Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Improve Your Healthcare Practice Security With Audit Logs

Posted on March 15, 2023 by Jean Eaton in Blog

Sharing is caring!

0 shares
  • Share
  • Tweet
  • LinkedIn
  • Email

How to Improve Your Healthcare Practice Security With Audit Logs

When was the last time that you reviewed your access logs in your healthcare practice?

 

In our policies, procedures, risk assessments, and privacy impact assessment submissions, we indicate the reasonable safeguards that we expect to implement in our practices to protect the privacy and security of health information.

But policies and good intentions alone isn’t enough.

We also need to take action on our policies.

We have tools, like audit logs, available to us. Audit logs of our computer and software systems are available to monitor users who have accessed the system and the information contained in the systems.

Audit Log Image

Audit logs monitor and records the transactions of users’ activities in your computer network and your electronic medical record (EMR). It is an automated, real-time recording of who did what, and when, in your system.

For example, when a user logs in to your computer network at the beginning of the work day, the user name, date, time, and perhaps the workstation identifier is recorded in the audit log.

When the user logs into the EMR and creates, views, modifies, or prints from a specific patient record, each activity is recorded in the audit log. In this way, the audit log records both the activity of each user and, in each patient’s electronic medical record, who has accessed that patient’s health information.

You MUST implement, use, and monitor your audit logs

The regular review of the audit logs can demonstrate that the administrative, technical, and physical safeguards that we implement to protect the health information, our people, and our assets are working. Review of audit logs can also identify weaknesses so that corrective action can be taken to improve our privacy and security strategy.

For example, when you review your audit log, you may see that an employee (authorized user) is accessing the EMR after clinic hours. When you investigate, you find out that the billing clerk is doing the billing submission from home.

This might be OK in your healthcare practice (or not). But, now you know what is happening iin your clinic EMR after hours and you can take appropriate action.

 

Audit Logs Are Valuable Metadata

Taken from a different point of view, the audit log provides important additional information, or metadata, about the care and treatment of the patient. Knowing who created a clinic note, wrote a prescription, or reviewed a test result provides a story about the care that the patient received. For this reason, the audit log of the EMR is usually required by legislation to be maintained for the entire retention period of the patient’s record. This is generally 10 or more years for adult patients and longer if the patient was a child at the time that they were a patient or client in your practice.

 

How You Can Use Audit Logs to Improve the Security of Health Information In Your Practice

Snooping, or viewing someone’s health information for an unauthorized use, is not uncommon in healthcare. Snooping is always a breach of confidentiality and trust that our patients give to us.

Sometimes, snooping is because someone is concerned or curious about a family member or friend and don’t intend to do anything ‘bad’ with that information.

We also know that people will sometimes access information for malicious means – that is,  using a ‘criminal intent’ or to be mean or disparaging to the individuals involved.

Say No to Snooping

When you regularly review your audit logs, you

  • Create a deterrent to all users to check something out ‘just this once, no one will know’.
  • Find potential threats or weaknesses in your current systems that you can improve to better mitigate your risks.

Custodians have an obligation to ensure reasonable safeguards to protect the privacy and security of health information. This means having appropriate policies and procedures in place and demonstrate and document that you have implemented your plans.

 

Action Steps That You Should Do Now

Use these points as a checklist to help you start using your audit logs to improve security in your healthcare practice.

  • Computer Network System Audit Log
    • Ensure that your computer network system has audit logging enabled.
    • Access and review your audit log. Don’t skip this step! Don’t assume that your audit logging is properly set up. You must discover how to access the audit log and record the procedure so that you can quickly access the audit log in the event that you have a privacy and security breach or routine security audit.
    • Determine how long your audit log information is accessible or retained. Is it included in your routine backup files? Legislative retention requirements differ but you probably want to keep the audit logs accessible for six months or longer.
    • Can you automate an audit log reporting tool to make it easier to review your audit logs regularly? Who in your healthcare practice is responsible to do this?
  • Electronic Medical Records (EMR) / Electronic Health Records (EHR) System Audit Log
    • Most health information legislation and regulations now require EMR / EHR to include an integrated audit log / access log. Confirm that you have enabled your EMR / EHR audit log.
    • Access and review your audit log. Don’t skip this step! Don’t assume that your audit logging is properly set up. You must discover how to access the audit log and record the procedure so that you can quickly access the audit log in the event that you have a privacy and security breach or routine security audit.
    • Determine how long your audit log information is accessible or retained. Is it included in your routine backup files? Legislative retention requirements differ but you probably want to keep the audit logs accessible for as long as you retain the entire patient record – generally, 10 or more years years.
    • Can you automate an audit log reporting tool to make it easier to review your audit logs regularly? Who in your healthcare practice is responsible to do this? Check out the Practice Management Nuggets Podcast

      How AI Improves EMR Auditing | Episode #094 with Rob Pruter from SPHER.

    • User activity recorded in an audit log is often visible to subsequent EMR users when they access a patient record. In the course of routine workflow, users may observe and question inappropriate access to an individual patient record. Instruct your users to notify the clinic manager or privacy officer if the audit log indicates a suspicious activity.
    • Include the review of audit logs as part of your routine privacy and security monthly audit.

Click the link below to get your copy of the audit templates and the training video!

I Want the Audit Templates to Improve Privacy and Security!

Are you already a member of Practice Management Success?

The instructional video and Privacy and Security Monthly Audit Template is already in your membership!

Click the button now to go to the membership to access your resources.

