Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Do you know the most frequent source of a privacy breach?

Posted on October 29, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Challenge #15 Privacy Breach

80% of all privacy breaches are caused inside the business

Have you ever received a phone call from your bank telling you that your credit card information may have been compromised or stolen?

Be glad you did. While this kind of call may frighten you and create doubt and cause inconvenience, it is far better to be notified and to solve the problem than to let it persist. And if the bank catches the theft early and calls you to let you know how they have prevented it from happening again, you are likely to thank the bank for looking out for your best interests.

The same thing happens when you suspect that you have a privacy breach at work. You need to stop it, report it, inform the client, and let them know what you are doing to solve the problem. It is never an easy phone call to make, but most of the time the client appreciates your concern.

Watch the video, “Can You Spot the Privacy Breach?” for some handy information about what is a privacy breach, how to spot one, and what the most common mistakes are that you need to avoid.

Ideal for privacy officers, clinic managers, practice managers, healthcare providers, owners.

 

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#15DayPrivacyChallenge, #CyberAware, Practical Privacy Coach

Internet of Things

Posted on October 28, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Have you ever wondered on your way home from work, “I wonder if we need more milk?”

It might be very handy to have your refrigerator scan the CPU codes of the food in your fridge, and automatically place an order to your local grocery store ready for you to pick up milk on your way home. Your car will already have the address and traffic updates sent to the GPS to make your trip hassle-free.

“Internet of things” refers to things connecting to the internet and communicate with other each other.

But don't let the convenience of things connecting to the internet create an additional security threat. You need to keep password management and software security up to date.

See the infographic created by NCSAM to explain the Internet of Things.

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

 

#15DayPrivacyChallenge, #CyberAware, Internet of Things

Privacy Awareness Training is an Essential Part of Your Employee Orientation Program

Posted on October 25, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month!  Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.  The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #11 Employee Orientation and Privacy Awareness Training

80% of all privacy breaches are internal to the organization. 

Most of these breaches are the result of error or mistakes by employees.

Businesses and healthcare providers are legally responsible to ensure that every employee, contractor, and vendor receives privacy and security training, including cyber awareness. This includes healthcare providers and professional staff as well as volunteers.

Privacy awareness training is the cornerstone of every privacy and security program. Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by being up to date on privacy and security best practices.

Employers and healthcare providers must be able to document that training is provided to the employee and that the employee understood the key concepts of the content provided in the training.

A formal employee orientation process will help a new employee to succeed by:

  • Reduce the anxiety of the new recruit.
  • Introduce the organization's mission and work.
  • Explain the organization's culture, including the values, behaviours, formal and informal practices, etc. including expectations of privacy and security of personal information. Set clear expectations of employee’s job performance and day-to-day activities.
  • Introduce new employee to colleagues, including managers or supervisors.
  • Create mentors and job ‘buddies' to help ease the new employee into the organization's culture.

 Privacy awareness training is an essential part of your employee orientation program.

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware #15DayPrivacyChallenge

#15DayPrivacyChallenge, #CyberAware, employee orientation, privacy awareness

Can You Access Your Personal Information?

Posted on October 23, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month!  Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.  The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #9 Right to Access Your Own Personal Information

Our right to the privacy of our personal information is very important.

In our organizations, when we collect personal information from our employees and clients, they have the right to access this information from us. They may want to do this to ensure the information is correct, complete, and has been used only for the purpose to which they agreed.

A privacy charter is a useful document that communicates your position on the collection, disclosure, and use of private information. It informs your clients of their rights and explains your commitment to keeping their information safe.

Here is a sample privacy charter that you can modify for your use:

  • To help you, we need to ask you for your personal information.
  • We will ask you before we share your information.
  • It is our job to keep your personal information safe.
  • We will tell you why we need to collect your personal information, before the information is collected.
  • Only with your agreement will we collect, use, and share personal information about you. You may change your mind at any time.
  • We will only ask you for the personal information that is needed to help you.
  • We will use your personal information only for purposes to which you agreed.
  • If you have any questions, speak to our Privacy Officer.
    • Used with permission from NWC FASD Network

Can a patient have a copy of their own health record?

