Safeguards: The What, Why, and How

Posted on July 14, 2019 by Meghan Davenport in Blog

Guest Blog Post by Tamara Beitel

Health Information Management Student, Centre for Distance Education, May 2015

Picture this, the reception room of the clinic was clean and organized, the patients were happy as they were quickly seen by an efficient, positive and qualified healthcare team. This is what happens when the clinic has taken the time to design their safeguards.

What are safeguards? Why are they important to you? How do you implement these safeguards into your clinic/office?

These are important questions to consider when thinking about safeguards. Implementing safeguards will make your clients/patients feel more confident that their personal information is safe. They will be more willing to share their information.

Why should you safeguard health information?

It is important to safeguard health information to protect your business, your reputation, and helps employees understand privacy, security and confidentiality. When your clients/patients see that you are actively making sure that their personal information is safe, they feel more confident in sharing that information knowing it will be protected.

What are safeguards?

There are three types of safeguards to use in maintaining the privacy and confidentiality of health information in your clinic.

Administrative safeguards are the policies and procedures and other written documents. Policies and procedures direct staff to properly access patient information, privacy training for staff, monitoring the policies and procedures, dealing with receiving and responding to privacy complaints and inquiries, and dealing with transferring, retaining and destroying personal information contained on electronic devices.

There is privacy breach management to help prevent or in case of a breach what the procedure is in dealing with the breach. In the blog, When is a privacy breach a privacy breach?, it discusses the repercussions of not implementing breach policies and also discusses the legislation that is in place to safeguard personal information from breaches. It is important to acknowledge when a breach has occurred, that you have taken the proper steps to address the breach, and have learned from the breach so as not to repeat the same mistakes.

Examples of Policies and Procedures:

Signed oaths of confidentiality for all affiliates
Screens should be private and not viewable from public areas
Prohibit disclosure of patient diagnostic, treatment and care information over the phone, even to an individual who claims to be the patient

Technical Safeguards are controls that protect and control access to personally identifiable and health information. Technical safeguards include electronic devices, surveillance cameras, security systems, and telephone systems. Let’s focus on electronic health information and computer networks for example.

Audits of the security and computer systems are vital to maintain privacy and security of personal information. Through audits you can enforce compliance of the policies and procedures and see where changes, if any, are needed. It helps the staff to be aware of the importance in protecting the client/patient personal information. They see that there are consequences for not following policies and procedures.

You should also be aware of the risks from external threats. These include:

identity theft
loss of information
information shared with unauthorized individuals
Some examples of external threats are: malware (malicious software, designed to infiltrate or damage a computer system), spyware (a type of malware that collects information, such as key loggers), and irresponsible use of the Internet

Mitigation strategies include:

regular training and refreshers on privacy and security
IT professionals reassess any software/hardware additions/changes

Examples of technical safeguards in electronic medical records (EMRs) are:

Strong passwords
Encryption of data
Using role-based access to limit access to health information to a need to know basis (user-based access rights ((secure)), role-based rights ((more secure)) and context-based rights ((most secure))

Physical Safeguards are the physical measures used to protect electronic health information from unauthorized access. This includes precautions to prevent break-ins, theft of computers and files, unauthorized access to personal information, applying physical barriers and control procedures against threats to personal information, and policies and procedures on locking up at night, computer etiquette, and office set up (how and where computers, fax machines etc. are set up).

Examples of physical safeguards are:

Limiting access to the building, clinic and storage areas
Alarms and security cameras, doors and locks, lighting
Placing fax machines and printers out of sight and reach of public areas

Safeguards Next Steps

All three of the safeguards should be used in conjunction with each other. The use of these safeguards will help protect your client/patient information from breach, identity theft, loss and unauthorized access. You have the power to make the clinic/office safe from threats to security, privacy and confidentiality. Your clients/patients will know that you have taken all reasonable steps to ensure that their personal information has been protected and appreciate it. It is beneficial to your clinic to review all of your safeguard measures with staff and have regular audits, reviews, updates to the policies and procedures, systems, and security of the clinic. There are many self-assessment tools available from the Privacy Commissioners in the provinces and from the federal government. See the resources below.

About the author: Tamara Beitel has successfully completed the Health Information Management Diploma at Centre for Distance Education, she is currently preparing to challenge the National Certification Exam in July 2015. Tamara is looking forward to work as a Certified Health Information Management (CHIM) professional in the area of policy and privacy protection in the Calgary area.