Go to my Practice Management Success membership

 When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

audit log, EMR, health care, healthcare practice, medical, reasonable safeguards

5 Strategies for Writing Engaging Social Media Posts for your Practice with Guest Expert Kayla Das

Posted on February 27, 2023 by Izza Nuguit in Blog

Strategies for Writing Engaging Social Media Posts for your Practice with Guest Expert Kayla Das

Are you a new clinic owner and wondering if social media marketing is for you?

Maybe you have been dabbling into social media marketing but now you are feeling overwhelmed?

Or, maybe you have an established social media presence but you want to learn new ways to get social media engagement.

In this Episode #109 of the Practice Management Nuggets Podcast For Your Healthcare Practice, guest expert Kayla Das of Evaspare Inc. provides 5 strategies for writing engaging social media posts for your practice!

Why Is Using Social Media Important?

​Kayla Das believes that the purpose of social media marketing is to inspire, entertain and to give more than you try to sell.

People are on social media because they want to be taken away temporarily from their day so they are much more likely to click on things that inspire, entertain or provide them some type of guidance and support.

After they gain trust with what you have to say you’ll be the first person they think of when they need professional support.

Interview Right to Hire Right Nelson Scott #1 Tip
Interview Right to Hire Right Nelson Scott #1 Tip

Kayla's #1 Tip

​“My number #1 tip for clinic managers about social media marketing is when you are starting out is to start small. Choose only one or two social media platforms. You do not need to be on every social media platform to get engagement. Start with a social media platform that you are familiar with and that you believe that your ideal client uses.” – Kayla Das

Listen To The Podcast

​5 Strategies for Writing Engaging Social Media Posts for your Practice | Episode #109

Listen to the Practice Management Nuggets for Your Healthcare Practice podcast. Get practical practice management, and privacy tips to help you start, grow, and improve your healthcare practice. If you are a clinic manager, team lead, healthcare provider or practice owner, these practical tips will save you time and money. 

I help you manage the pink elephant in the room. 

Listen here: Practice Management Nuggets Podcast

Listen To The Podcast Here
social media engagement for healthcare providers Kayla Das contact
engaging social media templates Kayla Das

Featured Guest: Kayla Das, Evaspare Inc.

Kayla Das is a Social Worker and Business Coach for therapists and coaches. Kayla works with therapists to:

  • create a strong private practice foundation based on values;
  • develop marketing strategies that are authentic and generate profits; and
  • establish business systems and processes that are designed for practice sustainability.

Would you like more social media and business strategy tips from Kayla?

Pop over to the podcast show notes here to listen to the podcast!

Be sure to grab Kayla’s gift to help you create engaging social media images.

You may also be interested in:

Social media is about creating a strong digital presence and building relationships – with your clients, with employees and new recruits, and with other colleagues and allies in your field.

If you decide to use social media in your business, you need clear rules about who will authorize messages. You also need a strong social media policy to provide direction and education to your employees about what they can – and can’t – say on-line.

Social Media Practice Management Success Tip – Social media policies, procedures templates to help ensure a professional and privacy compliant presence online while also positively representing and supporting your business brand.

social media management practice management success tip

#PracticeManagementNugget, engagement, podcast, social media, social media post

Build a Strong Privacy Management Program for Your Clinic with These 5 Critical Modules

Posted on February 23, 2023 by Izza Nuguit in Blog

Build a Strong Privacy Management Program for Your Clinic With These 5 Critical Modules

Many privacy officers in small healthcare practices have other roles—as a clinic manager, healthcare provider, computer network technician, or business owner. It is little wonder that new privacy officers can feel overwhelmed when trying to balance these responsibilities every day.

But that's not the end of the problem. It actually gets worse!

You could continue to –

😮 Panic when a patient asks for their information for access or correction.

😔 Scramble when new employees and healthcare providers join your clinic . . .and suddenly realize that you never got around to providing privacy and cybersecurity awareness training.

😯 Hope that your practice will not be tapped on the shoulder for a practice review by your college or the OIPC.

🤐 Ignore privacy breach and hope no one else notices.

😒 Avoid difficult decisions with your owners / staff who insist on doing things their way – even when it is not privacy compliant.

😞 Never get ‘review privacy impact assessment’ and ‘review privacy policies and procedures’ off of your to-do list.

😥 Avoid discussing privacy and security with your EMR and computer networks managed service providers because you are unsure of what questions to ask and what types of answers you should receive.

If you don’t have a written privacy management program and action plan, you are missing the systems to monitor routine tasks that will protect privacy and alert you to potential problems before they become privacy and security incidents.

Carrying out the duties of a Privacy Officer correctly is vital to ensure your organization is safe from the consequences of a big privacy breach.

But did you know that those organizations who have a privacy officer and a privacy management program are:

  • Less likely to have a privacy or security incident
  • Increased staff satisfaction
  • Increased patient satisfaction and outcomes

We Know That Privacy Is Good For Business

​We know that having policies, procedures, and systems in place will improve your privacy compliance in your organization and help you make good business decision.

When we have consistent practices in place, it improves communication and prevents a multitude of problems.

I’d like to share with you what I believe are the 5 critical modules of a privacy management program

The 5 Modules of a Strong Privacy Management Program for Your Clinic includes

  1. Know Your Obligations
  2. Train
  3. Privacy Breach Management
  4. Document
  5. Access and Disclosure

We expect organizations which collect, use, or disclose health information to have key components of a privacy accountability program. These include:

Every healthcare and private organization that is subject to privacy laws must comply with them. A comprehensive privacy management program provides an effective way for organizations to create a culture of privacy in their practice, practice accountability for the collection, use, disclosure, and access of personal information, and show compliance with regulations.

