Roadmap to Start Your On-Line Healthcare Practice

Posted on January 10, 2023 by Izza Nuguit in Blog

What is an On-line Healthcare Practice?

An on-line healthcare practice is a medical practice that provides services through the internet.

It typically involves using technology such as an Electronic Medical Record System (EMR) or practice management software, and billing software to manage patient health records and transactions.

Additionally, it may include using secure telecommunications like video meeting, asynchronous messaging, and telephone. A website and social media platforms help patients and clients to find your services.

Technology Supports On-line Healthcare Business

Telemedicine and virtual healthcare has exploded in the last few years. Patients-–and healthcare providers—are more willing to deliver health services differently. The rules guiding how healthcare providers are compensated or paid
for virtual services has changed. This has opened the gates to new opportunities for healthcare entrepreneurs.

More technology options offer the small business owner to purchase services from reputable vendors with privacy secure programs. The software as a service and cloud-based hosting, affordable business grade computer systems for home-based businesses, and high speed internet infrastructure makes it easier for healthcare entrepreneurs to start online healthcare practices.

Why Start an On-line Healthcare Practice?

Individual healthcare providers may want a practice that mixes in-person consultation with virtual follow-up visits.

(See my Practice Management Nuggets podcast, Why Medical Practices Will Have to Offer Telemedicine in the Future to Compete | Episode #095 interview with Dr. Michael Greiwe)

Others may want to a work experience where they are the boss and work from a location of their choice.

Some will keep their practice small—themselves, perhaps with administration support.

Some will hire a few practitioners to deliver a small suite of services.

Still others may develop a virtual workforce spread across the country.

Each of the above models benefit from these advantages.

1. Access to a larger patient population

Starting an online healthcare practice allows providers including physicians, pharmacists, dentists, mental health, nutrition, nurses (and more!) to access a larger patient population. By using technology such as secure messaging, appointment requests and prescription refills, patients can get the care they need without having to travel to a brick-and-mortar office.

This allows providers to reach more people in rural areas where it may be difficult for them to open up a brick-and-mortar practice. It also gives patients more flexibility in managing their health care needs from anywhere at any time of day or night.

2. Increased convenience for patients

Starting an online healthcare practice increases convenience for patients by allowing them to manage their health and communicate with their provider's office 24/7 from anywhere online or using a mobile app. The patient portal provides secure messaging and may provide patients access to their own lab results, for example.

3. Lower overhead costs

Starting an on-line healthcare practice can help to offset some of the operational costs. It allows you to work independently or join a group practice, which can save on start-up expenses.

This reduces the need for equipment, furniture, and other resources needed to run a traditional brick-and-mortar clinic.

4. Ability to offer specialty services

Starting an online healthcare practice allows providers to offer specialty services to their patients in a convenient and cost-effective manner. By eliminating the need for brick-and-mortar locations, online healthcare providers can reduce overhead costs and offer lower rates for services. Additionally, online healthcare providers can offer more specialized care than traditional practices due to the increased efficiency and access to a larger geographic reach.

5. Increased efficiency thanks to technology

Software as a service model and cloud based hosting allows the small business access to equipment and support previously only available to larger businesses.

6. Opportunity to offer new services, such as telemedicine

Virtual services and communication technology allows you to offer more convenient services that are accessible from anywhere at any time without having to be physically present in the office or clinic setting. Additionally, it opens up opportunities for expanding into new markets that may not have been previously available due to geographical restrictions.

7. Increased profits thanks to decreased overhead costs

Starting an on-line healthcare practice can help increase profits due to decreased overhead costs like commercial office space.

8. Ability to meet the needs of a growing population

The ability to meet the growing needs of a population is a compelling reason to start an on-line healthcare practice. With more and more people around the world struggling to access basic healthcare services, an on-line healthcare practice can provide convenient, affordable, and accessible care for those who need it most. Offering online consultations that are accessible 24/7 via smartphone or laptop computer reduces the barrier of entry preventing those in rural communities from accessing quality advice when they need it most.

What Compliance Requirements Do I Need to be Aware of When Starting an On-line Healthcare Practice?

