Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course

Posted on October 28, 2020 by Jean Eaton in Services, Training

Do you need a Privacy Impact Assessment?

Or do you need to amend an existing PIA?

Privacy Impact Assessments are just one of the requirements you need in order to fulfill your obligations in Alberta’s Health Information Act (HIA) and other legislation and are an important aspect of developing privacy best practices in your office.

And a little help along the way is always a good thing.

Practical Privacy Coach, Jean  L. Eaton of Information Managers, is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal and health information, particularly in primary health care settings. Jean has helped hundreds of healthcare providers, vendors, and health and social service delivery organizations and associations complete their Privacy Impact Assessment which have been successfully accepted by organizations' management and regulators. Jean has customized and delivered privacy training programs for privacy officers, records management professionals, implementation teams, and healthcare providers across Canada and the US.

Now you can have access to five modules to help you learn everything you need in order to complete your own PIA.

     

**** New PIA Amendment Track ****

Each module includes a video training, as well as templates, tools, resources and case studies to build on in each lesson. You can use this scenario to guide you through the PIA process in healthcare. If you work in healthcare or privacy or records management and need to do a PIA, this e-course is for you.

 

You need a Privacy Impact Assessment (PIA) when

  • You  are opening a new clinic or establishing a new health services program.
  • You are changing administrative procedures or technology equipment, services, or vendors
  • You are changing how you collect and use personal information,
  • You are implementing or changing an Electronic Medical Records (EMR)
  • You are sharing health information with another healthcare provider, organization, Primary Care Network or other health program.
  • You want to prevent a privacy breach,
  • You have a Privacy Impact Assessment that was written more than 2 years ago (It is time to review and update this!)

 

If you are a healthcare provider, practice manager, and you need your first Privacy Impact Assessment, this e-course is for you

Are you in a group or solo practice with direct patient care, for example:

  • Physician
  • Pharmacist
  • Registered nurse
  • Optometrist or optician
  • Chiropractor
  • Physiotherapist
  • Midwife
  • Podiatrist
  • Dentist, dental hygienist or denturist
  • Audiologist
  • Mental health practicitioner
  • Laboratory, x-ray, and imaging technician
  • Paramedic

A PIA should be as common place to a healthcare practice as a business plan is to a business. BUT most healthcare practices don’t know this and often don’t know that a PIA is  usually part of their professional college requirements and often even a legislated requirement! Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by completing a PIA.

If your Privacy Impact Assessment was written more than 2 years ago this online on-demand course is for you!

The Clinic Manager and Physician Lead and Privacy Officer  must ensure its content is updated to reflect the current state of administrative, physical and technical controls.

BONUS! Checklist to update your PIA to meet recent changes to Alberta's Netcare Portal. If your practice has completed a PIA and now you need to update the PIA, you receive a checklist of items that you need to consider to refresh your PIA.

 

If you a vendor that supports healthcare practices this e-course is for you!

BONUS! One hour tele-consult with Jean, “Create a branded Privacy Impact Assessment Readiness Package”. Jean will work individually with you to review your documentation and coach you on how to prepare the package to give to healthcare practices.

BONUS! Vendor PIA live webinar includes Vendor non-disclosure agreement, Information Manager Agreement, GAP Analysis, Computer Network Narrative templates.

 

Jean has helped hundreds of physicians, chiropractors, pharmacists, and other healthcare providers complete their Privacy Impact Assessment. She has visited hundreds of practices across Canada. But time and geography limit my ability to visit each healthcare practice that needs a PIA. That's why I developed this on-line interactive course to help you learn everything you need in order to review, amend, or create your own PIA. Each module includes a video training as well as templates, tools, resources and two common case studies to build on each week. You can use these scenarios to guide you through the PIA process.

You know your practice better than anybody else. If you had the right tools, at the time most convenient for you and a mentor to help you, you can develop good office practices, meet legislated and college requirements, and successfully complete your Privacy Impact Assessment requirements.

Using a Webinar on-line interactive program, you will get great content and mentoring from Jean Eaton and once a month during the Q&A live training webinars. Learn the PIA process with these modules.