Module 1—Know your Obligations

​Key accountability for your privacy management program starts with your healthcare provider(s). These are also known as “custodians”. They are ultimately responsible for the privacy, confidentiality and security of personal health information (PHI).

The key healthcare provider—physician, dentist, chiropractor, nurse—can assign or delegate a key person who is accountable to the custodian to implement and monitor a privacy management program. This is often known as a privacy officer. In many smaller healthcare practices, the clinic manager or practice manager is also the privacy officer.

The business owner (who might also be the healthcare provider) also has obligations to follow the privacy laws as it relates to the privacy of personal information of employee, customers, and general business information.

The healthcare provider, business owner, and privacy officer form a ‘trifecta’ of authority and responsibility in your practice to ensure that you comply with privacy legislation, professional standards of practice, and contractual commitments.

Knowing your obligations includes clear authority and accountability in your practice, identifying what identifying information that you have in your practice, and understanding how privacy legislation guides your business. Your privacy officer and custodians may require training in these areas to better understand their obligations.

Module 2—Training

​Training is an important component of your privacy management program. The privacy officer in your organization ensures that privacy awareness, cybersecurity, and privacy breach management are provided in your healthcare practice.

There should be both a formal and an informal training plan. A pre-planned privacy awareness training must be available for everyone in your organization, including new and seasoned professionals. It is critical that you can provide and document that everyone in your organization completed consistent common training.

We can provide informal training throughout the year. For example, have a standing agenda item during your staff meeting to do something consistently for everyone in the organization throughout the year. Leverage activities like Data Privacy Day, Change Your Password Month, Cybersecurity Awareness Week to provide a variety of content.

A frequently missed trigger for additional training happens when an employee is promoted to a new position. This is a great opportunity for the privacy officer to meet with the employee and discuss their new role and how their responsibility, for example, of authorizing new users or supervising employees contributes to the confidentiality and security of PHI.

Remember to document who attended the training opportunities and keep copies of the training content to show your actions to protect privacy.

Listen to the podcast How To Keep Privacy Awareness Top Of Mind | Episode #093 for more tips and resources to help you plan training throughout the year.

Module 3 – Privacy Breach Management Plan

​Ensure that a written privacy breach management procedure is part of your overall privacy management program. The privacy officer will document your privacy breach management policies and procedures, sanctions policies and procedures, and train all employees to identify a privacy breach and report it to their supervisor. The privacy officer will manage a (suspected) privacy breach and ensure notification to their custodians, individuals affected by the breach, and others as needed.

The privacy officer will manage mandatory privacy breach notification requirements under the health privacy legislation like the Alberta Health Information Act (HIA), Ontario Personal Health and Information Protection Act (PHIPA) and the Personal Information Protection of Electronic Documents Act (PIPEDA) and other province’s legislation.

See Understanding a Privacy Breach for more tips.

Module 4—Document

​I think most people in healthcare are familiar with the adage, “If it is not documented, it didn’t happen.” This applies to your privacy management program, too. Your program should include written:

  • Health Information Privacy and Security Policies, Procedures
  • Risk Assessment – Safeguards
  • Practical Privacy Review
  • Privacy Impact Assessment
  • Information Management Agreement
  • Information Sharing Agreement
  • Successor Custodian
  • Training plan

These actions will help you protect the PHI of your patients and your business. They help to demonstrate your compliance with your privacy and security obligations. Review and update these key documents annually.

See Privacy Impact Assessment for more tips.

Module 5 – Access and Disclosure

​When you collect PHI from patients and PI from employees and customers, you must ensure that they can access, correct, and authorize disclosure of their information.

Release of information (ROI) policies and procedures is a critical module of your privacy management program. Your privacy officer is tasked with ensuring that your ROI plan is written, understood, includes specific training to your employees, and follows legislated standards and professional college standards of practice. When you meet your ROI obligations, you avoid complaints and breaches, work efficiently, and improve the trust of your patients.

Struggling to Learn Your Role As A Privacy Officer On Your Own?

If you are a privacy officer in a healthcare practice who needs practical privacy management strategies to protect your patients and your healthcare business but aren’t sure how to get started, register for the Practical Privacy Officer Strategies training here.

The training starts on February 28, 2023.

Not sure if this is for you?

Send me an email and ask me! I'm happy to mentor you and help you assess your practice management and privacy compliance priorities.

Listen to the replay of my recent LinkedIn Live Event here.

Clinic Privacy, Data Privacy, Healthcare Privacy, privacy compliance, privacy management

In Case Of Emergency, Is Your Healthcare Practice Prepared?

Posted on February 14, 2023 by Jean Eaton in Blog

When you collect, use, or disclose personal health information, healthcare providers have a duty to protect records, even during an emergency. A disaster response plan includes protecting personal information against threats and a plan to quickly resume access to patient’s health information.

We can expect disruption to our business and be prepared to

  • Preserve the safety of our employees, our patients, and our community, and
  • Ensure the continuity of health services to our patients, and
  • Mitigate the financial risks to the business.

Business continuity planning and disaster response planning are key steps in preparing for an emergency. These activities often overlap, but their focus is different.