When starting an on-line healthcare practice, you should be aware of the compliance requirements that keep healthcare regulated and secure for people across the country. These include:

Registering as a business entity.
Undergoing a credentialing process with professional colleges.
Acquiring EMR, computer equipment, and software to handle health records in compliance with provincial privacy legislation and professional colleges' standards of practice.
Billing payment processors for fee-for-service and uninsured services.
Policies, procedures, privacy and security risk assessment, and privacy impact assessment to securely manage personal health information across all technologies.

It is critical that your legal compliance and privacy compliance practices are in writing. This includes your contracts with vendors, employees, partner, and patients and clients.

What is a roadmap to start an online healthcare practice?

Join the 60-minute webinar for time-saving tips and a roadmap of critical steps on your journey to open your regulated healthcare practice. You will break through the fear and overwhelm around legal and privacy issues in starting a healthcare practice online.

Co-hosted by Canadian business lawyer Corinne Boudreau of Online Legal Essentials Inc. and Jean L. Eaton, Practical Privacy Coach & Practice Management Mentor of Information Managers Ltd.

Best Computer Service Support Options for Your Small Healthcare Practice

Posted on August 30, 2022 by Izza Nuguit in Blog

What is the Best Computer Service Support for Your Small Healthcare Practice?

Many healthcare providers starting their first practice are ‘bootstrapping’ their business. They don’t have external investors in their business. Business owners are balancing what can they do themselves and what services to hire from someone else.

Today, we will strategize how to implement technology in your healthcare practice and have a look at the different options available to you to select the best computer service support for your small healthcare practice.

Should You Do It Yourself?

When starting your own healthcare practice, it can be tempting to try to save costs by trying your hand at a DIY approach for managing the hardware and software required to run a practice.

That might work for a while. But soon, you will want to look into your options for outsourcing some of this.

When outsourcing your information technology (IT) need, it’s important to remember that you are ultimately responsible for managing the collection, use, security and safeguards for all personal information that you collect and control.

Let me help you with some definitions, terminology, resources to help you manage your computer network system and to determine what services are best suited for your needs.

We’ll have a look at:

Internet Service Providers
Managed Service Providers VS Managed Security Service Providers
Hardware as Service
Value Added Resellers
Cloud Service Providers
Software As A Service (SaaS), and
Remote Monitoring and Management Tools

Keep reading to find out the differences of these.

What is an Internet Service Provider (ISP)?

Internet service providers are likely the service on this list you are already most familiar with-–after all most of us deal with them in our personal lives, as well as in our professional lives.

These are companies which provide services which allow us to access the internet.

Unfortunately, some people assume that their ISP is also providing network security at the same time, which is simply not the case the majority of the time.

Something as simple as not changing the default password on your modem or wireless router can lead to vulnerabilities in your network. Right away, many DIY business owners are starting to feel the pinch about not knowing enough about IT to keep their practices secure.

There are some internet service providers also now offering managed service provider system as well. If you choose to go this route, ensure that you have a clear understanding about what they can and cannot do and documentation to show what exactly what is included in your fees.

Managed Service Providers (MSP) and Managed Security Service Providers (MSSP)

The definition of Managed Service Provider (MSP) is:

A MSP delivers services, such as network, application, infrastructure and security, via ongoing and regular support and active administration on customers’ premises, in their MSP’s data center (hosting), or in a third-party data center.

MSPs may deliver their own native services in conjunction with other providers’ services (for example, a security MSP providing sys admin on top of a third-party cloud IaaS). Pure-play MSPs focus on one vendor or technology, usually their own core offerings. Many MSPs include services from other types of providers. The term MSP traditionally was applied to infrastructure or device-centric types of services but has expanded.

– Gartner's Information Technology Glossary

Managed service providers are a great option for end users without the technical expertise required to manage their own networks.

If considering an MSP, you may consider referencing the Risk Considerations For Managed Service Provider Customers document put out by the Cybersecurity and Infrastructure Security Agency which outlines risk considerations organizations need to consider when they partner with a MSP.

MSP vs MSSP

Managed Security Service Providers (MSSP) provide security monitoring and management services to organizations to ensure they are protected from cybersecurity threats.

The types of services MSSPs can offer include threat monitoring and intrusion detection, firewall management, patch management, endpoint protection, and penetration testing as examples.

An MSP ensures your IT systems are operational, but a MSSP offers true security as a service, ensuring your people and systems are safe, secure and compliant.

Managed Services are a good way for businesses to get a high-quality IT service at a predictable monthly cost, instead of having to manage everything themselves, in-house.

