Privacy Impact Assessment (PIA)

Posted on May 1, 2017 by Jean Eaton in Clinic Manager / Privacy Officer, Established Practice, New Practice, Services, Vendor

Does your medical practice collect personal health information?

If so, you may need to conduct a Privacy Impact Assessment (PIA).

The Health Information Act requires health providers to complete a Privacy Impact Assessment when you:

open a new clinic
establish a new health services program
change how you collect and use personal information
implement Electronic Medical Records (EMR), or transition to a new EMR provider
share information with a Primary Care Network or other health program
access health information from Netcare or other data repositories

Information Managers' Privacy Impact Assessment (PIA) consultation helps you document your practices, meet practice management best practices, and ensure compliance with regulatory legislation.

The PIA consultation includes reviewing your current practices, documenting current or new privacy and security policies and procedures, information flow, legal authority analysis, risk assessment, and Privacy Impact Analysis. Contact us and we’ll take a look at your current office practices and let you know how we can help make your workload easier, your information secure, and meet regulatory compliance.

The ABCs of Privacy Impact Assessments

What do you know about Privacy Impact Assessments (PIAs)? If you have implemented an electronic medical record (EMR ) funded through a provincial program, you have probably had to go through a PIA. It was probably time consuming to some degree, but perhaps not as bad as you thought. Jean Eaton is a consultant and expert on Privacy Impact assessments in the medical office. She explains in this blog post, The ABCs of Privacy Impact Assessments, what you should expect when required to undertake a PIA.

Listen to the podcast with Dr. Alan Brookstone of Canadian EMR.

Document Management Tip: What is a Privacy Impact Assessment?

YouTube video: What is a Privacy Impact Assessment? Who needs a PIA? How can I tell if I have a PIA? Information about privacy impact assessments in Canada. Additional details for Alberta and Health Information Act, HIA, OIPC.

Having problems viewing the video here? Watch it on our YouTube channel: What is a PIA?

Computer Network Vendors and Privacy Impact Assessment

Video especially for vendors that supports healthcare practices

E-course: Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments

A PIA should be as common place to a healthcare practice as a business plan is to a business. BUT most healthcare practices don’t know this and often don’t know that a PIA is usually part of their professional college requirements and often even a legislated requirement! Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by completing a PIA.

If your Privacy Impact Assessment was written more than 2 years ago this e-course is for you

The Clinic Manager and Physician Lead and Privacy Officer must ensure its content is updated to reflect the current state of administrative, physical and technical controls.

BONUS! Checklist to update your PIA to meet recent changes to Alberta’s Netcare Portal. If your practice has completed a PIA and now you need to update the PIA, you receive a checklist of items that you need to consider to refresh your PIA.

If you a vendor that supports healthcare practices this e-course is for you

BONUS! One hour tele-consult with Jean, “Create a branded Privacy Impact Assessment Readiness Package”. Jean will work individually with you to review your documentation and coach you on how to prepare the package to give to healthcare practices.

BONUS! Vendor PIA live webinar includes Vendor non-disclosure agreement, Information Manager Agreement, GAP Analysis, Computer Network Narrative templates.

Jean has helped hundreds of physicians, chiropractors, pharmacists, and other healthcare providers complete their Privacy Impact Assessment. She has visited hundreds of practices across Canada. But time and geography limit my ability to visit each healthcare practice that needs a PIA. That’s why I developed this on-line interactive course to help you learn everything you need in order to review, amend, or create your own PIA. Each module includes a weekly live webinar, as well as templates, tools, resources and two common case studies to build on each week. You can use these scenarios to guide you through the PIA process.

You know your practice better than anybody else. If you had the right tools, at the time most convenient for you and a mentor to help you, you can develop good office practices, meet legislated and college requirements, and successfully complete your Privacy Impact Assessment requirements.

Consult, electronic medical record, EMR, health, healthcare, medical, Netcare, PIA, PIA completed, PIA templates, Privacy Impact Assessment

IT Vendor Privacy Impact Assessment Readiness Plan

Posted on January 9, 2016 by Jean Eaton in Blog, Vendor

New healthcare business needs IT solution asks if you have a PIA (what are you going to do about it?)

