How To Correctly Identify Patients And Use Photo ID

Posted on December 10, 2019 by Jean Eaton in Blog

Patients should be asked to show their Alberta Health Care Insurance Plan (AHCIP) card and photo identification when visiting a practitioner office.

The Importance Of Correct Patient Identification

Failure to correctly identify patients can lead to serious problems such as medication errors, as well as privacy breaches.

Positive patient identification is critical to ensure patient safety and protect patient data. According to industry research cited by RAND, 7-10% of registering patients are misidentified upon entry.

Patient mis-identification contributes to:

27% of radiation errors
29% of medication errors
5% of wrong-patient/wrong-site surgeries
850 medical errors and 20 deaths related to blood transfusions

And, of course, we must deal with the administrative headache of privacy breaches and medical identity theft and duplicate patient records!

In Canada, health ministries have underscored the importance of correct patient identification when they issue Patient Safety Alerts. Correct patient identification criteria is also included in Accreditation Canada standards.

Verifying patient information improves patient care and efficient business practices.Click to Tweet

Verifying patient information improves patient care and efficient business practices.

Care – Good patient care starts with correct patient identification. Incorrectly identifying patients contributes to medication, transfusion, procedure and testing, errors.
Good Documentation – Avoid incomplete, inaccurate, and duplicate patient records!
Gatekeeper –Each caregiver has the responsibility to identify the patient before providing a health service. I think that the family physician has an added role and responsibility of the patients’ gatekeeper to additional health services to ensure that the documentation of patient identification is correct at the time of registration.
Billing – Avoid rejected billing and re-work when you correctly identify the patient and record the data correctly the first time. Patient demographic information is best corrected while the patient is present at the clinic instead of trying to contact the patient after they leave the clinic.
Uninsured Services – The practitioner will submit a claim to the Alberta Health Care Insurance Plan directly for all insured services provided. If a provincial health care card is not shown or the individual is not eligible for coverage, they may be asked to pay for health services before receiving them.

How To Correctly Identify Patients

Ask The Patient Questions – When a patient presents to register for a new or repeat visit, ask for at least two sources of patient identification. You may also request new patients to complete a new patient registration form.

Ask for Photo Identification – Photo identification will validate that the information and the image of the patient in front of you corresponds to the information from the patient and AHCIP. If there is a discrepancy, the best time to sort it out is when the patient is still at the clinic.

New Patient Registration Form (optional) – A paper form allows for discretion when asking for demographic information including date of birth, address, medications, Alberta Health Care Insurance Plan, allergies, etc. This reduces overhearing the conversation from other patients and staff and can often improve workflow and reduce congestion at the reception desk.

Document – Record on the new patient registration form or the clinic note that the photo identification was reviewed and that the image matches the individual. Use a clinic note or other location in patient record that is used consistently in your healthcare practice. (Bonus Tip: You might be able to create a template clinic note in your EMR for this. Or, create a check list template of this and related tasks to be completed for each (new) patient registration.)

Enter the information into the patient demographic or EMR system. Use registration document standards to ensure consistent data entry.

Validate – the AHCIP # and the patient information is valid by using the Netcare parameter launch browser between the EMR and Netcare. This will also help to ensure that there are no data entry errors in the EMR. If necessary, assist the patient to complete a change of information form for AHCIP, or make an update entry in Patient Registry if you have appropriate access. If you don’t have access to the Netcare via browser or web sign-on, use the phone number to AHCIP for this purpose.

Don’t Photocopy The Photo Identification

You should record that you viewed the photo ID and verified, but do not record the unique number associated with the photo identification (for example, driver’s license number). Do not photocopy the photo identification.

Remember, we have a responsibility to collect the least amount of information necessary. Viewing photo id to verify the identity of the patient, is a reasonable step to ensure the safety of the patient and to prevent an error. Recording the drivers license number or photocopying the drivers license is not necessary to provide a health service and an unnecessary (and probably illegal) privacy and security breach.

Listen To The Podcast Here

Members of Practice Management Success

If you are a member of Practice Management Success, login and access the webinar replay, patient registration procedure template, collection notice template, and the new patient registration form template.

Not a member of Practice Management Success, yet? What are you waiting for?

Get Your Practice Management Success Membership Now!

#PracticeManagementNugget, AHCIP, Alberta Health Care, dentists, drivers license, healthcare, medical errors, Netcare, Patient identification, photo ID, podcast, registration, risk

Ransomware – 6 Mistakes Made By Dentists (And Their IT)

Posted on November 14, 2019 by Jean Eaton in Blog

Anne Genge of Alexio tells us that 96% of healthcare providers are concerned about how their staff are using personally identifying health information.