Patient Access to Health Records

Under most privacy legislation, including Alberta’s Health Information Act, a patient has the right to access their own records about themselves. The information that a patient provides to the healthcare provider belongs to the patient. The healthcare provider is responsible to maintain the information on paper or in a computer and ‘owns’ the documents.

Watch the Video Patient Access to Health Records

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware #15DayPrivacyChallenge

#15DayPrivacyChallenge, #CyberAware, access, patient access to health records, Practical Privacy Coach

Does your organization have a privacy officer?

Posted on October 22, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month!  Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.  The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #8 Privacy Officer Education

If your business involves the collection, use, and disclosure of your clients' personal information, a privacy officer is necessary in order to meet legislated requirements.

So, what does a Privacy Officer do?

  • Identifies privacy compliance issues for the business.
  • Ensures privacy and security policies and procedures are developed and maintained.
  • Ensures employees and contractors are aware of their responsibilities and duties.
  • Provides advice and interpretation of related legislation for the business.
  • Responds to requests for access and corrections to personal information.
  • Ensures the security and protection of personal information in the custody or control of the business.
  • Represents the business in dealings with third parties and the Office of the Information and Privacy Commissioner.

It's a challenging, yet rewarding, role. And there are many ways that a privacy officer can learn the skills necessary for the job. See the Privacy and Access Council of Canada for professional development resources.

Here's a Document Management Tip: Sample Job Description for Privacy Officer that you can download right away.

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware #15DayPrivacyChallenge

#15DayPrivacyChallenge, #CyberAware, Practical Privacy Coach, Privacy officer job description

How do you manage USB’s?

Posted on October 18, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #4

We love to use USB sticks because they are convenient tools to temporarily store and transfer information. However, because they are small and easily lost or stolen, they also pose a huge risk for your confidential information to fall into the wrong hands.

Unfortunately, we rarely take the time to encrypt our data or use other security features on these drives. And if these drives go missing, it often goes unnoticed, which means the USB memory stick truly is a weak link in our information security.

How would you know if a device was lost?

Would you know what information it contained?

Is it encrypted?

 

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

 

#15DayPrivacyChallenge, #CyberAware, 15 Day Privacy Challenge, good security practices, Practical Privacy Coach, privacy

Privacy Collection Notice

Posted on October 17, 2016 by Jean Eaton in Blog

October is CyberSecurity Awareness Month!  Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #3

Every time we gather information from a client, we're entering into a trust relationship with them. We trust them to provide accurate information, and they trust us to keep it private and safe.

So it's only fair that we are transparent with our clients about our policies and procedures regarding the collection and safe-keeping of their important confidential information. We want them to understand:

  • Why we are collecting their information
  • How we are using their information
  • How we are protecting their information
  • How our organization meets the rules and regulations of our industry

Where is your practice’s privacy collection notice?

 

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware.

#15DayPrivacyChallenge, #CyberAware, 15 Day Privacy Challenge, Collection Notice, Practical Privacy Coach, privacy

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Posted on September 18, 2016 by Jean Eaton in Archive

Is this you?

Paul clicked on a link in an email that encrypted all his data on his computer and now he has to pay a ransom to get the data back.

Mary used her work email address to register for the course, “Ready to leave your job?” Now her boss thinks that she is looking for a new job.

Alice did not follow your clinic policies and procedures properly and she left a confidential message with the wrong patient.

Bob is a new employee and will start his orientation tomorrow.

They each use the internet for their personal lives and as an employee. You need to know the best practices on the internet and how to protect your personal information. It's easy once you know how!

The 15 Day Privacy Challenge is a fun, FREE educational opportunity on privacy and security that you can use at home or at work. Enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches when you use these practical tips, tools, and resources.