Healthcare practices throughout Canada and US need IT services and have money to buy new hardware and service contracts. They also need a Privacy Impact Assessment and want to work with a vendor who is PIA prepared.

You don’t want to lose that sale, do you?

Learn what the healthcare business needs to successfully complete their Privacy Impact Assessment. Develop your own responses and move to the top of their preferred vendors list.

I have developed an on-line interactive course to help you learn everything you need in order to create, review, or amend your own Privacy Impact Assessment Readiness plan. The E-course, Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course includes 5 modules each with a weekly live webinar, as well as templates, tools,resources and one common case study to build on each week.

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course will help you

Understand the Privacy Impact Assessment process and the healthcare client needs
Organize your business marketing to meet the healthcare clients requirements
Be informed
Be proactive
Improve your internal business documentation
Be efficient and reduce the administration delays between procurement and installation
Create a branded Privacy Impact Assessment Readiness plan to give to that caller and get the sale.

Let the Practical Privacy Coach help you!

Video by Trish Findlay – explaindiowhiz on Fiverr

If you are a vendor that supports healthcare practices this e-course is for you!

BONUS! One hour tele-consult with Jean, “Create a branded Privacy Impact Assessment Readiness Package”. Jean will work individually with you to review your documentation and coach you on how to prepare the package to give to healthcare practices.

BONUS! Vendor PIA live webinar includes Vendor non-disclosure agreement, Information Manager Agreement, GAP Analysis, Computer Network Narrative templates.

The modules include:

Module 1:

What is a PIA?

Tuesday, January 12, 2016

9 - 10 am MST

Module 2:

What is an Information Flow?

Tuesday, January 19, 2016

9 - 10 am MST

Module 3:

What is a Risk Analysis?

Tuesday, January 26, 2016

9 - 10 am MST

Module 4:

Pull it together into PIA format

Tuesday, February 2, 2016

9 - 10 am MST

Module 5:

Complete your PIA Submission

Tuesday, February 9, 2016

9 - 10 am MST

BONUS Module 6:

Vendor PIA

Tuesday, February 16, 2016

9 - 10 am MST

The replays, tools, and resources will be available to you for (almost) forever! If you miss a live webinar, or you will be away for some time during the course, you can catch up with the replays. The resources are yours to keep.

BONUS Three (3) open office drop-in group calls with Jean to help you get un-stuck with your PIA.

If you a vendor that supports healthcare practices this e-course is for you

BONUS One (1) hour tele-consult with Jean, “Create a branded Privacy Impact Assessment Readiness Package”. Jean will work individually with you to review your documentation and coach you on how to prepare the package to give to healthcare practices.

BONUS Vendor PIA live webinar includes Vendor non-disclosure agreement, Information Manager Agreement, GAP Analysis, Computer Network Narrative templates.

If you provide services for any of these healthcare providers, they probably require a PIA and they require their vendors to support their PIA and privacy, confidentiality, and security best practices. This is for you if you are a vendor that supports a healthcare provider in a group or solo practice with direct patient care, for example a:

Physician
Pharmacist
Registered nurse
Optometrist or optician
Chiropractor
Physiotherapist
Midwife
Podiatrist
Dentist, dental hygienist or denturist
Audiologist
Mental health practicitioner
Laboratory, x-ray, and imaging technician
Paramedic

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments –

A Complete Step-by-Step Course

5 live webinars, replays, templates tools, and resources

$450.00 (plus GST)

You will get

Learning Resource Guide for EACH module – how-to explanations, templates, and resource lists
Checklists to help you plan your PIA
MindMap of the entire PIA process
PIA project plan timeline templates
Checklists of personal and health information privacy and security policies that you need in your practice
Two sample case studies – one for a new PIA project and one for a PIA amendment – that we will use in each module. The case study is easy to understand by everyone. Use this approach for your PIA project.
Explanation and real-life examples of key terms that you need to know and include in your PIA
Strategies and templates of risk management assessments that you can customize
This E-course might qualify for CPE credits, too!

BONUS! Three (3) open office drop-in group calls with Jean to help you get un-stuck with your PIA.