The modules include:

Module 1:

PIA to Protect Your Practice, Your Assets, and Your Patients

 

Module 2:

Information Flows–-the Foundation of Your PIA

 

Module 3:

Risk Analysis and Mitigation Strategies

 

Module 4:

PIA Format - Pulling it All Together

 

Module 5:

Complete Your PIA Submission

BONUS Module 6:

Create a Branded Privacy Impact Assessment Readiness Package

The replays, tools, and resources will be available to you right away.

If you are new to this field, I suggest that you first register for Privacy Awareness in Healthcare: Essentials to master the key definitions and concepts.

Corridor_Privacy_Awareness_In_Healthcare_banner

Privacy Awareness in Healthcare: Essentials

 

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments –

A Complete Step-by-Step Course

5 Core Modules, Templates, Training, and Tools to Get Your PIA Done!

Monthly Live Q&A Training Webinars

$450.00 (plus GST)

Purchase e-course

 

You will get

  • Learning Resource Guide for EACH module – how-to explanations, templates, and resource lists
  • Checklists to help you plan your PIA
  • MindMap of the entire PIA process
  • PIA project plan timeline templates
  • Checklists of  personal and health information privacy and security policies that you need in your practice
  • Many examples of projects in medical, dental, chiropractic and more practices including new PIA project and PIA amendments.
  • Explanation and real-life examples of key terms that you need to know and include in your PIA
  • Strategies and templates of risk management assessments that you can customize
  • This E-course might qualify for CPE credits, too!

 

BONUS!  Monthly live Q&A webinar training with Jean to help you get un-stuck with your PIA.

BONUS! Checklist to update your PIA to meet recent changes to Alberta's Netcare Portal.

BONUS! Private discussion group with other registered participants of this course to network and support each other on your PIA journey and continue to help you after this course closes.

BONUS! Regular updates of privacy resources and templates that you can use.

 

If you hired a consultant to do the work of the PIA process for you it may cost you as much as $3,000!

And then…when the consultant is done, they take their knowledge out the door with them.

Invest only $450 in this course and you'll have what you need to do your first PIA project today…and every project in the future!

Jean Introduction Ecourse PIA (1)

I had the pleasure of working alongside Jean to develop a PIA for my Dental Office. I could not have completed this document without her. She was there to help me every step of the way. Her online course made it easy to communicate with her as well as having so many resources to use that were so helpful. Each Module had videos to watch that explained step by step what needed to be done. The PIA document is a lot of information to put together and if it's not enough information on its own, you also need to develop a policy and procedures manual. Jean has developed an amazing resource for this manual that was very user friendly and made a 300 page manual a lot more attainable than creating it on your own. I highly recommend taking Jean's PIA course and having her help throughout the process!”

~~Lindsey Cave, Office Manager, Orion Dental Group

 

What people are saying about our PIA e-courses and in-person workshops:

Q: What did you learn from this workshop?

Participant's Responses:

  • Understanding of need / use of Information Management Agreement's and an ‘Evaluation” agreement.
  • Lots – when / how to make amendments.
  • Compliance / requirements of PIA and their purpose.
  • PIA information; agreements, updating.

 

Q: What do you feel was the biggest benefit to attending this workshop?

Participant's Responses:

  • Understanding a PIA.
  • Having a better understanding of PIA's and everything included in requirements.
  • Gain a better overview of my PIA and what I need to add; organizational strategy.
  • Clear vision of work to be done.