But, many healthcare providers and business owners don’t know what to do about it!

Can your staff protect you from a ransomware attack?

Yes, they can!

And it doesn’t have to be hard or expensive to do that.

Anne will help us to understand the cyber security risks that every healthcare practice in Canada is facing now and what you can do now to reduce your risk on Practice Management Nuggets For Your Healthcare Practice. Anne Genge, CEO of Alexio Corporation is my guest expert.

Anne Genge's #1 Tip to healthcare providers and practice managers

Invest in a professional cyber security risk assessment for your practice.Click to Tweet

My Favorite Takeaways From The Podcast

Ransomware is the biggest threat to any digital environment
Healthcare data is urgent – we need it to treat our patients.
Cyber security awareness is very low among healthcare providers.
Data loss often happens even when you can de-encrypt the data often resulting in 15% loss.
Without proper remediation, repeat ransomware attacks can happen.
Good backup insulate yourself from data loss, remediation costs, mandatory privacy breach reporting, loss of reputation, fines, and penalties.
Intrusion detection and prevention software can alert users to potential problems, but sometimes, individual users’ behaviour continues to put the practice at risk.
90% -92% of successful breaches are facilitated by human error.
IT focus on efficient workflow and communications between systems. Security professionals monitor access to ensure it is authorized and appropriate. Both roles is necessary in our digital practices.

6 Mistakes Made By Dentists (And Their IT)

Think that IT has them covered and that ransomware won't happen to me!
Not updating and monitoring computer systems with intrusion prevention/detection.
Don't have a comprehensive backup of all of your data in at least 3 locations.
Don't run backup restore tests regularly.
Don't have a written mandatory cyber security awareness training plan.
Don't have an independent cyber security risk assessment and management plan annually.

Instead,

Take steps to prevent a ransomware attack – including cyber security education for your team, implement good IT systems, complete and comprehensive backup, and an annual cyber security risk assessment preventative digital IT health assessment.

Let Alexio help assess your risk, protect your practice, ensure data recovery, and train your staff.

Protect your investment today.

Get started with a quick on-line self assessment

Book a 30 minute consultation with Anne!

Follow Anne and Alexio on social media for more training and tips

InformationManagers.ca/Likes-Alexio

Featured Guest: Anne Genge

Alexio Corporation

Anne Genge is a pioneer in protecting health data and those who use it. She is a Certified Information Privacy Professional with a specialization in dentistry. Anne also holds certifications for HIPAA, Credit Card Security, Internet, and Network Security. Ransomware and data theft have changed the face of dentistry in the past decade meaning dentists need a new toolkit for protecting their practices.

With over 20 years of experience, Anne knows the challenges healthcare providers face with technology. She and her team at Alexio Corporation work with dental and medical professionals to minimize data risk and maximize patient care. As healthcare grows increasingly dependent on the digital environment, cyber-security becomes increasingly more difficult. Protection of patient data is not only law, it’s imperative for business success and reputation. Anne simplifies cyber-security for dentists and other healthcare providers and gives ‘real world’ strategies to protect patient information and the practice business.

Be sure to tune in to my interview with Anne Genge,

Ransomware – 6 Deadly Mistakes Made By Dentists (And Their IT) | Episode #082

Listen To The Podcast Here

#PracticeManagementNugget, Alexio, Anne Genge, dentists, healthcare, podcast, ransomware, security risk assessment

Privacy of Health Information, an IFHIMA Global Perspective

Posted on November 12, 2019 by Jean Eaton in Blog

The 19^th Congress of IFHIMA, the International Federation of Health Information Management Associations, will feature the release of IFHIMA’s latest whitepaper, “Privacy of Health Information, an IFHIMA Global Perspective.” I’m honoured to be the Chair of the Working Group and one of the authors. After months of work from dedicated HIM professionals and IFHIMA volunteers, I’m tickled pink to be able to share this with you.

Privacy of Health Information, an IFHIMA Global Perspective whitepaper provides a synopsis of current trends in privacy in healthcare around the globe, discusses the role of HIM professionals in privacy, and offers more detailed perspectives through case studies from Australia, the European Union, India, Qatar, the Republic of Korea (South Korea), and the USA.

Health Information Management (HIM) professionals have transitioned from their traditional role of health records custodian to data stewards and information privacy advocates and have an opportunity to take a leadership role with regard to the privacy of health information.

