Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

October Is Cyber Security Awareness Month!

Posted on October 1, 2020 by Jean Eaton in Blog

If You Connect It, Protect It

In healthcare practices, we have a responsibility to ensure reasonable safeguards to protect personal health information. In the early days of a clinic opening, your privacy impact assessment includes a privacy risk analysis that identifies potential risks to the privacy, confidentiality, and security of health information – and all the ways that you will mitigate and prevent those bad things from happening.

Threat Risk Assessment

As a practice matures, you are expected to regularly re-evaluate the risks to health information and conduct a new threat risk analysis (TRA). Conducting a TRA is a reasonable safeguard as described under the Alberta Health Information Act (HIA) and part of your obligations with information sharing partners, like Alberta Netcare Portal.

This is part of your Privacy impact assessment (PIA) amendment or update.

This is where you demonstrate that the custodians and the leadership of the clinic understands the importance of privacy and security. The TRA should review and update the original risk analysis – and describe what you have done lately.

The TRA should include administrative, technical, and physical safeguards.

IT Asset Inventory

You need to know where your personal health information – and other business, confidential, and sensitive information resides – before you can protect it.

A review of all the devices in your clinic that contain personal health information is one example of a technical safeguard. Your information technology (IT) computer network vendor or managed service provider should be conducting a regular enterprise-wide IT asset inventory. Generally, an enterprise-wide IT asset inventory is a comprehensive listing of an organization’s IT assets with corresponding descriptive information, such as data regarding identification of the asset (e.g., vendor, asset type, asset name/number), version of the asset (e.g., application or OS version), and asset assignment (e.g., person accountable for the asset, location of the asset). Listen to the Help Me With HIPAA podcast episode 273 for a great discussion on why this is so important.

The clinic’s system administrator or privacy officer should review the IT asset inventory with the MSP to ensure that all listed devices – both the devices managed by the MSP and any other connected devices – are included in the inventory.

In your PIA amendment, remember to include when you most recently completed your IT asset inventory, who was involved in the development, when it was reviewed by your custodians and leadership, and the actions that you took based on the results of your assessment.

See the Summer 2020 OCR Cybersecurity Newsletter Making a List and Checking it Twice: HIPAA and IT Asset Inventories and the additional resources to assist you with your IT Asset Inventory.

Security Vendor Questionnaire

Choosing a vendor to meet your cybersecurity needs is not an easy task. To help you, the National Cyber Security Alliance has created a checklist with some questions you should consider asking current or potential vendors. it is not exhaustive, but gives you a good start. If you don't understand some or any of these questions, consider having a business partner or colleague help you interview vendors. And always remember to engage in a Service Level Agreement and Contract with the vendor so all expectations are clearly articulated.

If you are a healthcare provider, you may need an Information Management Agreement, too.

Bonus Tip – Keep your questions and responses from the vendor as part of your privacy and security risk assessment to demonstrate your diligence and commitment to reasonable safeguards to protect your business and your patients' health information.

Security Vendor Questionnaire

 

If You Connect It, Protect It Resources

Use these resources from DHS NCSAM that you can download and share right away!

INTERNET OF THINGS

CYBERSECURITY WHILE TRAVELING


Here's a great no-cost opportunity to provide cyber security awareness training to your team!

October is Cybersecurity Awareness Month, a global effort to help everyone stay protected whenever and however you connect. The overarching theme for the month is, ‘Do Your Part. #BeCyberSmart.’ and Information Managers is proud to be a champion and support this online safety and education initiative this October.

 

Events This Month

 

  • Worried About A Privacy Breach? – Live Oct 8
  • Practical Privacy Officer – Live Oct 29
  • Privacy and Security in Telehealth Summit – Live October 21

 

CyberSecurity Champions

Information Managers Ltd has been a CyberSecurity Champion for many years – and now you can, too!

We want to help you, your family, friends and our community stay protected all year long, too. We encourage you to sign up as an individual Cybersecurity Awareness Month Champion. After signing up, you’ll receive a toolkit of free resources, including simple online safety habits and steps you can take to #BeCyberSmart.

National Cybersecurity Awareness Month is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. For more information about ways to keep you and your family safe online visit https://staysafeonline.org/cybersecurity-awareness-month/ and/or cisa.gov/ncsam.

