Privacy Challenge #11 Privacy Awareness Training

Privacy Awareness Training

80% of all privacy breaches are internal to the organization. It is the healthcare provider and employer’s responsibility to ensure that everyone in the organization knows the best practices to handle personal information. Healthcare providers must provide privacy and security awareness training to each employee and contracted vendors in a healthcare practice. This includes healthcare providers and professional staff as well as volunteers.

Employers and healthcare providers must be able to document that training is provided to the employee and that the employee understood the key concepts of the content provided in the training.

A formal employee orientation process will help a new employee to succeed by:

Reducing the anxiety of the new recruit
Introducing the organization's mission and work
Explaining the organization's culture, including the values, behaviours, formal and informal practices, etc. including expectations of privacy and security of personal information. Set clear expectations of employee’s job performance and day-to-day activities.
Introduce new employee to colleagues, including managers or supervisors
Creating mentors and job ‘buddies' to help ease the new employee into the organization's culture

Privacy awareness training is an essential part of your employee orientation program.

Training alone won’t guarantee that mistakes or errors in judgement won’t happen, but the healthcare provider and employer are legally responsible to take reasonable steps prevent privacy and security breaches.

Privacy awareness training happens throughout the year. Informal training that is timely – say, the news item of the latest privacy breach – are great opportunities to reinforce key messages. Use ‘what if that happened to us, what would we do?’ to discuss lessons learned and improve your current practices, if necessary. Review near-miss privacy and security incidents in your practice. These are great opportunities to discuss and fix potential problems before they become breaches.

The Privacy Officer may create and deliver the training and will monitor, supervise, and support the training.

Use a variety of written and multi-media content like posters, newsletters, videos, infographics, and lunch ‘n learn discussions to reinforce key messages. People love games, challenges, and cyber competitions, too, as a way to create variety and interest in privacy and security.

Resources:

I am delighted to share with you a new course, Privacy Awareness in Healthcare: Essentials, training provided by Corridor Interactive. I have the great pleasure to work with Corridor Interactive to develop the course content. Privacy Awareness in Healthcare: Essentials provides a privacy awareness training program available on demand. Individuals can register for the course and have access to a 3-month subscription. Employers can also purchase training for groups of employees; employees can access the internet based training at a time and location convenient to them. Employers can monitor the employee’s training progress and receive a report of employee’s satisfactory completion of on-line quizzes.

The Health Information Act Guidelines and Practices Manual from AHW provides an administrative checklist of custodian's responsibilities, including training requirements. This is a good outline for your privacy management program and employee orientation even if you don't need to follow the HIA. See Appendix 3 & 4.

Also see the Employee Orientation Checklist from the HRC Council: Getting the Right People.

Make use of networking within your organization and with associations, or organizations of similar or complementary services. Some vendors facilitate user groups. The Alberta Association of Clinic Managers and the Medical Group Management Association of Canada offer networking for Clinic Managers. Privacy Officers can find resources and networking at Privacy and Access Council of Canada.