“When Jean told us about the Protest Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments E-course and explained how the course will help us better understand the Health Information Act, our responsibilities as healthcare providers and our relationship with our vendors and partners, I signed up right away! Thanks again – it is no doubt that we have hitched our wagon to a shining star.”
~~Bill Stowe, Business Manager Synergy Respiratory & Cardiac Care

“This was my first ever time I had to work on a PIA and I was a little nervous about doing it efficiently – but you really made it as simple and straight forward as possible. Thank you for being available for my questions when I had them. I would easily recommend Privacy Impact Assessments to Protect Your Practice course for anyone to do their own PIA's! Thank you so much!”
~~Karen Sarabura, Clinic Manager and Privacy Officer, CGA Medical Imaging, Alberta

“I attended the Privacy Impact Assessment Walk-through workshop (for ARMA members). Jean shared resources and on-going networking opportunities. The biggest benefit to me is to know that there is help out there in moving forward with our Privacy Impact Assessment responsibilities.”
~~Ellen Sauvé, Parkland County

Comments from other E-course participants:

“Learning about how all the information gathering systems interact was the most valuable part of this workshop”

“Excellent presenter – variety of learning opportunities.”

“Jean is an excellent speaker and I enjoyed the audio seminar you gave today and I learned a lot from your seminar.”
~~Annette T (AHIMA webinar, Three Mistakes in Managing a Privacy Breach”)

“Jean Eaton is one of those ‘critical suppliers' you keep in your email contacts list, no matter what company you manage. She really knows her stuff and delivers prompt, accurate information on time. Her courses are interesting, informative, and I like the opportunity to meet with classmates who have similar challenges.”
~~Kevin Morris, Shape MD, Team Leader/Office Manager

 

Buy e-course

In-Person Workshops Are Now Available 

Are you a hands-on kinda person?

Are you more likely to get things done when you schedule your time for a working meeting?

Would you like help to kick-start your PIA amendment and review with other like-minded clinic managers and privacy officers?

PIA Amendment Workshops are available. Send a request to me and let's set up a workshop near you! You also get full access to the on-line course to support you after the workshop.

 

 

Not sure if the E-course is for you?

Jean will answer your questions in the free webinar, 

 

Prevent Big Fines (or Worse!) for Your Healthcare Practice

How to Plan a Privacy Impact Assessment for Your Healthcare Practice

with Jean L. Eaton
Replay Recorded Live

This webinar is for Privacy Officers, Clinic Managers, Practice Managers and anyone else responsible for doing a PIA.

You will learn what is getting in your way of getting your PIA done!

In this free webinar, you will learn:

  • 5 Manageable Steps of every PIA
  • 3 Biggest Myths about PIA’s that is preventing you from completing your PIA
  • Questions Privacy Officers, Clinic Managers, Practice Managers and Healthcare providers should ask about PIA’s but don’t
  • Biggest fears about doing a PIA and how you can kick it to the curb so that you can finally get it done

Join us for the webinar so that you can plan your PIA for your healthcare practice!

Sign me up for this FREE webinar

Get Free Access Now Arrow

Please provide your email address below and you will be re-directed to the webinar replay right away.

Check your email in-box to confirm your registration!

 Along with your webinar registration, you will also benefit from the occasional Privacy Nugget tips by email of similar privacy resources and articles that you can use right away!

 

Alberta, amendment, breach, employee training, ePIA, ePrivacy, Health Information Act, healthcare, HIA, PIA, PIA process, Practical Privacy Coach, Privacy Impact Assessment, privacy officer training, templates

When is a Privacy Breach a Privacy Breach?

Posted on July 13, 2019 by Jean Eaton in Blog

The biggest mistake in managing a privacy breach is not recognizing the privacy breach.

The second biggest mistake is not knowing what to do about it.

The recent publicity about the privacy breach in Alberta when a laptop with health information was stolen and came to the public's attention several months later is not the first news item of its kind.  In fact, this happens frequently in healthcare, retail, government departments and other industries.  This doesn't make it any easier to swallow and certainly doesn't make it right.  But this is an opportunity for you, healthcare provider or practice manager, and vendor to make sure that you have good practices in place to manage your next privacy breach.

Health information is recognized as being particularly sensitive and important to the person that the information is about.  It is so important, in fact, that a new breed of legislation was developed to set out specific rules to ensure that the health information has robust safeguards (administrative, technical, and physical) to keep the health information confidential and secure.  In Alberta, the Health Information Act (HIA) was proclaimed in 2001 to help custodians (people or organizations who collect, use, and disclose health information) ensure that they have identified the risks to breach of health information and how to prevent those risks.  The legislation also ensures that the people who the health information is about have access to their personal health information.