 

 

Be CyberSecurity Aware

Cybersecurity Awareness

 

  • Demonstrate to your team the importance of cyber security at work.
  • Share with your patients – by posters in your practice, blog posts, or your email newsletters – and demonstrate that your practice is cyber aware and you want to share tips with them.
  • If you have team members who work remotely, work from home, use their own mobile devices, or use the internet to connect with apps and resources – give them additional skills to do their work as safely as possible.
  • Help your team members better manage their own personal information in their personal lives – good habits that will help them at work, too!

 

Become a Champion here https://staysafeonline.org/ncsam/champions/

 

Follow Information Managers blog posts, social media, and resources that you can download and use right away!

 

#BeCyberSmart, #CybersecurityAwarenessMonth, #NCSAM, Cyber Security Awareness, IT Asset Inventory, NCSAM Champion, threat risk assessment

Keeping Privacy Active in the Minds of Clinic Staff

Posted on August 10, 2020 by Meghan in Blog

As an employer and health care provider, you are responsible to provide training to all of your employees about privacy awareness. If you don’t provide the training, if the employees don’t understand the policies and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

Protect your organization and your patients. Equip your staff with the information they need to confidently and correctly handle personal health information. Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

How do you keep privacy active in the minds of your clinic staff?

Below are a number of simple, low-cost tips that you can use right away to build privacy awareness training in your practice.

Start a privacy awareness training program

The super-easy way to start a simple privacy awareness training program in your organization is to start with your Health Information Privacy and Security Policies and Procedures Manual. Take one policy or procedure a week or month, circulate it for review, and then circulate a short follow-up quiz specific to your organization.

If you circulate the quiz by email, depending on which email service you use, you may be able to use the built-in poll feature. You send out the question and in the poll, your team replies with the best answer. That way, you also build in a way to document that people received and responded to your quiz.

 

Listen to podcasts or watch YouTube videos on privacy awareness during a team meeting

Practice Management Nuggets For Your Healthcare Practice is a regular interview series with practice managers, healthcare providers, or trusted vendors who support healthcare practices. Topics include things you need to know to help you start, grow, fix, or maintain your healthcare practice. The events will be short – about 30 minutes – with nuggets of information that you can use right away. You can listen to these interviews as a podcast or watch them on YouTube.

Recent training topics have included:

  • Remote Working Privacy Breach Pain
  • PIPEDA's Mandatory Privacy Breach Notification
  • Privacy Awareness Quiz #PrivacyMatters

 

Take a Privacy Awareness Training course as a team

Regular privacy awareness training protects patients, employees, and your business.

Privacy Awareness in Healthcare Online Training and Privacy Awareness in Health Care Training – Dental Practices are online courses offered by Corridor Interactive.

In the course best fit for your practice, you and your staff will learn:

  • Understand patient and client privacy rights.
  • Respect personal health information and your obligations.
  • Confidently and correctly handle personal health information.
  • Use reasonable safeguards to protect personal health information (PHI).
  • Recognize and respond to a privacy breach
  • Support key policies, procedures and risk management programs in your healthcare practice.

 

Health Privacy SummitBecome a Practice Management Success member

Practice Management Success is an online community with tips, tools, and templates you can use right away to start, grow, fix, or maintain your healthcare practice. Membership is open to all healthcare practices of any size. Members have access to online resources and networking and support from other clinic managers, practice managers, and healthcare providers in independent community practices!

When you are a member of Practice Management Success, you also have access to the Q&A With Jean training library.Use these privacy awareness training videos where you can select the topics that are of interest to your practice. Each Q&A recording includes training (usually 10-30 minutes), and most have training notes or resources that you can download and use right away.

Members also have access to Policy and Procedure Orientation For Your Employees training videos.

 

Subscribe to Privacy Nuggets Newsletter

Privacy Nuggets are posted on the Information Managers blog and also sent to you by email when you subscribe to the Privacy Nuggets newsletter. These articles explore recent privacy breaches and provide a training tip on how to prevent a similar breach from happening in your practice and tips on how to respond to a similar privacy breach incident. You are welcome to share the articles and emails with your team and use this as a training tool, too!