This privacy paper includes discussion on

Global privacy trends
What is personal information?
Privacy and trust
Challenges in maintaining trust when technology moves faster than regulations
Privacy stewardship foundations, including the role of the privacy/compliance officer
Avoiding risks, harm, and breaches
The complexity of breach notifications
How technology impacts privacy

After a thorough discussion, the paper also suggests several actionable steps that anyone can implement and discuss with their teams. Privacy is a team effort, but it requires a strong, trusted leader who can be the voice of clarity and transparency for patients, consumers, and regulators — all while building consensus.

These steps include:

Get involved as privacy regulations are developed
Assess what the regulations may mean to your organization
Communicate your insight to the team, leadership, and regulatory bodies
Identify required changes to systems, processes, and technologies
Train your teams, admins, and patients about their privacy rights and responsibilities
Commit to ongoing professional growth to stay abreast of the changing landscape

Privacy regulations that bring together emerging technology, healthcare processes and individual rights should take a pragmatic approach with consideration to future health information technology solutions such as telemedicine, Internet of Things and big data.

HIM professionals, in our role as stewards of health data, should be the voice of clarity and transparency for patients, consumers, and regulators. #IFHIMAClick to Tweet

6 Case Studies

The whitepaper includes observations and commentary about the status of privacy projects around the world, including the following case studies

My Health Record – The Australian Experience
General Data Protection Regulation of the European Union Reaches Far Beyond Europe
Health Care Privacy: An Indian Scenario
Developing a Global Standard for Health Information Privacy Workforce Education – A Republic of Korea (South Korea) Case Study
Health Information Exchange Implementation – Qatar, HIE Consent Model for Privacy Concerns – Privacy Regulatory Framework
Laying the Foundation for Privacy Practice and Compliance in the Outpatient Setting: Policies and Procedures. Download the Privacy of Health Information

This whitepaper will aid anyone tasked with planning for increased data sharing while trying to manage healthcare privacy. Ministers or Department of Health staff, privacy and data governance consultants, vendors, and health systems should find it especially helpful. Whether you are from a nation crafting its initial privacy regulations, or a nation revising insufficient policies, the information is relevant and enlightening.

I’d like to express my appreciation for the hundreds of hours of work contributed by this exemplary group of volunteers, including

Lorraine Fernandes

Angelika Haendel

Jenny Gilder

Mujeeb C. Kandy

Ok Nam Kim

Dr. Sabu Karakka Mandapam

Veronica Miller Richards

Dorinda M. Sattler

Dr. Rajesh Kumar Sinha

Selvakumar Swamy

Christopher Wilde

Click here to Register and receive this whitepaper and IFHIMA Global News, published three times per year.

Privacy of Health Information, an IFHIMA Global Perspective

#IFHIMA, healthcare, privacy, whitepaper

Improved Communication, Improved Dental Business

Posted on November 5, 2019 by Jean Eaton in Blog

Would you like to increase your dental business practice revenue immediately?

Maybe you have a need to maximize efficiencies and create your dream team.

Dr. Angela Mulrooney believes that when you focus on communication with your customers and create consistency in your dental practice, you will increase your revenue and reduce your working hours.

Angela Mulrooney is the Business Doctor, and today she is my guest expert.

Meet Dr. Angela Mulrooney

Angela Mulrooney is published author, a retired dentist, and a dental practice coach who resides in Calgary.

Angela Mulrooney discussed how communication with patients and your team and a marketing strategy can improve your business.

If you would like to transform your dental practice and maximize the potential within the practice so that you can focus on spending more time with patients, giving them the best care that you possibly can while trying to level up everyone's skills in the practice as well, be sure to tune in to my interview with Dr. Angela Mulrooney, Improved Communication, Improved Business Episode | #081.

Don’t Miss This!

Angela has a generous offer for you to get a complimentary 1 hour strategy call to discuss your practice.

Listen to the Practice Management Nuggets Podcast For Your Healthcare Practice Here.

#PracticeManagementNuggets, #SocialMediaGuru, Angela Mulrooney, business, coaching, dental, dental business My Business Doctor, dentist, marketing

Confident Women Leaders – 10 Key Steps To Prevent A Privacy Breach

Posted on October 22, 2019 by Jean Eaton in Blog

It only takes a little time and effort now to dramatically reduce the likelihood of a privacy breach in the future.

Recently, I was a guest on Confident Women Leaders Community Facebook Live hosted by Kathy Archer, Leadership Development Coach with Silver River Coaching.

It was a lot of fun to talk with Kathy about how small business, not-for-profit organizations, and clubs can quickly and easily build in privacy with their employees and volunteers as part of good business practices.

