwhelmed with creating and implementing privacy and security policies and procedures and how to prepare a privacy impact assessment.

Angela and I discussed practical privacy tips for your dental practice to help reduce the overwhelm.

These tips apply to all types of healthcare practices.

“Talk Shop – Protect Your Business from Information Breaches”

Jean Eaton is a guest on Lauren Sergy's “Talk Shop” YouTube channel.

Talk Shop: learn from industry experts to be a better communicator in work and in life, hosted by @lsergy. Privacy tips for business owners, just in time for Data Privacy Day!

For more Data Privacy Day resources and events from the National Cyber Security Alliance, click the button below!

Visit the National Cyber Security Alliance - Data Privacy Day website

Stay Safe Online

For more information about how to get involved in Data Privacy Day and the Champions program, visit https://staysafeonline.org/data-privacy-day.

You can also follow the campaign on Twitter at @StaySafeOnline or Facebook at https://www.facebook.com/DataPrivacyNCSA and use the official hashtags #PrivacyAware and #DataPrivacyDay to join the conversation.

Please use the social share buttons to share these Data Privacy Day activities with your friends and colleagues.

Follow Us On Social Media!

I share privacy tips and free links to additional resources on social media accounts that you can download and use right away!

Follow Us Here:

#DataPrivacyDay, #PrivacyAware, Data Privacy Day, Data Privacy Day Champion, Data Privacy Day Edmonton, healthcare

Virtual Healthcare Privacy Lessons

Posted on January 14, 2022 by Jean Eaton in Blog

Virtual Healthcare Privacy Lessons

You've probably heard about the Office of the Information and Privacy Commissioner (OIPC) investigation report into Babylon Health. The investigation report provides privacy guidance for vendors of virtual health solutions and the healthcare providers who use the digital health solutions. This is a great demonstration on why it is so important to ensure that you have current information management agreements with your vendors. Jean Eaton shares tips to help you keep your vendor agreements current and explains why it is important to the protection of patient information and the reputation of your business.

The OIPC issued its findings and recommendations after investigating the Babylon by Telus Health app under HIA. There were eight findings and 11 recommendations made in this investigation.

The recommendations from the Babylon Health Investigation Report can be used to guide healthcare providers, clinic managers, privacy officers, and vendors to develop and implement virtual healthcare solutions in your practice.

In the Practice Management Nuggets Podcasts, Jean Eaton reviews the investigation report and offers practical suggestions that you can use regarding

• key criteria when reviewing (or preparing) your privacy impact assessment (PIA)
• policies, procedures
• information management agreements (IMA)
• privacy and security awareness training
• data storage outside of Alberta

Read the investigation report here: H2021-IR-01 Jul 29 2021Babylon Health Canada Limited et al

Listen To The Podcast

Lessons From The Babylon Telus Health OIPC Investigation Report | Episode #103

Expert tips with Jean L. Eaton on Practice Management Nuggets Podcast For Your Healthcare Practice.

Listen here: Practice Management Nuggets Podcast

Listen To The Podcast Here

If you need virtual care policies, procedures, sample consent notices, risk assessment, and do-it-yourself PIA templates, I can help you with that!

Virtual Care and Remote Working Privacy Impact Assessment on-line course.

PIA Templates for Remote Working and Virtual Care

#PracticeManagementNugget, podcast

Use These Reports To Improve Privacy Compliance

Posted on December 29, 2021 by Jean Eaton in Blog

Use These Reports To Improve Your Privacy Compliance

Investigation reports of privacy breach incidents helps to inform and update policies, procedures, and risk assessments can be used by privacy officers, clinic managers, and healthcare custodians to improve privacy compliance in their healthcare practice.

Recent publications by the Alberta Office of the Information and Privacy Commissioner (OIPC) and the College of Physicians and Surgeons of Alberta (CPSA) are great resources.

We can use these real-world examples to improve our current practices to protect the privacy, confidentiality, and security of personal health information and to protect personal health information from unauthorized access, use, disclosure, and loss.

Alberta OIPC Annual Report

In the Alberta OIPC Annual Report 2020-21, Jill Clayton, the Privacy Commissioner, noted that ‘this past year was a year like no other for access to information and protection of privacy in Alberta as the COVID-19 pandemic raised new challenges for regulated stakeholders and my office.’

Work from home mandates impacted how organizations responded to access to information requests and the security of personal information as employees shifted to remote work. The OIPC received over 150 privacy impact assessments (PIA) and notifications about the implementation of new virtual care (or telemedicine) projects.

Overall, the OIPC reports that there was a 31% increase in the number of PIAs that they had received over the previous years. The healthcare sector may not have applied the usual rigour to assess new virtual care solutions as has been previously applied to, for example, EMR implementation. The urgency of the pandemic may have triggered this weakness, but it's something that now we should be able to do better.

There were 930 breaches reported by health information custodians to the OIPC in 2020-21, representing a slight decrease from 2019-20 (938). There were four convictions under the Health Information Act (HIA) for unauthorized access to health information in 2020-21.

Download the Annual Report from the OIPC here

CPSA Virtual Care Standards of Care

The Alberta College of Physicians and Surgeons (CPSA) released on December 20, 2021, its updated Virtual Care Standards of Practice. This was previously released as telemedicine standards.

Download the CPSA Virtual Care Standards of Care here.

I want to highlight a few things that have changed and a few things that we should know about already. The standard provides clarity about physicians who can provide virtual care services for Albertans. A physician who has been licensed to practice and provide care in Alberta, with some exceptions. Other healthcare providers outside of Alberta should not be providing virtual care to residents of Alberta.

The standards also provide guidance on the procedures that a regulated member providing virtual care must follow, including Standard #8:

provide the patient with their name, location and licensure status during the initial virtual care encounter;
take reasonable steps to confirm the identity and location of the patient during each virtual care encounter;
confirm the patient’s physical setting is appropriate given the context of the encounter and ensure consent to proceed, in accordance with the Informed Consent standard of practice;
offer the patient the opportunity for in-person care; and
ensure there is a plan in place to manage adverse events or emergencies and make patients aware of appropriate steps to take in these instances.

The standards also remind physicians that prior to implementing new virtual care technologies or practices, that you must prepare a PIA. This applies even if you are ‘just’ using telephone to provide virtual care.

PIA Remote Working and Virtual Care Templates

Last year, Information Managers created a virtual care privacy impact assessment package which includes template policies, procedures, implementation tips, and privacy training. This follows the requirements from the standards from the CPSA and the HIA.

The PIA Remote Working and Virtual Care Templates provide you virtual care procedures, workflow, tips, and Privacy Impact Assessment templates that you can quickly and easily download and customize for your healthcare practice. The training provided will help you to assess privacy and security options to assist you to select the best technology solution for your needs. Then, use the Privacy Impact Assessment templates to document your decisions and submit to the OIPC.

Yes! I Want Virtual Care Templates

privacy compliance