Resources

Privacy Awareness Training– Corridor Interactive – Privacy Awareness in Healthcare: Essentials

Jean Eaton, When is privacy breach a privacy breach? https://informationmanagers.ca/privacy-breach-privacy-breach/

Office of the Information and Privacy Commissioner of Alberta

Office of the Privacy Commissioner of Canada

best practice, clinic management, good security practices, privacy, privacy breach, Safeguards, security

Identity theft protection (Would you know if there were two of you?)

Posted on January 25, 2017 by Jean Eaton in Blog

Would you know if there were two of you? Identity theft is a growing problem but there are things that you can do to protect yourself.

Identity theft happens when someone steals your personal information and uses it without your consent – to make purchases, take out loans, get medical services – and more! Victims can end up with drained bank accounts, destroyed credit, and the enormous task of fixing the problem.

5 tips to protect yourself from identity theft

Set up a schedule to review your credit card and bank statements – monthly, quarterly – and always have a ballpark in mind of your spending history
Once you've reviewed your statements, make sure that you've shredded the paper documents that you no longer need (and keep them in a secure place while you do need them!) By shredding your bank and credit card statements, you can prevent thieves from “dumpster-diving” for the easy information.
Set up a Google Alert for your name, business name, and other key identifiers (but not your account numbers). You will receive a listing of whenever your name appears in the internet.
Limit the amount of personal information that you share on-line, in stores, and on the forms that you fill out. Ask why they need your information.
Install and update anti-virus and malware protection software on your smartphone. Malware and viruses can access and steal personal information, which can lead to identity theft. ‪

Celebrate Data Privacy Day with Information Managers!

Tweet This!

Concerned about your privacy online? The FREE Data Privacy Day E-course makes it easy for you to enjoy the benefits of the internet while protecting your privacy.
It's easy, fun and filled with practical tips, tools, and resources! Get it before it's gone.

Follow Data Privacy Day around the world using Twitter and #PrivacyAware.

We are proud to be a Data Privacy Day Champ!

#DPD15, best practice, Data Privacy Day, identity theft protection, Practical Privacy Coach

Are cookies a good thing?

Posted on January 24, 2017 by Jean Eaton in Blog

Hungry? Cookies may sound good when they're filled with chocolate chips, but when cookies are used to track your online activity, they can result in behavioral tracking that advertisers use to target products to you.

You may be okay with this when it leads you to your next great shoe sale, but if you use a shared computer and search for something more private, the next person to browse the web on your computer may get bombarded with ads for the wedding rings – something you didn't want them to know.

A silly example, but if you use the internet for activities that require more personal information – such as online banking or shopping – cookies can save and remember your account number, credit card number, mailing address, phone number and more.

Privacy Tip – Delete your cookies!

Especially if you use a shared computer or if you are doing activities that require your personal information.

Celebrate Data Privacy Day with Information Managers!

Tweet This!

Follow Data Privacy Day around the world using Twitter and #PrivacyAware.

We are proud to be a Data Privacy Day Champ!

#PrivacyAware, best practice, cookies, Data Privacy Day, Practical Privacy Coach

Why Does Data Privacy Matter So Much?

Posted on January 23, 2017 by Jean Eaton in Blog

Data privacy is important. But the real question is, why does data privacy matter so much?

“Our personal information is built with our data that enriches, defines, educates and connects us. Data tells our story.” M. Dennedy, VP & CPO at Cisco.

Celebrate Data Privacy Day with Information Managers!

Tweet This!

Follow Data Privacy Day around the world using Twitter and #PrivacyAware.

We are proud to be a Data Privacy Day Champ!

#PrivacyAware, best practice, Data Privacy Day, Practical Privacy Coach, Practice Management Mentor, privacy awareness, training

Privacy Challenge #10 Change Your Passwords

Posted on October 24, 2015 by Meghan Davenport in 15 Day Privacy Challenge

Change Your Passwords

Passwords are everywhere! It is the minimum security safeguard for all our devices – from our computers to ATM banking, to voice mail to security alarms.

But how secure are your passwords?

Passwords that are easy to ‘hack' or guess are opportunities for attackers to access personal or sensitive information or install malware (malicious software).