What is Hardware as a Service?

Hardware as a Service allows customers to outsource the procurement, installation and support of their IT hardware, at a fixed and predictable monthly cost. Companies who use Hardware as a Service benefit from knowing any issues with their hardware will be diagnosed and fixed by the provider, without having to guess at the cost of the repair.

This is a convenient way of getting the best hardware without having to spend much cash upfront. The service model is similar to leasing or licensing whereby a business obtains IT hardware from a company, and the terms are dictated by a Service Level Agreement (SLA). In the case of hardware breakdown or any hardware becoming obsolete, the hiring company is responsible for repairing or changing it. Hardware as a Service can be provided by a managed service company or as a stand-alone service provided to businesses who are looking to acquire IT hardware.

Typically, these vendors do not provide ongoing monitoring, updates, and patch support to your network.

What is a Value-added Reseller?

A value-added reseller takes existing hardware, adds features such as third-party software, and then sells it at a markup to the end user.

The biggest difference between VARs and MSPs is the term of their involvement with the end user. VARs generally operate on a transactional basis (per license or seat), or a short-term contract. By contrast, MSPs operate on longer-term annual or multi-year contracts, and the tenure of their relationship is open-ended.

What is a Cloud Service Provider (CSP)?

CSPs offer access to technology and infrastructure that they own. This may be part of your digital transformation plan.

You’ve likely heard of some of the more popular cloud service providers, such as Amazon Web Services, Microsoft Azure and Google Cloud Platform.

If you choose to use a cloud service for storing information, you’ll want to do some due diligence to determine the security the service has in place, where the information is stored, and to avoid services which have servers outside of Canada. Even when you use a CSP, you are still responsible to ensure that your local computer environment is secure. This is referred to as a Shared Responsibility model.

What is the Software As A Service (SaaS) Business Model?

SaaS is a type of CSP. The vendor provides a software on their data centre and you remotely access the software and use it on your device. Examples of this includes Microsoft Office 365, Google Workspaces, and even some electronic medical record (EMR) and electronic dental record (EDR) service providers.

If you’re using a service such as this, the same security caveats which come with cloud services need to be considered such as where the servers storing the information are located.

Privacy, confidentiality, and security of personal information is a shared responsibility whether it is on your device or an outsourced service.

You must properly configure your SaaS so that it is properly securing your data, and communication between yourself and your vendor is critical to understanding the shared responsibility of securing the data.

As the end user, you are responsible for security ‘in’ the cloud. This includes the responsibility of:

Collecting and maintaining the customer / PHI data
Identity and access management (IAM)
Application management
Operating system and firewall on your devices
Client side data encryption, data integrity, authentication
Server-side encryption
Network traffic management

Remote Monitoring and Management Tools (RMM)

Many MSPs, and some internal IT teams, use a remote monitoring and management tool (RMM). This is the software put on the workstations and servers, primarily. These tool report back to the RMM server and provides data so that the MSP can monitor and manage the system.

The tool allows the MSP to see issues such as:

When software needs to be updated
If computer needs to be rebooted
That there was an error in a system log that needs to be addressed.

All of this happens behind the scenes and allows the MSP to manage your system remotely.

The issue with RMM is that the software has the ability to fully control your computers so these RMM tools need to be secured.

If not secured properly from internal threats as well as external threats and a bad guy is able to get into your MSP’s RMM, they now have access to every single client network—including yours!–that the MSP manages. And that is a bad, bad day!

Vet Your Vendors for the Best Computer Service Support Option

Most healthcare providers start with a DIY approach to their computer network. Over time, your needs will change. It is good practice to meet regularly with your vendors to re-visit your IT strategy.

Your best computer service support option during your start-up phase will likely be different as your business matures.

When you select the right outsourced service to support your healthcare practice, you will improve your practice management efficiency and privacy compliance.

Remember to vet the vendor before you enter into a service agreement and Information Management Agreement.

See the Practice Management Nuggets Podcast for Your Healthcare Providers, What Healthcare Practices Should Know About Vendor Vetting And Accountability | Episode #085 with guest Expert Donna Grindle for tips to help you with this step.

Join Practice Management Success Today!

As a healthcare provider, you need to stay on top of changing trends and technologies that impact privacy compliance and efficient practice management.

Changing technology and properly managing computer systems is just one aspect of that.