Recent articles include:

  • 3 Parts to Every Privacy Awareness Training
  • Recent Privacy Breach Convictions Under Alberta's Health Information Act
  • When is a Privacy Breach a Privacy Breach?

CyberSecurity Awareness Month

Cybersecurity Awareness Month

The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.

The overarching theme for Cybersecurity Awareness Month 2020 is “Do Your Part. #BeCyberSmart.” The theme empowers individuals and organizations to own their role in protecting their part of cyberspace, with a particular emphasis on the key message for 2020: “If you connect it, protect it.”  If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone. 

Information Managers Ltd has been a Cyber Security Champion for many years – and now you can, too!

Cyber Security Awareness Month was launched by the National Cyber Security Alliance (NCSA) & the U.S. Department of Homeland Security in October 2004. This US organization sponsors a multi-media resource campaign each October.

Become a Champion

You can become a Champion, too – and get direct access to all the resources.

  • Demonstrate to team the importance of cyber security at work.
  • Share with your patients – by posters in your practice, blog posts, or your email newsletters – and demonstrate that your practice is cyber aware and you want to share tips with them.
  • If you have team members who work remotely, work from home, use their own mobile devices, or use the internet to connect with apps and resources – give them additional skills to do their work as safely as possible.
  • Help your team members better manage their own personal information in their personal lives – good habits that will help them at work, too!

Becoming a Champion is easy and does not require any financial support. Become a Champion here https://staysafeonline.org/ncsam/champions/.

Throughout October, NCSA will focus on the following areas in our promotions and outreach. Partners are welcome to follow along with NCSA but also encouraged to create their own areas of focus relevant to their organization:

There is a #BeCyberSmart theme for each week in October.

October 1 and 2: Official kick-off for the month

Week of October 5 (Week 1): If You Connect It, Protect It

Week of October 12 (Week 2): Securing Devices at Home and Work

Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare

Week of October 26 (Week 4): The Future of Connected Devices

Watch for resources from Information Managers during Cyber Security Month.

 

 When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.  

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

 

#BeCyberSmart, cyber security, healthcare, privacy, privacy awareness in healthcare, privacy awareness training

Cyber Security Awareness Training for You!

Posted on October 1, 2019 by Jean Eaton in Blog

Did you know?

1/3 of all healthcare employees who should receive cyber security training, don’t get cyber security training.

You can do better!

Start here.

October is Cyber Security Awareness Month! #BeCyberSmart

A great no-cost opportunity to provide cyber security awareness training to your team!

     

Register Below!

 

Cyber Security Awareness Training By Email

 

To celebrate Cyber Security Awareness Month, Information Managers is hosting free training tips by email throughout October.

In this training, Jean L. Eaton, Your Practical Privacy Coach will share cyber security tips and resources with you!

You can forward the email  to easily share the tips and resources with your team.

Or, they can sign up to the email training, they will receive emails directly to their in-box.

Discuss the tips and posters to see how they best apply to your work or home cyber security practices.

 

Your Cyber Security Awareness Tips will be delivered to the email address that you enter above.

You'll also benefit from occasional emails about privacy and practice management.

We don't share or sell your information. Ever.

Follow Us On Social Media!

Throughout October, we will cyber security tips and free links to additional resources on our social media accounts  that you can download right away! Follow us!

Twitter

 

Whether you’re at work, at home, or on the go, threats to cybersecurity and sensitive data can follow you. Our uber-connected world makes it more important than ever to know the threats and their potential consequences.

Information Managers Ltd has been a Cyber Security Champion for many years – and now you can, too!

Cyber Security Awareness Month was launched by the National Cyber Security Alliance (NCSA) & the U.S. Department of Homeland Security in October 2004. This US organization sponsors a multi-media resource campaign each October.

https://staysafeonline.org/ncsam/champions/

Please use the social share buttons below to share these Cyber Security Awareness  activities with your friends and colleagues.

#BeCyberSmart, cyber security, cybersecurity, National Cyber Security Awareness Month, training

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"The 15 Day Privacy Challenge has made me aware of the policies that my facility needs to update/create!"

- Rachel Worthing, CHIM, Ontario Shores Centre for Mental Health Sciences

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.