Business continuity focuses on keeping the lights on and the business open in some capacity during an emergency, while disaster response planning focuses on getting operations back to normal. (See “Business Continuity vs Disaster Recovery: 5 Key Differences” from the University of Florida for more information.)

No matter how large or small your health care practice legislation, regulation, and business common sense tells us that we need a disasterresponse plan to protect the safety and well-being of your patients and your employees. You can re-purpose the emergency response plan to develop a business continuity plan. Just make sure you focus on the people, process, facilities, and technology assets your organization needs to function normally.

Prepare your business continuity plan before you open your health care practice. It would be bad luck to have an emergency right away but, if you are prepared, it doesn’t have to be a disaster.

Start Your Business Continuity Plan

Your owner and the management team of your healthcare practice should be the champions of developing a business continuity plan in your practice. You might also include information technology support, human resources, building maintenance, media spokesperson, and risk management advisor. It’s a good idea to set up a project plan, identify project objectives, and set target dates for completion of the assessment.

Risk Assessment – Assess Your Office’s Critical Functions and Assets

Conduct an initial assessment of your practices’ critical activities and systems. The assessment sets a baseline that will help identify what is needed to move your organization to a place where everyone on staff is prepared to respond quickly and efficiently to a potentially disruptive event.

Then, identify potential threats to your critical functions and assets. Determine which events are most likely to happen. Use these events as your starting point to create a detailed written plan. You will have greater success in preparing to lessen the harm of an event if your team can envision that it might happen to you in the next five years.

Disaster response plan Potential threats to business continuityYour list of critical activities helps you identify the mission-critical functions of your practice that must be protected and recovered and the employee positions that must be maintained. Knowing this helps you determine your priorities for your next steps.

Resources to Help You

There are many resources available to you to help you with your plan. Check with your local municipality for emergency preparedness response plans, checklists, and contact information. Print hard copies of the documents and keep in an easily accessible location in your office. Your professional associations and insurance companies are also great resources. For example, Alberta Netcare provides a ‘Clinic Business Continuity Plan Guidelines’ (January 2015).

What Can You Do Now To Prevent an Emergency

Build redundancy into your daily operations. Consider your key activities and ensure that you have an alternate plan. Name each key function and determine an alternate equipment or service provider.

For example, if your electronic medical record (EMR) or practice management software is ‘in the cloud’, you will need to use an internet connection to access your data. If your internet service provider (ISP) is down, do you have a fail-over solution so that you can smoothly switch to an alternate ISP? You might be able to use your cell phone and cell phone connection to your EMR for a little while, but could you run your busy practice from your cell phone for long?

Many of us have a list of phone numbers and contact information on our phones for people that we might need to call in case of emergency. But, if you lost your phone or your computer network, do you have a paper list of your contacts? These simple steps can help you to resume business operations as quickly as possible.

A good computer backup will help to prevent loss of data and help you to recover access to your data quickly. For more information, see Can You Restore Your Business Using Your Computer Backup?

Develop the Disaster Response Plan

The Disaster Response Plan is a step-by-step plan for responding to the emergency event. Include how you are going to make decisions and who has the authority to make decisions. For example, who will decide to open (or close) your practice? Who will authorize overtime and immediate expenses? Do you have an alternate person who can authorize decisions and expenses, too?

Make sure the plan is fully documented, both in hard copy and electronic formats.

Identify the strategies you’ll take to protect your patient/clients, employees, and mission-critical resources. This might include backing up or moving to another location followed by recovering the equipment and information and returning them to normal operations. Include a detailed evacuation plan that each of your employees can access both at work and from their home.

Include detailed phone and contact lists. Make sure the plan is fully documented, both in hard copy and electronic formats.

Locate and have on hand some ‘old school’ technology like land-line telephones, battery operated radios and flashlights.

Practice the Plan

Effective disaster response and business continuity plans requires practical training. Exercise the plans periodically to ensure they work as designed and you can recover critical systems and return operations to normal. Conduct a business continuity and technology disaster scenario at least quarterly. When you vary your scenarios, you will reinforce key core emergency recover plan principles with each scenario and test a variety of plans.

Include emergency communications, awareness and training and coordination with public authorities.

A business continuity plan in your practice is critical to protect your employees, patients, and your business to be prepared for a crisis. Your goal is to recover your health care practice to where it can provide patient care and support its clinical and administrative teams in a “business as usual” manner.

What Will You Do to Improve Your Disaster Response Plan?

Do you want more tips and resources like these – for FREE?

Join Anne Genge and I for the “Ask Me Anything” style webinar for healthcare professionals, practice managers, privacy officers, and owners on Friday, February 17, 2023 at 1pm EST.

Anne is the founder of Myla Training Co., and a multi-certified cybersecurity expert with global awards for her work in cyber risk management, ransomware prevention, as well as cybersecurity education for healthcare providers.

This month, we will be sharing disaster recovery tips for your practice.

It’s free to attend.

Once you register, you’ll have access to the Zoom link on the day of the event.

business continuity plan, disaster plan, emergency preparedness, incident response plan

The True Cost of Hiring Mistakes and How to Avoid It

Posted on February 2, 2023 by Izza Nuguit in Blog

The True Cost of Hiring Mistakes and How to Avoid It

Hiring mistakes can have a significant impact on your healthcare business. Nelson Scott reminds us that we are hiring an employee not just to fill today’s vacancy, but potentially hiring an employee who will be our co-worker for the next ten years. It makes sense to take the time necessary to be prepared to hire the right employee. [See: Interview Right to Hire Right with Guest Expert Nelson Scott | Episode #108]

Otherwise, you may pay the direct and indirect costs of your hiring mistakes summarized below.