BONUS! Checklist to update your PIA to meet recent changes to Alberta's Netcare Portal.

BONUS! Invitation to join a private LinkedIn Group with other registered participants of this course to network and support each other on your PIA journey and continue to help you after this course closes.

If you hired a consultant to do the work of the PIA process for you it may cost you as much as $2,000!

And then…when the consultant is done, they take their knowledge out the door with them.

Invest only $450 in this course and you'll have what you need to do your first PIA project today…and every project in the future!

Not sure if this is right for you?

How to Plan a PIA for Your Healthcare Practice – Practice Management Nugget webinar recorded live on December 3, 2015

Watch the replay here!

Watch the Preview of the E-Course, Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments.

Preview the E-Course here!

In this preview, Jean will tell you:

3 Biggest Myths about PIA's (and why they are not true)
Questions Privacy Officers, Clinic Managers, Practice Managers Should ask about PIA's but don't
Biggest fears about doing a PIA

Jean will share with you the Solution: Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course.

You will learn:

5 Modules of the E-course
What you get with the course
Why you should buy the course now

Complimentary access to the on-line course Privacy Awareness in Healthcare: Essentials $25 value

from our partner, Corridor Interactive when you purchase the E-course. One user subscription with access to the course for 3-months. Start this training now – a valuable introduction to Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course.

– Jean, Your Practical Privacy Coach

business associate agreement, GAP Analysis, information management agreement, PIA, Privacy Impact Assessment, vendor non-disclosure agreement

Speaker Sheet

Posted on February 3, 2014 by Jean Eaton in Blog, Services, Training, Vendor

Do you collect personal health information?

If so, you know the importance of this sensitive information. Healthcare providers must ensure that every staff member understands their individual responsibility when it comes to handling personal information.

Jean gives you the skills and confidence to handle the elephant in the room!

Jean’s information privacy workshops are ideal for staff members at all levels in any organization or clinic that collects, uses or discloses personally identifying information. This includes direct care providers such as physicians, allied health professionals, and associates, privacy officers, as well as other employees and support staff who are not directly involved in patient care.

Choose from these two popular workshops, or request a customized presentation.

"

The Power of 3

Privacy Awareness in Your Health Care Practice

Privacy Awareness Training

Improve your patient satisfaction and prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor.

This is a critical workshop for everyone in the health care industry. Jean will engage your people in a fun and practical way to teach the key principles of privacy awareness. Through the use of every day scenarios and group discussion, new and experienced healthcare providers and support staff will learn the essentials of privacy, confidentiality, and security.

Learning Objectives:

Patient and client rights with respect to their personal information.
Key components of privacy legislation.
Safeguards that protect personal health information.
Privacy principles.
Recognize and report a privacy breach.

"

4 Step Response Plan

Prevent Privacy Breach Pain

4 Step Response Plan

Privacy incidents happen! 60% of small and medium business owners go out of business within 6 months after a privacy and security breach. Patients, clients, employees and business partners trust you to keep their private and sensitive information confidential and secure. Properly managing a privacy breach is critical to the continued success of your business. With Jean’s expert guidance, you will learn the critical skills of planning for and responding to privacy incidents, handling them with confidence while mitigating the risks.

Based on her new book, Prevent Privacy Breach Pain, Jean will guide you through the practical “4 Step Response Plan” to help you develop a privacy breach management response plan for your organization.

Learning Objectives:

Contain the breach.
Evaluate the risks.
Notify affected individuals and other stakeholders.
Prevent the breach from happening again.

When you know better, you can do better.

Jean L. Eaton

Your Practical Privacy Coach and Practice Management Mentor



Your Practical Privacy Coach

Jean is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal information, particularly in primary health care settings.

Jean has customized and delivered privacy training programs for privacy officers, records management professionals, implementation teams, and healthcare providers across Canada and the US.

You will learn how to use practical pro-active privacy in your practice. Privacy Education program that is actually fun and . . . practical!

Jean has helped hundreds of physicians, chiropractors, pharmacists, and other healthcare providers and privacy officers develop and improve their Privacy Education programs.