This free course is ideal for businesses, healthcare practices, or clubs and their privacy officers, employees, and their families.

The course is free – there is no risk to you and you will see that the 15 Day Privacy Challenge is the perfect way to make small changes easily that can improve the privacy and security of your information right away!

October is Cyber Security Awareness Month and Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.

The 15 Day Privacy Challenge starts October 14th, for fifteen days.

The challenge includes tasks centered on a privacy or security best practice. Each challenge includes a short description about why this practice is important, how to get started, and links to additional resources. Each challenge will take approximately 15 minutes to complete.

Businesses and healthcare providers are legally responsible to ensure that every employee, contractor, and vendor receives privacy and security training, including cyber awareness. Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by being up to date on privacy and security best practices.

Training is the cornerstone of every privacy and security program.

People love games, challenges, and cyber competitions to create variety and interest in privacy and security best practices. The 15 Day Privacy Challenge uses a variety of multi-media content that everyone in your practice can understand. Privacy awareness training alone won’t guarantee that mistakes or errors in judgement won’t happen, but Privacy Awareness Training is your logical first step.

 privacy-challenge-information-managers-event-fb-2016-nolink

The 15 Day Privacy Challenge starts October 14th, for fifteen days.

 The 15 Day Privacy Challenge includes easy to access on-line resources delivered each day. You will have access to all of the resources for one year on the website.
BONUS – access to discussion group with other participants to share your tips.

  The 15 Day Privacy Challenges includes:

  • Posters
  • Short articles with practical information
  • Videos
  • Infographics
  • Links to additional free resources
  • Certificate of completion

The 15 Day Privacy Challenge includes practical tips on:

  • Confidentiality
  • Privacy Collection
  • Manage USB Sticks and Mobile Devices
  • Computer Backup
  • Computer Security
  • Spam email, Phishing emails, Spear-phishing
  • Privacy Officer Education
  • The Right to Access Your Own Personal Information
  • Change Your Passwords
  • Employee Orientation
  • Social Media
  • Risk Assessment
  • Privacy Breach Reporting

At the end of the challenge, you will receive a printable poster, bragging rights, and an opportunity to win a draw for a small prize basket (Canadian participants, only).

You will also have many more tools to add to your privacy tool box!

You can do this yourself or make it a team event. The finished tasks and poster will contribute to your business' Privacy Management Program. Proudly display your poster to your co-workers and customers to show the steps you have taken to manage privacy and security.

Successful challengers might also find that this qualifies for CPE credits, too!

 

Register for the 15 Day Privacy Challenge!

The course is free – there is no risk to you and you will see that the 15 Day Privacy Challenge is the perfect way to make small changes easily that can improve the privacy and security of your information right away!

Register right away while this is fresh in your mind! You won’t want to miss a single one!

 

 

#15DayPrivacyChallenge, #CyberAware, 15 Day Privacy Challenge, healthcare, Practical Privacy Coach, Practice Management Mentor, privacy, privacy awareness, privacy officer, security, security awareness, training

How to Create Social Media Policies

Posted on October 27, 2015 by Jean Eaton in Blog

October is Cyber Security Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Challenge #12 Social Media

If you decide to use social media in your business, you need clear rules about who will authorize messages. You also need a strong social media policy to provide direction and education to your employees about what they can – and can't – say on-line.

Employees also need to understand that if they participate in social media, their personal comments are still potentially a reflection of the business they represent. See “Securing the Human” for more information for employees.

Even if you decide not to use social media in your business, you still need to be aware of cyber threats such as hackers, viruses, malware or a cybersecurity breach, and implement a formal cybersecurity plan and social media policy for employees.

Review your organization’s policy and procedure about Social Media. See SANS and our articles “What Should You Include in Your Social Media Policy?”  and “The Honest Spin Doctor” for sample policies.

We are proud to be a Champion of National Cyber Security Awareness Month.

#CyberAware #15DayPrivacyChallenge.