What is the Cost of Hiring the Wrong Person?

​Have you ever made a mistake and hired the wrong person? You are not alone. In fact, the CareerBuilder reports that:

75% of employers believe that they hired the wrong person for a position

and ended up losing an average of $15,000 for every hire.

So, what makes up the cost of your hiring mistake? Here are common direct and indirect costs.

Time and Effort

​When hiring the wrong person, immense amounts of time and effort are wasted. Not only does it take a considerable amount of time to interview and recruit candidates, but the hiring process itself can take up to 42 days or more. From there, the wrong hire can cause a drop in productivity and lost time in recruiting and training new personnel.

Decreased Morale

 

Lady healthcare poor morale hiring mistakes ​

 

 

 

 

 

 

 

 

Hiring the wrong person can have a significant effect on morale and team dynamics. The National Business Research Institute found that 37% of companies who reported bad hires claimed it impacted employee morale, and 18% reported it had a negative impact on client relations. Bad hires can cause good employees to be overworked and resentful, leading them to consider looking for alternative employment.

Loss of Productivity​

Hiring the wrong person can have a significant negative impact on an organization's productivity because of the lost time and effort spent on recruiting, training and managing the employee, as well as the potential for distracting the team, lowering morale, and damaging customer relationships. The poor performance of one employee can cause the rest of the team to put in extra effort to make up for it, leading to burnout and frustration.

Training Costs​

Hiring the wrong person can be a costly mistake, with the financial costs ranging from recruitment advertising fees, staff time spent on recruitment processes, salary payments, costs of education and training, and costs of rehiring.

With training costs, it's important to consider the investment of both time and money. An average new hire takes 3 months to become productive. During this time, they need extensive training to get the replacement up to speed on the company and the job. This involves the time of several individuals, and can be a considerable expense.

The cost of hiring—again–a new employee and then training them can be double what it would have cost to hire the right person the first time.

Reduced Quality​

Hiring the wrong person can have a significant impact on quality. The employee may not have the required skills, resulting in mistakes that can be detrimental to the company's reputation and lead to a loss of customers. Poor employees may be habitually late to work or miss days, which affects on the efficiency of the clinic operations and patient satisfaction reviews. The wrong person can cause a drop in employee morale and productivity, as well as disrupt team dynamics. In extreme cases, it can damage reputational relationships and advertising. In this way, a hiring mistake can impact your healthcare practice’s quality standards.

Expenses Associated with Recruiting​

The expenses associated with recruiting can include writing a great job posting, paying job search websites to post a job ad, screening resumes for the right work experience, reaching out to passive and active candidates, following up with qualified applicants, scheduling and conducting interviews, performing background checks, negotiating annual salary, sending offers to candidates, and waiting on candidates to decline or accept an offer.

Loss of Reputation

 

Male healthcare reputation​

 

 

 

 

 

 

 

 

Losing reputation associated with hiring mistakes can have a significant effect on the cost of hiring. If they perceived a business to have bad hires due to negative reviews, disgruntled former employees, or poor customer service, it can lead to a drop in patient satisfaction, referrals, and reputation. If your healthcare practice has a rotating door of new employees, your reputation can make it harder to recruit excellent candidates.

The Financial Cost​

In hiring the right person for a job, it is important to consider the financial cost of hiring the wrong person. We often estimate that the cost of a bad hire can be up to 2.5 times the salary of the employee.

Interview Right to Hire Right​

Hiring the right person for the job is one of the biggest tasks for a manager. It is important to invest in the right person for the job to ensure a successful hire and avoid the cost of hiring the wrong person. That's why it is so important to take the necessary steps to reduce the chances of a bad hire and make sure that you are getting the right people for the job.

In a recent Practice Management Nugget Podcast for Your Healthcare Practice episode, Jean L. Eaton interviewed Nelson Scott. Nelson is an expert in hiring employees and a coach for managers who need to be better prepared to manage employes. You can listen to the podcast episode #108 here: Practice Management Nuggets Podcast

9 Steps to Hire (and Keep!) Employees in Your Healthcare Practice ​

It takes time to prepare to recruit, interview, hire, orientate and maintain the right employee for your healthcare practice.

And a little help from a friend (or a Jeannie 😊) is appreciated!

The 9 Steps to Hire provides a comprehensive guide to the entire hiring process, from the job description to onboarding. It goes further than just understanding the cost of a bad hire, and provides tangible steps on how to make sure the right people are hired. It’s a must-read for any healthcare practice looking to hire new employees.

Check out our templates and training available to you right away!

See: 9 Steps to Hire (and Keep!) Employees in Your Healthcare Practice.

If You Need Somebody Now

Many practices appreciate the importance of hiring the right person. But, they may not have the luxury of the time. They need someone to do the job now.

A virtual medical office assistant and virtual receptionist might be an excellent solution for your healthcare practice.

Read the article here, How Virtual Medical Office Administration Services Can Help Your Healthcare Practice With Kyle Sherritt

References

Career Builder. How Much Is That Bad Hire Costing Your Business? DECEMBER 7, 2017 

Enkel. The True Cost of Hiring a New Employee in Canada Omar Visram / CEO and Co-founder Enkel. June 24, 2021

Hubspot. Replacing a single employee costs from 16 to 213 percent of annual salary. 

hiring

Interview Right to Hire Right with Guest Expert Nelson Scott

Posted on January 30, 2023 by Izza Nuguit in Blog

Interview Right to Hire Right

Do you feel that you are “unlucky” when making hiring decisions?