#15DayPrivacyChallenge, #CyberAware, 15 Day Privacy Challenge, best practice, passwords, Practical Privacy Coach, privacy, security, TELUS WISE

Medical Supplies and Inventory Management for Clinics

Posted on May 7, 2015 by Jean Daffin in PMN Replay, PMN Stitcher, Practice Management Nugget Interview

Do you know what medical supplies you need for your new clinic?

Are your staff fully trained with the proper uses of Health Canada regulated products?

Do you have an inventory management plan?

Shawna Briscoe of Canada Medical Ltd. will help you determine what your medical supplies requirements are and how to manage inventory, saving you time and money.

In this 30-minute Privacy Management Nugget Shawna will give you practical information on:

Typical requirements for a healthcare practice start-up
CPSA and AHS regulations
Questions to ask potential suppliers
Timelines to consider in your project plan
Ways to manage your medical supplies inventory

Shawna Briscoe is an Account Manager – Central Region at Canada Medical Ltd. specializing in distributing branded medical supply merchandise and training in CPSA and AHS regulations to ensure clinics are compliant.

Here’s what Practice Management Nugget interview with Shawna Briscoe will do for you:

Show you options for ordering medical supplies
Save you money by asking the right questions
Make sure your medical supplies are ready when your clinic opens
Help you manage your inventory

Join us for Practice Management Nugget interview

Medical Supplies and Inventory Management for Clinics

with Shawna Briscoe of Canada Medical Ltd.

Thursday May 14, 2015 12 noon – 12:30 pm MDT

Tweet this

Share the event on Facebook

Replay

Resources

Learning Resource Guide – Medical Supplies / Inventory

You don’t have to attend LIVE, but you will miss the Q&A! Replays available for only a limited time.

Don’t miss an event!

Practice Management Nuggets are now also available as podcasts! Find us on Stitcher Radio and iTunes!

best practice, healthcare, inventory management, medical supplies, Practice Management Mentor, training

Transform your Patient Experience!

Posted on March 31, 2015 by Jean Daffin in PMN Replay, Practice Management Nugget Interview

Bruce Lee Custom Learning Systems Group

Brian Lee Custom Learning Systems Group

Brian Lee and Bruce Lee of Custom Learning Systems Group Ltd. will help you drive your clinic to gains in patient satisfaction, employee empowerment, engagement, and morale.

“Healthcare leaders will never solve their patient satisfaction problems until their frontline owns them.” – Brian Lee CSP

In this 30-minute Practice Management Nugget Brian and Bruce will give you practical information on:

What makes a satisfied patient
How to build a world-class service culture
How to engage and transform frontline and management staff

Brian Lee and Bruce Lee of Custom Learning Systems Group Ltd. specialize in creating a world-class patient experience, staff engagement and physician satisfaction.

Practice Management Nugget interview with Brian and Bruce will help you understand:

the key ingredients to improve the patient experience
the clinic managers role in motivating staff to care about patients
how to change a clinic’s dysfunctional culture

Join us for Practice Management Nugget interview

with Brian Lee and Bruce Lee of Custom Learning Systems Group Ltd.

Recorded Live on Thursday, January 8, 2015

Register for the Replay on Thursday, April 9, 2015!

Replay:

Resources:

Learning Resource Guide

Tweet This!

Share the event on Facebook!

Don't miss an event – Sign Up Now! Practice Management Nuggets Weekly Reminder Email

Practice Management Nuggets are now also available as podcasts! Find us on Stitcher Radio and iTunes!

best practice, healthcare, Leadership, patient satisfaction, Practice Management Mentor, training

Western Health Summit 2015: Making Change That Makes a Difference

Posted on March 30, 2015 by Jean Daffin in Blog

Hosted by the Conference Board of Canada
May 11-12, 2015 in Edmonton

Are you frustrated by the slow pace of health care change?

No organizational change is easy, and health care organizations are among the most complex.

This Western Health Summit 2015: Making Change That Makes a Difference will focus on changes that can be implemented immediately that will improve patient experiences and outcomes. Benefit from the experiences of those delivering change in their organizations and the insights of the Canadian Alliance for Sustainable Health Care.

Benefit from the experiences of those delivering change in their organizations and the insights of the Canadian Alliance for Sustainable Health Care.