You know your practice better than anybody else. If you had the right tips, tools, templates, training and Your Practical Privacy Coach to help you, you can develop a practical Privacy Education program for your office, improve patient satisfaction, meet legislated and college requirements, and prevent big fines (or worse!).



Your Practice Management Mentor

Practice managers working in healthcare want to provide good services and have a profitable business. They have a sense of what they need to do to get there – but often need help with networking and resources. Jean shares templates, user guides, real-life examples, networking, practical resources and mentoring. We give you the confidence to take care of the elephant in the room!

Jean Eaton has worked in health records and primary care organizations for over twenty years, and is an experienced leader in health information management.

She understands that practice managers working in healthcare want to provide quality services and have a profitable business… and is committed to helping practices with the networking and resources to get where they want to be.



jean[at]informationmanagers.ca



(780) 237 - 7605



Book Jean for your next event and see the difference that privacy awareness can make!

Contact Jean to provide workshops and key-note address at your next event!

Available in person and techno-magically using webinars and live streaming.

Your Workshop Package can include:

A 60-90 second promotional video encouraging early registration with key sponsor mention.
A 30-minute preview marketing webinar on a related topic to pitch early registration with key sponsor billing.
Advance interviews of organization members to customize the workshop.
A special sponsor ‘lunch & learn’ seminar event.

Download Jean's Speaker One-Sheet



FREE E-books authored by Jean L. Eaton

Please click on a title to download your free PDF copy.

Document Management Tip Series:

You may have seen Jean here . . .

2020 June 5, Canada's First Virtual Health Privacy Summit, ‘Practical Privacy Tips‘.

2020 Jan 22, Data Security and Privacy 2020 Virtual Summit, “Privacy of Health Information, an IFHIMA Global Perspective”, BrightTalks

2019 November, Confident Women Leaders with Kathy Archer, '10 Key Steps To Prevent A Privacy Breach'

2019 September, In the Pink Seat with Dr. Angela Mulrooney, ‘Privacy Protection'

2019, Meeting Leadership Podcast with Gordon Sheppard, ‘Why Leaders Should Understand Privacy'

2019, Meeting Leadership Podcast with Gordon Sheppard, ‘What Leaders Need To Know To Start A Privacy Program'

2016 May 10, 2016 Saskatchewan Connections, Regina, SK. “4 Step Response Plan to Manage a Privacy Breach”

2016 March 30, National Privacy & Data Governance Congress, PACC, Calgary. “4 Step Response to a Privacy Breach”

2015 November, American Health Information Management Association (AHIMA), Webinar “3 Mistakes in Managing a Privacy Breach”

2015 June Chiro Secure, Webinar, “Email with Patients – What Are the Risks?”

2014 April 15 Edmonton Chapter – Alberta Association of Clinic Managers (AACM) Luncheon, Edmonton, Alberta “Privacy can be fun!”

2014 June 11-12 Health Information Management Association of Alberta (HIMAA) Conference, Edmonton, Alberta “Privacy Breach Management”

2014 November 14 PIPA Connections Conference, Calgary, “How to easily develop your own in-house privacy & security education program”

2014 September 24-26 Ontario Medical Group Management Association (OMGMA) 46th Annual Conference, Gravenhurst, ON. “Engaging Patients in an Electronic World”

2014 September 16-19 Alberta Association of Clinic Managers (AACM) Annual General Meeting, Canmore, AB.

2014 June 4 Saskatchewan Connections Conference, “3 Mistakes in Managing a Privacy Breach”

2014 May 9 Canadian Counselling and Psychotherapy Association Conference, Victoria, BC. “Managing a Privacy Breach – 3 Mistakes in Managing a Privacy Breach”

2014 Practice Management Nuggets’© webinar series. Weekly interviews with practice managers, healthcare providers, or trusted vendors who support healthcare practices.

2013 April 26 Alberta School Councils’ of Alberta Conference, Edmonton, AB. “Privacy Risks and Kids”

2013 October 26 Literacy and Learning Day Conference, Edmonton, AB. “Privacy Risks for Kids. Is Your Child at Risk?”

2009 June Canadian Health Information Management Association / Saskatchewan Health Information Management Association Conference “Privacy Impact Assessments and the Health Information Management Professional – Leveraging What You Already Know”

2011 May Canadian Health Information Management Association, “Proactive Approach to Privacy, Confidentiality, and Security”, CHIMA CPE Webinar.