In August 2018, amendments to the HIA were proclaimed that make it mandatory to report a privacy breach that could result in harm to the Office of the Information and Privacy Commissioner (OIPC).

Privacy breaches come in all types and sizes.  One of the most common forms of a privacy breach is when a clinic or healthcare provider intends to send a report to another healthcare provider for continuing care and treatment but it is sent to the wrong physician.  Or, the referral request went to the correct physician but included extra information about another patient that was not part of the referral.

What Is Considered a Privacy Breach?

A privacy breach is an unauthorized access to or unauthorized collection, use, disclosure , loss, or disposal of personal or health information.

To each of us, our own personal health information is important.  As a healthcare industry, we need to ensure that we recognize this and acknowledge that each privacy breach is important to the person the information is about.  We need to make sure that we minimize the risk of the information being used inappropriately or maliciously.  We need to acknowledge to ourselves and to our patients and clients that we are human and that sometimes we do make mistakes and we will strive to do better.

A ‘small' breach of one person one time might have a big impact to the individuals involved.

A ‘big' breach of a lost laptop might have a bigger magnitude affecting many individuals.

When a breach also meets the requirements of mandatory notification, a custodian must report the breach regardless of how many people's information have been included in the breach.

4 Step Response Plan

When you have a privacy breach, follow these four steps to manage the privacy breach incident.

Step 1 – Spot and Stop the Breach

Each breach is important and needs to be recognized. Contain the breach so that it doesn't get any bigger.

Step 2 – Evaluate the Risks

Your privacy officer will investigate the incident and learn about the size, scope, and details about the breach. Consider if there is a reasonable basis to believe that there is a risk of harm to an individual

Step 3 – Notify

Notify the custodian, the affected individuals and (now, with the 2018 amendments), the Alberta OIPC, Minister of Health, Alberta Health (if the breach includes Netcare) and others.

The individual who's information has been breached needs to be made aware of the problem and the risk that might be experienced so that they can be prepare to limit the risks. The custodian needs to know how to manage the privacy breach and report it – internally and perhaps to other stakeholders.

Step 4 – Prevent the Breach From Happening Again

Correct and monitor the incident(s). Actively take steps so that the breach does not happen again.

Not Sure What To Do?

You never know when a privacy breach will happen! Prepare now with a privacy breach management program and coaching from the Practical Privacy Coach!

Learn what to do if you have a privacy breach.

4 Step Response Plan, Alberta, breach, Health Information Act, HIA, OIPC, privacy, privacy breach, training

Is Your Email Secure?

Posted on August 19, 2013 by Jean Eaton in Blog

Mon, 08/19/2013 – 09:07 — jean

Is your email secure? Backed up? If you suddenly lose your email, calendar, or contact list, this could either be a speed bump in your busy day, or a nightmare that may take days or weeks and a lot of money to recover.

If you use email as temporary communications or your primary method of business, it needs to be managed securely. When you or your staff use email from multiple devices – such as your desktop computer, smart phone, or website – you have additional privacy and security requirements.

Many small businesses have purchased an email software system like Outlook as part of their desktop software. Unfortunately, recent software updates from Microsoft do not include Outlook; you are encouraged instead to purchase MS Office 365 software where all of your email is stored on the MS Cloud.

Some businesses use free email accounts – like gmail or yahoo – where emails, calendars, and contact information is on the public cloud. It is accessible from any internet connection but is difficult to back up to a local device that you can control.
If you use email to transact business – employee records, business contacts, company newsletters, subscriptions, financial or consumer purchases, or personally identifying messaging – you need to meet privacy and security requirements.