Practical Privacy Tips

We talked about the 3 simple practical tips every organization can use to prevent a privacy breach. This works for every type of organization.

Tip #1: Create an inventory of the personal information that your organization collects and is now responsible to keep confidential and secure.

Know what you collect, and review the reason why you collect the information. Make sure that you collect the least amount of information on a need to know basis at the highest level of anonymity. Use the inventory like a library account – keep track of who has access to the information, and when it is returned.

Tip #2: Create a checklist for the orientation of each new employee and volunteer that clearly tells them of your organizations expectations about how they will keep volunteer, employee, client, and donor personal information private, confidential, and secure.

Name a privacy officer in your organization and make sure everyone knows who this is. Make sure to train and support your privacy officer so that they can do a good job for you.

You can use the 10 Key Steps To Prevent A Privacy Breach Checklist as part of your orientation package.

Tip #3: Make it easy for volunteers and employees to keep information confidential and secure.

It’s not always about technology.

You can manage personal information on paper. Or, you could use private shared computer networks for your authorized users, like board directors and managers, to access all of their organization business records.

Here’s an example of a breach in a social service agency who did not properly secure board minutes containing confidential information on a computer server and faced a $25 million lawsuit.

Join Kathy's Private Community of Women Leaders to watch the Facebook Live replay (available for a limited time!) You can take these easy to implement steps to protect your clubs, healthcare practices, and small businesses from errors, omissions or attacks that could result in complaints, fines and even jail time!

I've put together a checklist for you about the 10 Key Steps To Prevent A Privacy Breach.

Download the checklist and make sure that you implement these best practices in your business.

Confident Women Leaders Community

Confident Women Leaders Community with Kathy Archer is ongoing training for women leaders in Canada’s non-profit organizations.

Leaders often hit a point where they find themselves in over their heads and wondering if they have what it takes to lead. Maybe that is where you are at now! Know you are not alone!

As a Leadership Development Coach and Leader of the Confident Women Leader’s Community Kathy Archer is here to provide you with guidance, support, information and a big hug when you need it!

But it’s not just me. We are all in this together!

CONNECT WITH Kathy Archer
https://www.silverrivercoaching.com/

confident, Kathy Archer, leaders, privacy breach, Silver River Coaching, women

Recent Privacy Breach Convictions Under Alberta’s Health Information Act

Posted on October 15, 2019 by Jean Eaton in Blog

In August 2018, Alberta proclaimed amendments to the Health Information Act (HIA) that requires healthcare providers (custodians) to report a privacy breach with a risk of significant harm to the Office of the Information and Privacy Commissioner (OIPC), the Ministry of Health of Alberta, and of course, to patients affected by the privacy breach.

This requirement that custodians must report a privacy breach to the to the OIPC has resulted in a huge increase in the number of reported privacy breaches in healthcare.

Custodians includes healthcare providers like physicians, pharmacists, chiropractors, dentists, optometrists, registered nurses, health authorities, and more

This is not unexpected. We in healthcare know that there are many privacy breaches that happen everyday. Many of these breaches are honest mistakes. However, an increasing number are intentional, malicious actions intended to harm others.

The benefit of having these breaches reported to a regulator is to improve compliance to reasonable safeguards to protect the health information of Alberta residents. And, as a result, more custodians and affiliates (people that work for a custodian) are being held accountable under the HIA legislation to ensure that they are meeting the reasonable safeguards.

In the first year of mandatory privacy breach notification, the OIPC has received over 1,000 reports. Previously, when privacy breach reporting was discretionary, the OIPC received an average of 130 voluntary reports of privacy breaches annually.

What Happens When A Privacy Breach Is Reported To The OIPC

When a privacy breach is reported to the OIPC, the OIPC will review the report and consider the custodian’s determination if a reasonable risk to the patient(s) was present. The OIPC will review the report and consider:

agree (or not) with the determination of risk of harm
was the patient notified appropriately
is there an offence under the HIA
is an investigation warranted

If an investigation is indicated, the OIPC will conduct the investigation and report their findings to the Crown prosecutors at Alberta Justice. The Crown will determine if it will continue to press charges under the HIA.

Under the recent amendments to the HIA a custodian or an affiliate or both could if found guilty of an offence is liable for a fine anywhere between $2,000 to $500,000 depending on the circumstances and the nature of the offense. Other sanctions may also be applied by the court.

It takes time to report a privacy breach, have it reviewed and investigated by the OIPC and the Crown, and have individuals charged and appear in court.

We are now starting to see the first cases charged after the August 2018 amendments coming to court and privacy breach convictions under the HIA.