2009 – 2014 Private healthcare practices, in-services including “Health Information Act Lunch N Learn”, “Privacy Awareness In-Service”, “ROI (Release of Information) 101”, “Practical Privacy”

2009 – 2015 Information Managers Webinars, in-person workshops throughout Alberta including

“Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course”

“Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments”

“Prevent Big Fines (or Worse!) for your Healthcare Practice; Learn How to Plan a Privacy Impact Assessment”

“9 Steps to Hire (and Keep) Employees in Your Healthcare Practice”

“Privacy, Confidentiality, and Security for Medical Offices”

“How to complete a Privacy Impact Assessment”

“Developing Policies and Procedures for Medical Offices”

“Managing a Privacy Breach – 3 Mistakes in Managing a Privacy Breach

“Email and Patients – What do I need to know?”

“Clinic Managers Top 10 Data Privacy To Do List”

healthcare, Practical Privacy Coach, Practice Management Mentor, privacy, speaker

Webinar Training

Posted on November 8, 2013 by Jean Eaton in Clinic Manager / Privacy Officer, Employee, Established Practice, New Practice, Vendor

Our webinar series provides an opportunity for you to access practical resources that you can immediately put to work.

Public Webinars

Short presentations that get you started on the topic and links to additional practical resources that you can use right away. Available in audio only or webinar.
Introduction – Privacy Breach
Introduction – Privacy Awareness
Introduction – E-Mail and Patients

Webinars by Registration

Cost-effective detailed discussions on a variety of topics. Your registration includes opportunities to interact with the speaker and other participants through questions and discussions, access to forums to post questions between sessions, learning resource guides and other resources that you can use right away.
Webinar Calendar

Organizations can also request a customized version of our in-person workshops for delivery by webinar. Contact us today to learn more.

Privacy Awareness Customized Training

by Webinar now available in a 1 year license.

Privacy Practice Review

Posted on November 1, 2013 by Jean Eaton in Clinic Manager / Privacy Officer, Established Practice, Services, Vendor

Demonstrate and ensure compliance to your privacy goals. A Privacy Review is an educational and consultative program that serves as a vehicle to identify best practices as well as opportunities for improvement.

Your medical office wants to promote a culture of respect for privacy and information security throughout the organization when providing patient care and accessing and disclosing protected health information.

To demonstrate and ensure continuing compliance to your privacy goals, a Privacy Review, is an educational and consultative program that serves as a vehicle to identify best practices as well as opportunities for improvement.

The Privacy Review is designed to be transparent in order to maximize the opportunity to impart knowledge and effect change.

Each review presents an opportunity to give members of your staff the information and tools that they need to protect patient privacy.

healthcare, Netcare, privacy compliance, reasonable safeguards, security compliance

Customized On-Site Training

Posted on November 1, 2013 by Jean Eaton in Clinic Manager / Privacy Officer, Established Practice, New Practice, Services, Vendor

You have individual needs, and so does your clinic.

We provide customized assessment and training, based on whatever gaps you may need to fill, whether they are related to your privacy needs, human resources, document management or business processes.

We'll help you streamline your processes, hire the best-fitting staff and make sure you run your business, instead of the other way around.

Please contact us to discuss your individual requirements.

Comments from participants following the Privacy Awareness In-Service Comments from Baker Clinic, June 2019:

What do you feel was the biggest benefit to attending this workshop?

“Refreshing information”

“Lots of useful and valuable information”

“Refresh on policies”

“How to safeguard yourself from privacy breach”

“To know the experiences of others with the patients and how to use them in future”

“Remembering what forms of identifiers to ask for”

“Learning how I can better protect my patient and myself”

“More in depth info about privacy and disclosing info”

“Hearing the answers to common questions of staff in the clinic”

“Updated health information Refresh on HIA rules, Netcare access and new information about MyHealth Alberta”

“Learning how to handle a privacy breach”

Want more information about customized training? Click here to download a flyer with more details.