Practice Management Success offers you access to tools, templates, tips, and training to help solve common problems which may come up in your practice.

It's kinda like having a clinic manager mentor (or a Jeannie) on Zoom!

Become a member of the Practice Management Success Membership!

digital health, healthcare practice management, privacy

How Does Unique User ID Protect Patient Information In Your Practice?

Posted on August 18, 2022 by Izza Nuguit in Blog

Why You Need Unique User ID In Your Healthcare Practice

When you’re setting up computer systems for your healthcare practice, start by ensuring that every user has a unique user identity (user ID).

Sharing login credentials for everyone on your team can lead to compromised account security, which makes you more vulnerable to phishing attempts, and leads to a greater risk of sensitive information getting into the wrong hands.

Today we’re going to look at why you need to ensure everyone on your team who requires access to IT systems has their own unique user ID and login credentials.

What is User ID?

The user ID or username that you create when you are granted access to a computer network or software application should be unique to the user (not shared). The user ID is persistent—that is, it doesn’t change.

While a user ID needn’t be as complex as a password, you want to avoid an easily guessed or spoofed name. Instead, create a user ID that is reasonably short and uses a mix of letters and numbers and special characters. The system should not allow duplicate user ID’s and may have additional criteria about what the name can include.

Sometimes, the user ID appears linked to the content that you enter. For example, the username might be associated with a clinic note you enter in the electronic medical record, internal messaging, or even a blog post.

You can think of the user ID as your digital signature that uniquely identifies the computer user.

You may also have certain programs or additional software, applications, and data, including sensitive information, personally identifying information (PII), and personal health information (PHI) which require an additional unique user ID and password.

Don’t Share Your Unique User ID!

Individuals are responsible for their unique user ID. A user ID is important to provide non-reputability for the user. It ensures that the user cannot deny having taken a particular action.

For example, in an office computer, a user ID would be used to login to the system. Once the user is logged in, they can view their personal folders, shared folders, access to printers, and so on. If the user were to deny accessing and printing a particular file, the user ID would prove that they had indeed accessed and printed the file.

Layers of Protection Is Better

A two-step process that requires the user to enter their unique user ID to access a computer or device, and another unique user ID to access a program like an EMR, is an example of a dual login. This added level of security ensures that an authorized user has access to both the local device and the software.

Multi-factor authentication (MFA) is a better level of security. Again, this starts with entering a unique user ID on the device, a different unique user ID to access specific software, and a token or code that is sent to the user. The user must enter the code into the software prior to access granted. The goal of this authentication intent is to make it more difficult to access devices or applications without the subject’s knowledge, such as by malware on the endpoint.

MFA is a core component of a strong identity and access management (IAM) policy. It all starts with having a unique username, password, and an additional verification factor, which decreases the likelihood of a successful cyber attack.

79% of organizations have experienced an identity-related security breach in the last two years [Identity Defined Security Alliance] and 61% of all breaches resulted from stolen credentials, whether through social engineering or brute force attacks. [Verizon Data Breach Investigations Report].

Why You Need Unique User ID In Your Healthcare Practice

Benefits of enforcing unique user ID for every user include:

Tracking user activity and manage overall operations on a particular system, network or application.
Improved security, decreased likelihood of inappropriate access, reduced errors, reduced malicious actions internal and external to the business.
Avoidance of fines and sanctions, under privacy legislation.

My EMR / EDR Has Unique User ID. Isn’t That Good Enough?

Many healthcare practices have not yet implemented a unique user ID policy. Instead, they rely on the electronic medical record (EMR), electronic dental record (EDR) or other practice management software (PMS) system to require unique user ID to access this sensitive data.

This simply isn’t good enough. Locking the back door while the front door is unlocked is not a sufficient deterrent to prevent unauthorized access to your systems and the information that it contains.

I’m certain that there are other sections in your computer files where sensitive information (employee, business, and/or patient information) is maintained. This needs to be protected by identity management and audit tracking, too.

The extra layer of protection of having unique user ID to access your computer system AND another unique user ID to access your EMR / EDR is a reasonable safeguard. Alberta Netcare, NIST, and privacy regulations recommend this minimum standard.

In IBM’s Cost of Data Breach Report 2021, compromised credentials were responsible for 20% of breaches.

Having shared user accounts (instead of unique user ID) increases the likelihood that the user credentials will be compromised and may result in a privacy and security incident.