Unauthorized Access By Employees

During a routine internal audit of health records in the Alberta Public Laboratories clinical lab at the Red Deer Regional Hospital identified unauthorized access by lab employees. These breaches were first identified by the hospital during a routine audit of their electronic record systems. The internal investigation between December 2018 and May 2019 identified 2,158 patient records were accessed. Alberta Health Services reported that 30 staff were involved in these breaches and three staff are no longer employed by the lab.

Do you do routine audits? Here’s how.

There have been three recent decisions in from the Alberta provincial courts as a result of mandatory privacy breach reporting legislation.

Suspicious Activity Leads to Investigation And Charges

In June 2018, Alberta Health Services (AHS) received reports of suspicious activity by a billing clerk in Red Deer. An internal audit and investigation indicated that the clerk accessed the health records of 52 Albertans without authorization. AHS reported the breaches to the OIPC in June 2018.

The OIPC opened an offence investigation and referred its findings to the Specialized Prosecutions Branch of Alberta Justice. Charges were laid in July 2019. The former AHS billing clerk received a $5,000 fine on August 2019 and was ordered not to access health information for one year.

Snooping By A Clinic Employee

In another case, an Edmonton medical clinic employee was fined after pleading guilty to health data breach. The employee knowingly accessed health information of two people and made suspicious statements to the two individuals about their personal medical details. The individuals then requested access to the audit logs and the provincial electronic health record system, Alberta Netcare.

The individuals reported a complaint to the OIPC at which point the OIPC conducted an investigation.

The employee was charged in March 2019 and plead guilty in provincial court on September 26, 2019. She was fined $3,500 and ordered to pay a victim surcharge of $525.

Are Your Employees Privacy Aware? Start now!

Unauthorized Access By A Billing Clerk

On September 30, 2019 in Red Deer Provincial Court a billing clerk with Alberta Health Services was fined $8,000 for illegally accessing health records. The clerk opened health records of 81 people over 4,7471 occasions without authorization from his employer and custodian. The court also added the following conditions

1-year probation
order to attend treatment and counselling and
not be employed in a position that allows him access to health information for 1 year

We will continue to see investigations under the HIA at appearing in our courts. The OIPC is currently investigating over 20 incidents and has flagged 70 more as potential offences.

Each of these incidents involved employees making poor choices about accessing patient health information. Reasonable prevention steps include privacy awareness training for every employee, healthcare provider, and contractor. In addition, every healthcare practice should be, monitoring access to records with routine audits and applying sanctions.

We obviously don’t speak often enough about what is acceptable, appropriate, and authorized access to patient’s health information.

Preventing a privacy breach is always less expensive than managing a privacy breach.

A privacy breach management plan will help you to prevent a breach and, when a breach happens, identify a privacy breach early to limit the risk of harm, size, and the cost of the breach.

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

Click Here To Register for the FREE 15 Minute Training Video "Can You Spot the Privacy Breach?"

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Not sure what is considered a privacy breach? See When is a Privacy Breach a Privacy Breach?

References

CBC News. Investigation finds improper access to patient records at Red Deer hospital. Posted: Oct 04, 2019 12:48 PM MT | Last Updated: October 4 https://www.cbc.ca/news/canada/edmonton/red-deer-patient-records-breach-1.5309419

CBC News. Edmonton medical clinic employee fined after admitting to health data breaches. Posted: Oct 03, 2019 10:56 AM MT | Last Updated: October 3 https://www.cbc.ca/news/canada/edmonton/health-information-alberta-access-1.5307453

CBC News. AHS billing clerk fined $8,000 for illegally accessing health records Posted: Oct 09, 2019 10:47 AM MT | Last Updated: October 9. https://www.cbc.ca/news/canada/edmonton/ahs-billing-clerk-fined-8-000-for-illegally-accessing-health-records-1.5314783

CBC News. Jennifer Lee. Reports of health-care privacy breaches spike in Alberta. Posted: Oct 11, 2019 5:00 AM. https://www.cbc.ca/news/canada/calgary/health-care-privacy-breaches-spike-alberta-1.5316230

clinic, custodian, health, Health Information Act, healthcare, HIA, mandatory privacy breach notification, medical, physicians, privcy breach, reasonable safeguards

Healthcare Policies And Procedures: Essential in EVERY practice

Posted on October 8, 2019 by Jean Eaton in Blog

Policies and Procedures: What Are They and Why Do Healthcare Practices Need Them?

Policies and procedures are essential tools in EVERY healthcare practice.

We use written policies and procedures to ensure consistent office procedures and good communication between team members, but it doesn’t stop there.