Have you ever hired someone and then within a few days realized that this isn’t the right fit?

Would you like to avoid common hiring mistakes?

Would you like some tips on how to improve your hiring process?

Hiring the right person for the job is one of the biggest tasks for a manager. It takes time and preparation to conduct effective interviews.

In this Episode #108 of the Practice Management Nuggets Podcast For Your Healthcare Practice, guest expert Nelson Scott of SEA Consulting provides interview tips that you can use to gather high-quality information on which to base your hiring decisions using Behaviour Description Interviewing (BDI).

“If you ask good questions, you're going to get good answers. You're going to get the kind of information you need to make a prediction as to whether this  person is the right person to hire.”  Nelson Scott

Why Is Hiring the Right People Important?

​

Nelson Scott believes that people are what makes the organization successful. The right people make it more successful. You want to bring in people that fit the culture of the organization and are in line with the values and purpose and mission of your organization. You want to have people who will come into your organization and they'll feel they belong there.

Interview Right to Hire Right Nelson Scott #1 Tip

Nelson’s #1 Tip

​Nelson’s #1 Tip for clinic managers, healthcare providers of small healthcare practices about hiring employees?

First, identify the top performers in your practice. Then look for the candidates that are most like your top performers. Remember, you are hiring not just for the immediate vacancy, but potentially for the next 10 years. Take the time necessary to find the right employee for your practice.

Listen To The Podcast

In the podcast, Nelson explains how to conduct interviews that will yield high quality information on which to base hiring decisions.

  • Behaviour Description Interviewing (BDI)
  • How to:
    • Write interview questions
    • Get high quality information during interviews
    • Conduct reference checks

We also discuss how to alter common interview questions so that you will get better quality replies.

This will help you to make better hiring decisions.

Listen here: Practice Management Nuggets Podcast

Listen To The Podcast Here
Interview Right to Hire Right Nelson Scott Contact

Featured Guest: Nelson Scott, SEA Consulting

Nelson is an expert in hiring employees and a coach for managers who need to better be prepared to manage employees.

Nelson Scott has trained thousands of managers and supervisors from a variety of public, private and not-for-profit sector organizations on how to use interviews to gather high-quality information on which to base their hiring decisions. He also works with clients to develop interview questions, to prepare them to conduct interviews, and to manage the selection process on their behalf.

Nelson Scott has conducted thousands of interviews and been involved in hiring hundreds from frontline staff to CEOs. And along the way, he had made more hiring mistakes that he cares to admit. For more than two decades he had focused his writing and speaking about how to hire, engage and retain the right people. He is the author of three books, including a soon-to-be-published book on staff recognition.

Would you like more interview and staff recognition tips from Nelson?

Check out Nelson’s Briefly Noted Newsletter Here: GREAT Staff Recognition – SEA Consulting

You may also be interested in:

Managing Employees When They Make Mistakes With Stacey Messner

9 Steps to Hire (and Keep!) Employees In Your Healthcare Practice

#PracticeManagementNugget, hiring, podcast

Do You Need to Build A Privacy Awareness Training Plan for Your Healthcare Practice?

Posted on January 23, 2023 by Meghan in Blog

Do You Need to Build a Privacy Awareness Training Plan in your Healthcare Practice?

A practical privacy awareness training plan will save time for clinic managers and privacy officers.

Employees and healthcare providers who keep privacy and security top of mind will contribute to increased patient satisfaction, improve privacy compliance, and reduce privacy and security incidents in your practice.

Privacy awareness training is more than a checklist when new employees are hired.

As an employer and health care provider, you are responsible to provide training to all your employees about privacy awareness.

Your privacy officer should have direct involvement in the planning and monitoring of the privacy awareness training. The privacy officer may also:

  • Facilitate training opportunities
  • Develop / contribute to policies and procedures
  • Monitor for compliance
  • Provide instructions
  • Implement specific projects

If you don’t provide the training – and if your employees don’t understand the policies – and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

Protect your organization and your patients. Equip your staff with the information they need to confidently and correctly handle personal health information. Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Quickly and Easily Build Your Privacy Awareness Training Plan For the Whole Year!

Effective training for adult learners suggest that we must re-enforce key concepts at least 4 times a year. This applies to privacy awareness topics, too. 

Start your privacy awareness training at orientation and on-boarding of ALL of your team members, including healthcare providers. 

Then, re-enforce the key concepts throughout the year with work aids, posters, a ‘training minute' at regular staff meetings or team huddles, and coaching during the work day.

When You Plan It, It Will Happen

Is this you? If you want something to happen, you schedule it in your calendar.

Planning is key to design and deliver an effective privacy awareness training plan for your healthcare practice.

Let me show you a quick and easy way to plan your privacy awareness training for the whole year!

In this 60-minute webinar, you will outline a privacy awareness plan for your practice.

  • Training plan theory
  • Training strategies
  • Privacy awareness training plan
  • Build your privacy awareness training plan for the whole year!
  • Resources you can use right away to start training

Register before February 17,  2023 to access the Replay

Build a Privacy Awareness Training Plan for Your Healthcare Practice

Register now to get access to the limited time replay and resources!