The IBM report also identified that a zero trust approach helped reduce both the likelihood and the cost of a privacy and security breach. Zero trust means that everyone accessing electronic data must use strong authentication and authorization at all times. In short, don’t assume that because the user is accessing a computer at a specific location, that the user is authorized to access the computer.

Authentication and authorization (both subject and device) are discrete functions performed before a session to an enterprise resource is established.

Make It Easy To Implement Unique User ID Policy

Businesses should use business-grade computer hardware and software for their computer networks and mobile devices. Select operating systems that make it easy to create and manage user accounts. Ensure that user activity audit logging is enabled.

You might be ‘pretty good’ at managing a computer. However, I recommend that healthcare providers, clinic managers, and business owners contact a local computer network technician or managed service provider to help you properly set up user management. Protect your patient’s information and your practice with good computer user management.

Join Practice Management Success Today!

As a healthcare provider, you need to stay on top of changing trends and technologies-–not just those related to your work, but things in the world which can affect how you manage your practice and patients.

Changing technology is a huge part of that world, and properly managing computer systems is just one aspect of that.

Become a member of the Practice Management Success Membership!

Practice Management Success offers you access to tools, templates, tips, and training to help solve common problems which may come up in your practice.

It's kinda like having a clinic manager mentor (or a Jeannie) on Zoom!

digital health, healthcare practice management, privacy, security

Your Patient Requests To Record Their Appointment With You

Posted on July 29, 2022 by Izza Nuguit in Blog

Your Patient Requests To Record Their Appointment With You – What Does This Mean For You, As A Health Care Provider?

Often, doctors’ visits are fairly straightforward.

When there are no major concerns or new diagnoses, it can be in and out quickly, and with little fuss.

There are times, however, when visiting the doctor can be overwhelming for patients.

When a patient is receiving a new diagnosis, for instance, it often comes with instructions for how to best manage their condition, dietary restrictions, or exercises they need to perform in order to help them achieve a better outcome.

In cases like this, some patients may request to record their conversations with you, their healthcare provider.

The first time you receive a request like this, it may seem surprising.

With technology such as smartphones, it’s becoming easier and easier for people to make these recordings so it’s best to be prepared for it.

Let’s have a look at the things you need to consider when it comes to patients who ask to record their appointments.

Why Do Patients Want To Record Conversations?

A patient may request to record a conversation for several reasons.

Some of these may include:

More accurate sharing of health advice and instructions with other family members or caregivers who help them manage their diagnosis
Allows for better communication between you as a healthcare provider and your patients
Improved compliance with instructions, as they will refer to the recording

Benefits To Recording Patient Appointments

Each of these reasons ultimately has the effect of potentially helping improve compliance with your instructions, and thus improving patient outcomes.

“71% of patients listened to their recordings, while 68% shared them with a caregiver.” – The Dartmouth Institute for Health Policy & Clinical Practice

Unfortunately, anytime you are recorded, there is the potential drawback that recordings could be used inappropriately.

Some inappropriate use of recordings by patients may include:

Recording without the consent of the healthcare provider.
Recording information (audio, visual) of other persons, including patients, visitors, or other employees.
Sharing of recording inappropriately on social media.
Security of the recording may be compromised, which may negatively affect the patients’ and the healthcare providers’ privacy.
Patient’s recording of the healthcare visit may be used against the healthcare provider in a complaint process.

As you can see, there are both benefits and drawbacks to allowing recording of conversations with patients.

Now we will look at the next steps when you allow recording and when you would prefer to not be recorded.

I’ve Agreed To Be Recorded – Now What?

If your patient has requested to record your session, and you’ve agreed, there are some things which will need to be discussed before moving forward regarding appropriate use of recordings.

The patient usually requests permission to record at the beginning of the encounter.

Discuss and agree to the terms of the recording, for example:

• How the recording will be made
• How a recording will be made available to the patient’s health record
• Identify (name) who will be included in the recording and ensuring that the privacy of other people is not affected
• How follow-up questions will be managed.

Document the Encounter

You, as the healthcare provider, may make the recording, keeping a copy for the health record, and share the recording with the patient. Or, you may make a separate recording at the same time of the patient and add the recording to the patient’s health record.

If you will also make a recording, the patient is required to consent in writing to the recording. Include the patient’s consent in the patient’s health record.