Before we get to the many benefits of healthcare policies and procedures, let’s cover exactly what these terms mean.

Policies and procedures defined

For our purposes today, this is what we mean by these terms:

Policy: A set of ideas or plans that is used as a basis for making decisions.

Procedure: A fixed, step-by-step sequence of activities or course of action.

Both policies and procedures serve several important purposes in a healthcare practice.

Policies and procedures can help you:

Protect your practice with consistency in decision making and implementing routine tasks.
Provide team members direction and guidelines; help avoid micromanaging. Here’s more information on how policy and procedure checklists help with employee privacy and security.
Ensure quality and cost-effective processes.
Well thought out policies and procedures reduce re-work and make for more efficient practices.
Encourage team members to work to their full scope of responsibilities.
Contribute to compliance, including professional standards, HIA, insurance.
Protect your healthcare practice by demonstrating your administrative safeguards.

As powerful and effective as policies and procedures can be, they can also pose certain problems or risks if they’re not implemented properly — or if they don’t exist in the first place.

On that note, if you have policies and procedures in place, it’s also imperative to know where they are. Don’t miss this cautionary tale where I tell you why.

If your policies and procedures are unclear or non-existent, these are some of the risks you expose a healthcare practice to:

Fines and even jail time for the healthcare provider
Increased conflict and potential for misunderstanding within a practice
Increased conflict between employees, misunderstanding, and poor customer service
Poor business decisions and wasted time and money

Simply talking about your policies and procedures is not a good business strategy! You need to have clear healthcare policies and procedures in place if you want to reap all of their benefits.

So, let’s go over what makes a good healthcare policy with a clear and effective design.

Policies ask WHY and WHAT

Policies are the steps to put your goals into action — policies are proactive.

The WHY: Why is this policy needed? It is the general guide for decision-making.

The WHAT: What do you want to show for programs, activities, and services?

Each year, policies need to be reviewed and authorized by the clinic manager, privacy officer, healthcare provider and/or owners. Your team members need the opportunity to review and understand the policies regularly, too.

Review policies to assure that they reflect what the clinic is doing and that the clinic is following the written policy. Changes may need to be completed and approved.

Now, let’s cover what makes for good procedures before we get to how to create your manual.

Procedures ask HOW

The HOW: How you plan to carry out the objectives and details listed in your policies?

Your procedures should include sufficient detail so a new employee can complete a task based on the information provided.

We’ve discussed the objectives of your policies and procedures for your healthcare practice, now here are some useful tips for actually creating your policies and procedures manual:

Include screen prints if computer-based.
Include video explanations.
Format the policy and procedures so that each policy or procedure is a separate, stand-alone document.
Assign a NUMBER to each policy and procure to make it easy to reference in your PIA, or direct your staff to review. You can use any numbering system that you want — I usually use a sequential numbering system.
Headings make it easier to group your information which makes it easier for the reader to review and then focus on the details that they need. Repeat the same headings throughout the policies and procedures to provide consistency across the manual. Use the headings as needed; not all policies or procedures need all the headings.
Cite legislative and standards requirements, like the HIA.

When you’re implementing changes to these policies and procedures or creating them in the first place, be sure to involve key parties. This includes:

Custodian/trustee/business owner
Clinic manager/team lead
Privacy officer

Remember, implementing a new procedure or policy successfully must always include training and discussion with your team.

Stay tuned for an upcoming post where we discuss which policies and procedures to include In your healthcare practice and your privacy impact assessment.

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them!

Your healthcare practice needs written policies and procedures to assist you to correctly, efficiently, and confidently collect, use, access, and disclosure of health information so that you can meet your accreditation, privacy impact assessment, and regulatory compliance requirements.

Show Me Policy And Procedure Templates!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies And Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Safeguards: The What, Why, and How

When Do You Need a PIA Amendment?

When is a Privacy Breach a Privacy Breach?

clinic, custodian, health, Health Information Act, healthcare, HIA, medical, physicians, PIPA, Policies and procedures, Privacy Impact Assessment, reasonable safeguards

Cyber Security Awareness Training for You!

Posted on October 1, 2019 by Jean Eaton in Blog

Did you know?

1/3 of all healthcare employees who should receive cyber security training, don’t get cyber security training.

You can do better!

Start here.

October is Cyber Security Awareness Month! #BeCyberSmart

A great no-cost opportunity to provide cyber security awareness training to your team!

Cyber Security Awareness Training By Email

To celebrate Cyber Security Awareness Month, Information Managers is hosting free training tips by email throughout October.