Yes! I want to attend the workshop

This Workshop Includes:

  • Live on-line training
  • Q&A with Jean Eaton, Your Practical Privacy Coach when you join the webinar live
  • Access to the replay for a limited time
  • Learning Resources Guide

Did you enjoy reading this article? You may also be interested in:

Do You Want To Be A Confident Healthcare Privacy Officer?

Keeping Privacy Active in the Minds of Clinic Staff

5 Low Cost Steps You Can Take to Prevent Employee Snooping

3 Parts to Every Privacy Awareness Training Plan

Jean Eaton

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.  

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

healthcare, privacy awareness, privacy awareness training, privacy awareness training plan, privacy officer, privacy training

Roadmap to Start Your On-Line Healthcare Practice

Posted on January 10, 2023 by Izza Nuguit in Blog

What is an On-line Healthcare Practice?

An on-line healthcare practice is a medical practice that provides services through the internet.

It typically involves using technology such as an Electronic Medical Record System (EMR) or practice management software, and billing software to manage patient health records and transactions.

Additionally, it may include using secure telecommunications like video meeting, asynchronous messaging, and telephone. A website and social media platforms help patients and clients to find your services.

Technology Supports On-line Healthcare Business

Telemedicine and virtual healthcare has exploded in the last few years. Patients-–and healthcare providers—are more willing to deliver health services differently. The rules guiding how healthcare providers are compensated or paid
for virtual services has changed. This has opened the gates to new opportunities for healthcare entrepreneurs.

More technology options offer the small business owner to purchase services from reputable vendors with privacy secure programs. The software as a service and cloud-based hosting, affordable business grade computer systems for home-based businesses, and high speed internet infrastructure makes it easier for healthcare entrepreneurs to start online healthcare practices.

Why Start an On-line Healthcare Practice?

Individual healthcare providers may want a practice that mixes in-person consultation with virtual follow-up visits.

(See my Practice Management Nuggets podcast, Why Medical Practices Will Have to Offer Telemedicine in the Future to Compete | Episode #095 interview with Dr. Michael Greiwe)

Others may want to a work experience where they are the boss and work from a location of their choice.

Some will keep their practice small—themselves, perhaps with administration support.

Some will hire a few practitioners to deliver a small suite of services.

Still others may develop a virtual workforce spread across the country.

Each of the above models benefit from these advantages.

1. Access to a larger patient population

Starting an online healthcare practice allows providers including physicians, pharmacists, dentists, mental health, nutrition, nurses (and more!) to access a larger patient population. By using technology such as secure messaging, appointment requests and prescription refills, patients can get the care they need without having to travel to a brick-and-mortar office.

This allows providers to reach more people in rural areas where it may be difficult for them to open up a brick-and-mortar practice. It also gives patients more flexibility in managing their health care needs from anywhere at any time of day or night.

2. Increased convenience for patients

Starting an online healthcare practice increases convenience for patients by allowing them to manage their health and communicate with their provider's office 24/7 from anywhere online or using a mobile app. The patient portal provides secure messaging and may provide patients access to their own lab results, for example.

3. Lower overhead costs

Starting an on-line healthcare practice can help to offset some of the operational costs. It allows you to work independently or join a group practice, which can save on start-up expenses.

This reduces the need for equipment, furniture, and other resources needed to run a traditional brick-and-mortar clinic.

4. Ability to offer specialty services

Starting an online healthcare practice allows providers to offer specialty services to their patients in a convenient and cost-effective manner. By eliminating the need for brick-and-mortar locations, online healthcare providers can reduce overhead costs and offer lower rates for services. Additionally, online healthcare providers can offer more specialized care than traditional practices due to the increased efficiency and access to a larger geographic reach.

5. Increased efficiency thanks to technology

Software as a service model and cloud based hosting allows the small business access to equipment and support previously only available to larger businesses.

6. Opportunity to offer new services, such as telemedicine

Virtual services and communication technology allows you to offer more convenient services that are accessible from anywhere at any time without having to be physically present in the office or clinic setting. Additionally, it opens up opportunities for expanding into new markets that may not have been previously available due to geographical restrictions.

7. Increased profits thanks to decreased overhead costs

Starting an on-line healthcare practice can help increase profits due to decreased overhead costs like commercial office space.

8. Ability to meet the needs of a growing population

The ability to meet the growing needs of a population is a compelling reason to start an on-line healthcare practice. With more and more people around the world struggling to access basic healthcare services, an on-line healthcare practice can provide convenient, affordable, and accessible care for those who need it most. Offering online consultations that are accessible 24/7 via smartphone or laptop computer reduces the barrier of entry preventing those in rural communities from accessing quality advice when they need it most.

What Compliance Requirements Do I Need to be Aware of When Starting an On-line Healthcare Practice?

When starting an on-line healthcare practice, you should be aware of the compliance requirements that keep healthcare regulated and secure for people across the country. These include:

  • Registering as a business entity.
  • Undergoing a credentialing process with professional colleges.
  • Acquiring EMR, computer equipment, and software to handle health records in compliance with provincial privacy legislation and professional colleges' standards of practice.
  • Billing payment processors for fee-for-service and uninsured services.
  • Policies, procedures, privacy and security risk assessment, and privacy impact assessment to securely manage personal health information across all technologies.

It is critical that your legal compliance and privacy compliance practices are in writing. This includes your contracts with vendors, employees, partner, and patients and clients.

What is a roadmap to start an online healthcare practice?

Join the 60-minute webinar for time-saving tips and a roadmap of critical steps on your journey to open your regulated healthcare practice. You will break through the fear and overwhelm around legal and privacy issues in starting a healthcare practice online.