In addition to the clinic notes you may make:

Securely maintain the audio recording in the patient’s health record or in a digital audio file format securely stored on the computer network.
In the patient’s health record clinic note, include the link to the computer file with thee recording.
The healthcare provider will record in the clinic note:
- The conversation was recorded – by whom and who has control of the audio file.
- Consent was obtained (if applicable)
- Summary of the conversation

What If I Don’t Feel Comfortable Being Recorded?

If a patient requests to record your session, you may choose to decline their request.

This may just be because you are working to implement policies and systems surrounding recording, but they aren’t quite in place yet.

If a patient request to record your session, and your decision to decline, you will need to make a note of the request, as well as your grounds for denying it, in the patient’s clinic notes.

If the patient is worried about being able to remember of follow instructions, some alternatives to recording may include:

Provide the patient with information resources including paper handouts, advice documents, or on-line audio or video advice and information resources.
Allow the patient to invite a trusted family member, friend, or care provider to accompany the patient during the patient’s health care visit.

Workflow Patient Record Appointment

Join Practice Management Success Today!

Changing technology is a huge part of that world, and the growing use of cell phones to record conversations is just one aspect of that.

Be prepared when patients ask permission to record their visits with you. Grab the procedure and patient request form template that you can use right away! Become a member of the Practice Management Success Membership!

Practice Management Success offers you access to tools, templates, tips, and training to help solve common problems which may come up in your practice.

It's kinda like having a clinic manager mentor (or a Jeannie) on Zoom! ✨

Reference

Canadian Medical Protective Association [Internet]. Ottawa (ON): CMPA 2017 March. Smartphone Recordings By Patients: Be Prepared, It's Happening Retrieved https://www.cmpa-acpm.ca/static-assets/pdf/advice-and-publications/perspective/com_17_perspective_march-e.pdf

The Dartmouth Institute for Health Policy & Clinical Practice. “Can patients record doctor's visits? What does the law say?.” ScienceDaily. www.sciencedaily.com/releases/2017/07/170710135301.htm (accessed July 23, 2022).

digital health, healthcare practice management, privacy

Get It In Writing Podcast – Employee Snooping and Other Privacy Breaches

Posted on July 12, 2022 by Izza Nuguit in Blog

Get It In Writing Podcast Talks About Employee Snooping

In this episode of the Get It In Writing podcast, Corinne Boudreau explores common sources of privacy breaches for health care practitioners in Canada with health privacy expert, Jean L. Eaton.

Specifically, Corinne and Jean chat about:

How employee snooping results in 20% of healthcare privacy breaches
What policies you must have in your healthcare practice
What role and importance privacy policies play in healthcare

Employee Snooping and Other Privacy Breaches to Guard Against if You're a Health Care Practitioner

Listen to the podcast episode here: Get It In Writing Podcast Season 1 – Episode 10

Or on your favourite podcast player!

What Is Snooping?

Snooping is a privacy breach! When you access patients’ personal information for a purpose other than to provide a health service, it is snooping.

Often, people view personal information of their patients, clients, or employees because they are ‘curious’. Not everyone understands that ‘just looking’ is considered snooping.

When We Know Better, We Do Better

Discuss snooping with your employees and prevent privacy breaches in your healthcare practice.

Want to learn more? Pick up Jean’s book, Tips to Prevent Employee Snooping: A Key Component of Your Privacy Practice Management Program, with your favourite e-book seller.

Tips To Prevent Employee Snooping - Privacy Management Program Book Cover

Corinne Boudreau makes legal jargon easier to understand. That’s worth a 5 ***** rating, isn’t it?

Listen to the podcast and give Corinne a 5 star ***** rating!

digital health, healthcare practice management, privacy breach

Should You Use Encrypted Emails In Your Practice?

Posted on June 27, 2022 by Jean Eaton in Blog

Should You Use Encrypted Emails In Your Practice?

There are many jokes around these days like “Fax machines? Who still uses those? And why are you still using fax machines? It’s the 2020s, not the 1990s!

People who don’t use them regularly may not realize it, but there are still many places which still use fax machines today—from legal offices, to governments, and yes—doctors offices.

This is because fax machines are much more secure than electronic networks such as email.

One doctor’s office asks: As healthcare professionals, we routinely send our referring physicians a report of the patient’s progress by fax. One clinic would like us to send the reports to them using their encrypted email link instead of fax.