In this training, Jean L. Eaton, Your Practical Privacy Coach will share cyber security tips and resources with you!

You can forward the email to easily share the tips and resources with your team.

Or, they can sign up to the email training, they will receive emails directly to their in-box.

Discuss the tips and posters to see how they best apply to your work or home cyber security practices.

Your Cyber Security Awareness Tips will be delivered to the email address that you enter above.

You'll also benefit from occasional emails about privacy and practice management.

We don't share or sell your information. Ever.

Follow Us On Social Media!

Throughout October, we will cyber security tips and free links to additional resources on our social media accounts that you can download right away! Follow us!

Whether you’re at work, at home, or on the go, threats to cybersecurity and sensitive data can follow you. Our uber-connected world makes it more important than ever to know the threats and their potential consequences.

Information Managers Ltd has been a Cyber Security Champion for many years – and now you can, too!

Cyber Security Awareness Month was launched by the National Cyber Security Alliance (NCSA) & the U.S. Department of Homeland Security in October 2004. This US organization sponsors a multi-media resource campaign each October.

https://staysafeonline.org/ncsam/champions/

Please use the social share buttons below to share these Cyber Security Awareness activities with your friends and colleagues.

#BeCyberSmart, cyber security, cybersecurity, National Cyber Security Awareness Month, training

October is Cyber Security Awareness Month!

Posted on September 29, 2019 by Jean Eaton in Blog

Here's a great no-cost opportunity to provide cyber security awareness training to your team!

Whether you’re at work, at home, or on the go, threats to cyber security and sensitive data can follow you. Our uber-connected world makes it more important than ever to know the threats and their potential consequences.

Information Managers Ltd has been a Cyber Security Champion for many years – and now you can, too!

Cyber Security Awareness Month was launched by the National Cyber Security Alliance (NCSA) & the U.S. Department of Homeland Security in October 2004. This US organization sponsors a multi-media resource campaign each October.

Become a Champion

You can become a Champion, too – and get direct access to all the resources.

Demonstrate to team the importance of cyber security at work.
Share with your patients – by posters in your practice, blog posts, or your email newsletters – and demonstrate that your practice is cyber aware and you want to share tips with them.
If you have team members who work remotely, work from home, use their own mobile devices, or use the internet to connect with apps and resources – give them additional skills to do their work as safely as possible.
Help your team members better manage their own personal information in their personal lives – good habits that will help them at work, too!

Become a Champion here https://staysafeonline.org/ncsam/champions/

Follow Information Managers blog posts, social media, and resources that you can download and use right away!

#NCSAM, Cyber Security Awareness, NCSAM Champion

Why Do You Need Health Information Policies and Procedures?

Posted on September 24, 2019 by Jean Eaton in Blog

Maybe you’ve heard you need written policies and procedures for your health information, but you’re left asking yourself why it’s so important?

The truth is, without written policies and procedures, you open a healthcare practice up to a whole host of problems, including major legal issues.

In fact, every business needs good practices that apply to your:

Information that you collect from patients/clients
Website
Email
Business practices including electronic (or paper) patient records, and computer network
Financial information
Billing, collection, and payment processing

Within the healthcare industry, there are additional legislation requirements that require specific written health information policies and procedures.

The Health Information Act (HIA) and the Personal Information Privacy Act (PIPA)

As we mentioned, when a custodian collects health information, you must follow the Health Information Act (HIA) in Alberta.

Like most other private businesses in Alberta, private healthcare practices must also comply with the Personal Information Privacy Act (PIPA).

The colleges of regulated health professionals (like the Alberta Dental Association and College (ADAC) and the College of Physicians and Surgeons of Alberta (CPSA), require dentists and physicians to meet the standards of practice which includes compliance to HIA and PIPA legislation.

In addition, the college has other standards of practice that you must meet, including policies and procedures for the collection, use, disclosure, and access of health information.

So, let’s explore further why written policies and procedures are so essential, as well as what can happen without them, and why healthcare practices may not think they need them in the first place.

Benefits of Policies and Procedures

One of the most critical benefits of having policies and procedures in place is that they’re good for business.

Here’s how:

They contribute to consistent, efficient workflow.
You can figure it out once, write the procedure, tweak it to make it better, and then repeat the same procedure again and again.
They help you make better business decisions, like buying supplies, choosing services, and selecting vendors.
They help support your accreditation efforts.
On-boarding employees the right way with no missed steps is much easier with policies and procedures in place.