Co-hosted by Canadian business lawyer Corinne Boudreau of Online Legal Essentials Inc. and Jean L. Eaton, Practical Privacy Coach & Practice Management Mentor of Information Managers Ltd.

digital health, healthcare practice management, on-line healthcare practice

Can You Restore Your Business Using Your Computer Backup?

Posted on January 9, 2023 by Jean Eaton in Blog

You know that Joni Mitchell song, Big Yellow Taxi? “Don't it always seem to go that you don't know what you've got 'til it's gone.”

This couldn't be more true than when your computer crashes. It's a terrible feeling when your software or hardware suddenly doesn't work, or you can't find an important file you know you had last month. This experience can be a speed bump on your busy day, or a nightmare that takes you days and weeks, and a lot of money, to recover.

Do You Have a Written Computer Backup Plan?

Good business practices include having regular computer backup of your key documents, bookkeeping, website, emails, and databases including your Electronic Medical Record (EMR). If your information is personal or sensitive – to you, your client, or your business – the backup should also be encrypted.

Your backup plan should include a backup of your information in a separate location than the source documents. In case of a catastrophic failure – including bad weather, fire, theft – you can access your key information assets quickly. You could manage the backup yourself or outsource it to a remote backup provider.

Where Is Your Encryption Key? 

Your encrypted backup files need a ‘key' or algorithm to de-encrypt the files so that you can read and access the information. Have you kept a copy of the encryption key in the same place as your source documents? Or have you kept the key in a separate location – away from the source documents and away from the backup files? Have you recorded in your disaster plan how to retrieve the key?

Cybersecurity is for all businesses – even if you are not using social medial or have a website! Many small business think that they are too small to be attacked – not true! Not reviewing your security practices and keeping up to date can leave your small business vulnerable to attacks.

You should review your backup plan regularly–at least annually. Check to make sure that it includes all the information that it should and that you can restore the backup to a clean machine.

A written computer backup plan is necessary, but the goal is to have a good restoration. Test your restoration process from your backup to confirm that you know how to do the restoration and that you can run your business using only the restored data.

If you use a computer managed service provider, schedule a test restore with them now! Do a complete restoration–not just a few files–to ensure that you have all the hardware, software, encryption keys, passwords, and written procedures up to date.

What will you do to improve your computer backup plan?

Do you want more tips and resources like these – for FREE?

Join Anne Genge and I for the “Ask Me Anything” style webinar for healthcare professionals, practice managers, privacy officers, and owners on Friday January 20 at 1pm EST.

Anne is the founder of Myla Training Co., and a multi-certified cybersecurity expert with global awards for her work in cyber risk management, ransomware prevention, as well as cybersecurity education for healthcare providers.

This month, we will be sharing backup tips for your practice.

It’s free to attend.

Once you register, you’ll have access to the Zoom link on the day of the event.

computer backup

How To Include Cybersecurity In Your Privacy Impact Assessment

Posted on November 2, 2022 by Izza Nuguit in Blog

How To Include Cybersecurity In Your Privacy Impact Assessment

Keeping information safe and secure is a challenging development for businesses of all sizes over the last few years. Remote working and using cloud hosted services forced healthcare practices to change, or at least re-examine, their cybersecurity practices and protocols.

According to CyberEdge’s Cyberthreat Defense Report, 85% of organizations suffered from a successful cyberattack in 2021.

A privacy impact assessment (PIA) is an important tool to help understand the risks to patient health information and your healthcare business.

The recent Technology Fact Sheet, “How To Protect Against Ransomware“ from the Ontario Information and Privacy Commissioner, provides explanations and recommendations for all businesses.

Conduct privacy and security risk assessments whenever major new technology changes are introduced, and ensure that all critical elements of your IT environment are regularly reassessed.

Ontario Information Privacy Commission

Does Your PIA Include Cybersecurity Risks and Mitigation Plan?

You should review your PIA regularly, at least annually, and update your risk mitigation plans when there is a change in your administrative, technical, or physical practices. You also need to consider that the threat environment external to your business, like the increasing risk of cybersecurity vulnerabilities, can damage your business.

In this Episode #107 of the Practice Management Nuggets Podcast, Jean L. Eaton, Practical Privacy Coach with Information Managers shows us how to include cybersecurity risks in your PIA.

My Takeaways

A Privacy Impact Assessment is a type of a risk assessment. We know that cybersecurity vulnerabilities is a real risk for all businesses, including medical, dental, and other healthcare practices.

Take the time now to consider the new cybersecurity risks. Discuss this with your IT and managed services provider. Find strategies that work best in your practice. Remember—ignoring the risk doesn’t make it go away!

Next time you update or amend your PIA, include what you have done lately to prevent a cybersecurity incident in your practice.

Listen To The Podcast

Cybersecurity in Your Privacy Impact Assessment | Episode #107​

Expert tips with Jean L. Eaton on Practice Management Nuggets Podcast For Your Healthcare Practice.

Listen here: Practice Management Nuggets Podcast

Listen To The Podcast Here

#PracticeManagementNugget, #PrivacyImpactAssessment, cybersecurity, podcast
123›»

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"I did think that the info session was interesting on how many tools can be created and intertwined for the use of the patient. I do find the sessions good."

--Practice Management Nugget event, 'Engage your patients using automated tools' with Karol Clark

- Debra from Spruce Grove

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

1 shares
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}