Can we do that?

Today we’ll look at the pros and cons of switching to encrypted email as a method to securely send personal health information and try to answer this question.

What Are The Issues With Email?

First, we need to look at regular, non-encrypted email.

Grant Dakin, President of Solid Technology Solutions reminds us:

“When it comes to sharing sensitive information via email it should always be assumed that it is insecure. Basic email is generally open text, and to many email servers out there, especially on the public side, are not setup to handle encrypted email protocols.”

Even if your email service provider offers message encryption while a message is traveling between computers, this often does not apply on either end, and the message in the outgoing sent box and incoming inbox are often left unencrypted and vulnerable.

If information is not appropriately sorted once it arrives in the recipient’s inbox, there may still be issues with storing information in your email.

If the sender and the receiver do not appropriately manage their in and out boxes to ensure that it has limited information, appropriate access to only the right persons, and has been securely deleted, you have only addressed part of the problem.

When sending information to another clinic or doctor’s office, you may ask what practices does the other clinic have for storing information?

The same questions are important for patients as well:

Does the patient have access to a computer where they can download information?
Are they using a personal computer or an employer’s computer?
Do they have a secure place to access the information?

These are all things which need to be taken under consideration before you send personal information by email in your healthcare practice.

Why Are Some People Switching to From Faxing?

So, a referring partner who typically sends the consultation report to you by fax now wants to send it to you by encrypted email.

It’s not uncommon for places to want to upgrade their technology.

Fax machines can be large and clunky, and using encrypted email for consultation reports, referral requests, and more can be attractive to streamline operations. Many people feel that fax machines are obsolete. In early March of 2021, the Government of Ontario announced it would phase out its use of all fax machines by the end of the year.

However, there isn’t a common alternate communication standard across healthcare, private, and public users that is as common as the fax machine.

There have also been numerous privacy breaches in healthcare related to improper use of fax machines. For example, in the Ontario Information and Privacy Commissioner’s 2020 Annual Report, the IPC found that, in 2020 about 58 per cent of breaches experienced by health information custodians were caused by misdirected faxes.

How Does Encrypted Email Work?

Encrypted email works using an encryption key.

What is Encryption? Encryption is a method to disguise a message into a secret code. Only the people that have the ‘key’ to the secret code can un-scramble the message so that it can be read.

In order to use them, both the sender and the receiver need to have a key—the sender uses it to encrypt the message before sending it, and the receiver needs a key to decipher the message.

Grant Dakin explains: “Encrypted email services are a third-party service that will securely store the message, typically a secure web page, until a verification process is completed. This is key. The recipient needs to prove their identity to be able to view the message. At minimum, this can be a username / password challenge using a verified recipient owned email address. When possible, it is recommended to have multifactor authentication (MFA) employed. The use of MFA is dictated by compliance requirements, the type of information and your user base.”

This might seem overly complicated if you’re not used to using encryption services, which may not be an issue when sending information to another clinic, especially if they’re the ones who suggested using encrypted email.

Encrypted Email Process Diagram

When it comes to sending information to patients, especially those who aren’t very tech savvy, you need to consider if encrypted email is the right option.

Things to Consider When Implementing Encrypted Email

If you’re considering implementing encrypted email into your practice, you’ll want to first do a risk assessment, which should include:

Discussions with IT vendor / Managed Service Provider
Assess the reputation of the encryption vendor
Does the encrypted email meet industry compliance requirements?
Review your existing policies and procedures
Update those policies and procedures as required
Approval from Privacy Officer / Custodian / CEO
Prepare / update your privacy impact assessment (PIA)
Training for your staff on how to use the encryption software
Is there a verification process to ensure that the right person is viewing / accessing the information?
Verify that there are encryption protocols being used (If retrieving from a browser, verify that there is a valid SSL certificate)

For further guidance on choosing an encrypted email service, Grant Dakin offers the following:

“When looking for an encrypted email service, be certain that the service provider can demonstrate compliance. Most third-party providers base their compliance on HIPAA, which is a US based compliance, but it is very much in line with Alberta's Health Information Act (HIA) and our various Privacy Acts. For us, at SolidTech, the most common encrypted email service provider that we deploy would be Microsoft 365, which is HIPAA / HIA compliant, providing it is set up properly.”