If you’re looking for even more proof of the benefits of having written procedures, it can also help you avoid:

Internal disputes within your team and external disputes with your patients and clients
Re-work and re-training employees
Poor customer service
Poor reputation
Fines and penalties

Fines And Penalties For Not Having Written Policies And Procedures

You might be wondering why you would face fines and penalties for not having written policies and procedures in the first place.

The HIA requires the custodian – which includes the dentist or dental hygienist – to take reasonable safeguards to protect the privacy and confidentiality of patients’ health information.

Having written policies and procedures is a common, expected, and reasonable safeguard.

Let’s say you have a privacy breach in your practice or an error (like sending a fax to the wrong number or you are a victim of a phishing or ransomware attack).

You can learn more about what makes a privacy breach a privacy breach here.

If you can’t demonstrate that you had the appropriate reasonable safeguards, like written policies and procedures in place, you are guilty of an offence under the law.

It’s illegal not to have policies and procedures when you collect health information.

If you are guilty of this offence, you are liable for a fine of a minimum of $2,000 and not more than $500,000. (HIA section 107(7)).

3 Policies and Procedures Myths

One reason some healthcare practices fail to have written policies and procedures is because they believe they don’t need them.

Often, this is because they’ve fallen prey to the common myths about policies and procedures.

There are 3 of the common myths that stop healthcare providers and their clinic managers from creating written policies and procedures:

It’s Too Hard

While it does take some skill to write clear, easy to read, and easy to understand policies and procedures, it doesn’t have to be heard. In fact, you can even purchase templates to make this easier.

It Takes Too Much Time

Writing policies and procedures does take some time.

But investing the time to create policies and procedures pays off by preventing suffering from inconsistent or broken procedures, using or disclosing health information in error, and having to pay fines, penalties, public relations nightmares, or spending the time required to run a privacy or security investigation.

It’s A Waste Of Time

Here are a few good reasons that prove writing policies and procedures is not a waste of time:

Practical privacy policies and procedures will create a more efficient practice and help you make better business decisions.
The policies and procedures become the foundation of your privacy impact assessment.
Policies and procedures are pre-requisites for other initiatives, like access to Netcare or other community integration initiatives, and privacy impact assessment (PIA). Click here to learn more about PIAs.
You must have them as part of your legislative compliance.
It’s the law. Not having policies and procedures regarding the collection, use, disclosure, and access of health information is illegal.

As you can see, written policies and procedures help ensure consistent office procedures and good communication between team members in your healthcare practice.

In addition to those good reasons, you must have good written policies and procedures about how you collect, use, disclose, and provide access to health information to avoid legal problems, fees, penalties, and other problems.

If you need templates of policies and procedures for your healthcare practice, be sure to sign up for the Practice Management Success Membership. These tips, tools, templates, and training will help you save time and money to develop and maintain policies and procedures in your healthcare practice.

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them!

Show Me Policy And Procedure Templates!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies and Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

When Do You Need a PIA Amendment?

What is a PIA?

Alberta, clinic, custodian, health, Health Information Act, healthcare, HIA, medical, physicians, PIPA, Policies and procedures, privacy, Privacy Impact Assessment, reasonable safeguards

‹1 2 3 4 5 ›»

The Importance Of Correct Patient Identification

How To Correctly Identify Patients

Don’t Photocopy The Photo Identification

Members of Practice Management Success

Anne Genge's #1 Tip to healthcare providers and practice managers

My Favorite Takeaways From The Podcast

6 Mistakes Made By Dentists (And Their IT)

Featured Guest: Anne Genge

Alexio Corporation

Be sure to tune in to my interview with Anne Genge,

6 Case Studies

Meet Dr. Angela Mulrooney

Don’t Miss This!

Practical Privacy Tips

Confident Women Leaders Community

​

What Happens When A Privacy Breach Is Reported To The OIPC

Unauthorized Access By Employees

Suspicious Activity Leads to Investigation And Charges

Snooping By A Clinic Employee

Unauthorized Access By A Billing Clerk

When we know better, we can do better…

Policies and Procedures: What Are They and Why Do Healthcare Practices Need Them?

Policies and procedures defined

Policies ask WHY and WHAT

Procedures ask HOW

​Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them!

1/3 of all healthcare employees who should receive cyber security training, don’t get cyber security training.

October is Cyber Security Awareness Month! #BeCyberSmart

Register Below!

Cyber Security Awareness Training By Email

Follow Us On Social Media!

Become a Champion

The Health Information Act (HIA) and the Personal Information Privacy Act (PIPA)

Benefits of Policies and Procedures

Fines And Penalties For Not Having Written Policies And Procedures

3 Policies and Procedures Myths

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them!