Previous versions of Windows Server Small Business Server (SBS) edition included Microsoft Exchange so small businesses could create their own in-house email server. This is not included in Windows Server 2012 Essential (SBS replacement). But small businesses still have a few options:

Buy the Microsoft Exchange Server full licenses, although it can be quite expensive
Sign up to Office 365 which is a hosted / cloud based Microsoft Exchange service from Microsoft with email hosted in the USA. Offices will need to determine their level of risk using personally identifiable information in emails – including sensitive information like credit card, payroll, health information, and other sensitive content – which will be stored out of Canada and subject to US legislation and uses.
Contract with a Canadian hosted Microsoft Exchange service with a Canadian based cloud service provider. This might be a cost effective solution and permit full access to email in an environment which is backed up and more easily accessible.

There are many features offered with a hosted email service:

Collaboration is easy as you have access to group calendaring and scheduling, shared contacts, folders and calendars, tasks and task delegation, as well as public email folders.
Fully functional email software.
Sync capabilities to your smart phone without worrying about viruses, spam, or malware, and mail archiving is automatic. Store as much or as little email as you need and do so without dealing with annoying ads.
Anti-phishing, anti-virus, and malware software are attached to each email connection.
No data ‘left behind' on the device – all data is securely maintained in the hosted email. If a mobile device is lost or stolen, business email is not compromised.

You can apply business rules – for example, emails can be prevented from being forwarded to an employee's home gmail account. Employees can securely work from home.
All business data is maintained by the business. So if your employee wins the lottery and doesn't come back to work, all business emails have been maintained in the hosted email and not on an employee's home computer.
Data is encrypted during the internet transmission.

To get a Hosted Email, you will need internet access with a data plan. You can continue to use your desktop computer and its cable internet access. When you use mobile devices, you can use your mobile provider data plan (Rogers, Bell, Telus, etc), or connect to a trusted WiFi connection.

You are still responsible for good security practices at your location including:

Unique user ID and password on your computer network – including mobile devices – and
Good password management – complex passwords that are changed regularly
Physical safeguards to ensure that your work locations – including mobile locations – are secure from theft

Common sense awareness – don't open suspicious phishing or spam emails

Business-class Microsoft Exchange email hosting services mean you're always in touch and up-to-date, in the office or on the road accessing your mobile email.

Things to look for in a hosted email solution vendor:

Canadian provider with data centres only in Canada (Alberta preferable)
Reputable company with proven track record
Contract including:
Termination clause – when the contract terminates, the vendor will:
Notify you in advance of termination
Allow local back up of your data or data transfer
Validate that your data has been completely and securely deleted from the data centre
Encrypted at the data centre – no one at the data centre can read your information and it is secure from someone else hacking into the data centre to steal your data

Confirm your backup plan for your email accounts.  If you don't have one, create a plan.

INFORMATION MANAGERS
We are an information management company based in Edmonton, Alberta. We specialize in health information management, records management, practice efficiency and workflow consultation as well as privacy and security in the Health Care sector.
We take care of the elephant in the room.

Alberta, backup, best practice, breach, business associate, cloud service provider, computer network, email, external hard drive backup, health information, healthcare, hosted email solution vendor, privacy, SBS, security, Windows Small Business Server

What Not To Do – keep your backup device plugged in

Posted on January 25, 2013 by Jean Eaton in Blog

An Australian medical center is facing the possibility that its patients’ electronic medical records may be locked away forever after hackers broke into its computer system in December and encrypted the files. The hackers captured a medical centre's data and demanded A$4000 to decrypt the information.

While this incident is rare it is a good lesson to ensure that you take control of your data. Ensure that it is secure. Ensure that your data is securely backed up and is segregated from your computer servers. Your must be proactive and monitor your computer network. This may be an appropriate task to outsource to a reputable vendor. Are your plans comprehensive? Is it time for you to schedule your Privacy Practice Review?

See  the Technology for Doctors Online story from January 17, 2013, for more information.

backup, best practices, breach, computer network, encryption, external hard drive backup, privacy, privacy breach, privacy practice review, security, security external hard drive devices, segregated backup

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"I did think that the info session was interesting on how many tools can be created and intertwined for the use of the patient. I do find the sessions good."

--Practice Management Nugget event, 'Engage your patients using automated tools' with Karol Clark

- Debra from Spruce Grove

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}