 

#15DayPrivacyChallenge, #CyberAware, Practical Privacy Coach, Social Media policies, templates

Privacy Challenge #11 Privacy Awareness Training

Posted on October 25, 2015 by Jean Eaton in Archive

Privacy Awareness Training

80% of all privacy breaches are internal to the organization. It is the healthcare provider and employer’s responsibility to ensure that everyone in the organization knows the best practices to handle personal information. Healthcare providers must provide privacy and security awareness training to each employee and contracted vendors in a healthcare practice. This includes healthcare providers and professional staff as well as volunteers.

Employers and healthcare providers must be able to document that training is provided to the employee and that the employee understood the key concepts of the content provided in the training.

EmployeeOrientationA formal employee orientation process will help a new employee to succeed by:

  • Reducing the anxiety of the new recruit
  • Introducing the organization's mission and work
  • Explaining the organization's culture, including the values, behaviours, formal and informal practices, etc. including expectations of privacy and security of personal information. Set clear expectations of employee’s job performance and day-to-day activities.
  • Introduce new employee to colleagues, including managers or supervisors
  • Creating mentors and job ‘buddies' to help ease the new employee into the organization's culture

Privacy awareness training is an essential part of your employee orientation program.

Training alone won’t guarantee that mistakes or errors in judgement won’t happen, but the healthcare provider and employer are legally responsible to take reasonable steps prevent privacy and security breaches.

Privacy awareness training happens throughout the year. Informal training that is timely – say, the news item of the latest privacy breach – are great opportunities to reinforce key messages. Use ‘what if that happened to us, what would we do?’ to discuss lessons learned and improve your current practices, if necessary. Review near-miss privacy and security incidents in your practice. These are great opportunities to discuss and fix potential problems before they become breaches.

The Privacy Officer may create and deliver the training and will monitor, supervise, and support the training.

Use a variety of written and multi-media content like posters, newsletters, videos, infographics, and lunch ‘n learn discussions to reinforce key messages. People love games, challenges, and cyber competitions, too, as a way to create variety and interest in privacy and security.

Resources:

I am delighted to share with you a new course, Privacy Awareness in Healthcare: Essentials, training provided by Corridor Interactive. I have the great pleasure to work with Corridor Interactive to develop the course content.  Privacy Awareness in Healthcare: Essentials provides a privacy awareness training program available on demand. Individuals can register for the course and have access to a 3-month subscription. Employers can also purchase training for groups of employees; employees can access the internet based training at a time and location convenient to them. Employers can monitor the employee’s training progress and receive a report of employee’s satisfactory completion of on-line quizzes.

The Health Information Act Guidelines and Practices Manual from AHW provides an administrative checklist of custodian's responsibilities, including training requirements. This is a good outline for your privacy management program and employee orientation even if you don't need to follow the HIA. See Appendix 3 & 4.

Also see the Employee Orientation Checklist from the HRC Council: Getting the Right People.

Make use of networking within your organization and with associations, or organizations of similar or complementary services. Some vendors facilitate user groups. The Alberta Association of Clinic Managers and the Medical Group Management Association of Canada offer networking for Clinic Managers. Privacy Officers can find resources and networking at Privacy and Access Council of Canada.

Today's Challenge:

To Do:checklistsm

  • Do you know who the Privacy Officer is in your business?
  • Do you have an employee orientation checklist? When was it last updated?
  • How can the orientation process be improved?
  • Ask new employees for their feedback on their orientation.

Share Privacy Challenge #11!

envelopeEmail a Friend.

 

Twitter_logo_blueTweet your Followers.

 

 

 

#15DayPrivacyChallenge, #CyberAware, employee orientation, Practical Privacy Coach, privacy awareness training
123

What is the elephant in the room?

The Elephant in the Room Find out here...

 

Privacy Policy

 

The Data Privacy Day E-Course was very helpful and it made you think more seriously. I actually made some changes to my computer along way.

- Danielle

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2023 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}