You will gain valuable tools and strategies you need to successfully lead and manage change in your organization. Please click here to see the speakers and how to register!

best practice, change management, healthcare, Practice Management Mentor, Western Health Summit 2015

Business Continuity Awareness Week – Webinars

Posted on March 2, 2015 by Jean Daffin in Blog

with Paul Kirvan, Paul Kirvan Associates

Business Continuity Awareness Week is March 16 – 2oth. Do you have a business continuity plan? Have you tested it? This years theme is ‘Testing and exercising business continuity plans' before you need to use it!

Educate yourself on testing and implementing disaster recovery plans by joining these two webinars.

Best Practices for DR Test Planning and Implementation

Date: 16 March at 11:00 am MST

One of the most important activities to address when developing a technology disaster recovery plan is the plan test. The primary mission of the test is to validate that the data backup/recovery, system failover/recovery and system failback/restoration procedures you have defined work correctly. These activities will help you fine-tune your DR plans more precisely, and will ensure that your recovery teams know their roles and responsibilities during and after a recovery. This webinar provides guidance on how to plan and execute a successful DR test.

Join the webinar.

How to Effectively Conduct DR Tests Using a Disaster Recovery as a Service (DRaaS) Vendor

Date: 16 March at 1:00 pm MST

Recognizing the availability of managed services firms that specialize in data backup and disaster recovery, it may make sense for your organization to partner with a firm that offers Disaster Recovery as a Service (DRaaS), especially as it applies to DR plan testing. This webinar provides guidance on key activities to address when planning and executing a DR test in partnership with a DRaaS firm.

Join the webinar.

Click here for more information on Business Continuity Awareness Week.

best practice, Business Continuity Awareness Week, clinic management, Disaster Recovery, healthcare, Paul Kirvan, Practice Management Mentor, training

Do your healthcare employees trust you?

Posted on February 27, 2015 by Jean Daffin in PMN Replay, Practice Management Nugget Interview

Bruce Lee, Event Speaker, Coach, Author will help you build trust in your healthcare practice and foster a workplace where employees are inspired to go above and beyond the normal service expectation.

“To be a successful leader you must be a trustworthy leader.” Bruce Lee

In this 30-minute Practice Management Nugget Bruce will give you practical tips, tools and resources on:

What trust is
Critical factors that create or destroy trust
What leadership skills engage people to create a dynamic and empowering workplace
How trust contributes to a more positive and productive culture

Bruce Lee is a critically acclaimed productivity coach with a passion for assisting health care practices achieve higher levels of client, patient and staff satisfaction. His new book, “Trust Me – You Won’t Be Sorry – How Trust Is Your Competitive Advantage in the World Today” will be released soon.

Practice Management Nugget interview with Bruce will teach you how to:

Grow trust among your employees
Improve employee retention and morale
Improve productivity and profitability
Create a more positive and productive culture with improved communications and better relationships

Join us for Practice Management Nugget interview

with Bruce Lee of Bruce Lee Productivity Resources

Recorded live: Thursday March 19, 2015 noon – 12:30 pm MST

Audio

Audio and Slides

Self-tests & Newsletter

Tweet This!

Click and share the event on Facebook

Don't miss an event – Sign Up Now! Practice Management Nuggets Weekly Reminder Email

Practice Management Nuggets are now also available as podcasts! Find us on Stitcher Radio and iTunes!

best practice, Bruce Lee, CG CAHPS, healthcare, How to build trust, Leadership, Practice Management Mentor, training, trust

1 2 3 4

Guest Blog Post by Tamara Beitel

Why should you safeguard health information?

What are safeguards?

Safeguards Next Steps

Resources

5 tips to protect yourself from identity theft

Celebrate Data Privacy Day with Information Managers!

Celebrate Data Privacy Day with Information Managers!

Celebrate Data Privacy Day with Information Managers!

Change Your Passwords

Join us for Practice Management Nugget interview

Medical Supplies and Inventory Management for Clinics

with Shawna Briscoe of Canada Medical Ltd.

Thursday May 14, 2015 12 noon – 12:30 pm MDT

Replay

Resources

You don’t have to attend LIVE, but you will miss the Q&A! Replays available for only a limited time.

Register for the Replay on Thursday, April 9, 2015!

Replay:

Resources:

Hosted by the Conference Board of Canada May 11-12, 2015 in Edmonton

with Paul Kirvan, Paul Kirvan Associates

Hosted by the Conference Board of Canada
May 11-12, 2015 in Edmonton