Consider also that if you send information via encrypted email, there will probably be a learning curve for the receiver of the information as well. You may want to offer a basic outline to patients who opt to receive email this way about how it all works.

It may seem surprising at how much time it takes to appropriately and correctly implement an email encryption service in your healthcare practice. But if you will “axe the fax” and discontinue the use of a fax machine, you need to complete a risk assessment and plan an alternate solution.

What Else Can I Use, Instead of Encrypted Email?

If you aren’t ready to make the jump to encrypted email systems but want to get away from using fax machines in your practice, there are alternatives to encrypted email to consider.

Some of these include:

Portals from electronic medical record (EMR) systems
Sharing networks
Secure messaging

PrescribeIT^® enables prescribers to electronically transmit a prescription directly from an electronic medical record (EMR) to the pharmacy management system (PMS) of a patient’s pharmacy of choice. See the blog post, “Using PrescribeIT To Streamline Your Workflow”.

Any changes to how you send personal information, whether to patients or other clinics can’t just be a unilateral decision on your part.

Just because you’re ready to make a change, it doesn't mean that the recipients are ready to receive it in that way. You must communicate with your partners and patients about your plans and ensure everyone is on board.

Furthermore, it’s always good to have a business continuity plan in case your chosen method ceases to work as expected.

I’m Ready To Implement Encrypted Email—What’s Next?

If you think encrypted email might be the right choice for your practice, you might wonder, “What next?”

Getting started with a change like this may seem overwhelming, but you don’t have to do it alone.

Connect with Grant Dakin of Solid Technologies Solutions Inc.

Also see, “Texting with Patients; Can You Use Text Messaging With Patients?”

digital health, healthcare practice management, privacy

Going Digital: Using PrescribeIT® To Streamline Your Workflow And Modernize Your Healthcare Practice

Posted on February 17, 2022 by Jean Eaton in Blog

Using PrescribeIT Makes Prescribing Easier And More Convenient

As a family physician you have a lot of responsibilities.

One of which involves writing, and refilling prescriptions for your patients.

This task, in and of itself, is simple enough, however, there’s often much more to it.

You’re dealing with patients calling in to get a refill, or the pharmacy looking for clarity, or wanting to make a substitution.

Managing all of this can be time consuming and frustrating – but there is a better way.

Would you like to take back the time and reduce frustration in your practice?

PrescribeIT® might be the solution you’ve been waiting for.

PrescribeIT® makes prescribing easier and more convenient for Canadians, prescribers, and pharmacists. It also improves patient safety and health outcomes and protects patient privacy.

A project of the Canada Health Infoway initiative, which aims to help bring healthcare into a digital world, so that physicians can better connect with patients and pharmacies.

Benefits of Using PrescribeIT Digital Prescriptions

Paper and fax-based prescriptions are outdated, inefficient, and costly – going digital can help you reclaim your valuable time and money.

Prescribe IT® can help reduce errors in prescriptions, due to lack of legibility, and eliminate patients calling to have a script re-done because they’ve lost it.

Some of the benefits to managing prescriptions digitally using Prescribe IT® Include:

The ability to electronically generate, accept, renew, and cancel prescriptions directly from your electronic medical records (EMR) at no additional cost
Avoid errors which can arise with fax transmissions
Offers secure transmission from your office to the pharmacy – email isn’t secure, and you never know who is on the other side of a fax machine
Streamlined system for pharmacies to request refills and renewals
Enhanced patient safety and privacy

All of these benefits can be implemented with minimal changes to your current workflow processes.

Paper Prescriptions Are Inefficient

Did you that over 600 million prescriptions dispensed in Canada annually?

At a recent in-service with the Edmonton and District Clinic Managers Association, guest speaker Joelle Withers, Manager, Prescriber Relations & Deployment, Canada Health Infoway revealed the following statistics about prescriptions in Canada:

Nine percent are narcotics or another controlled drug
Over forty percent of prescriptions are handwritten
Thirty five percent of prescriptions are computer generated and taken to the pharmacy in person
Over four million Canadians have admitted to losing or damaging a prescription, including:
- 415,000 prescriptions have taken a spin in the wash cycle
- 140,000 prescriptions decided to go puddle jumping in the rain
- 88,000 of those prescriptions were eaten by dogs (tell this to every teacher who has heard the “my dog ate my homework excuse)

As a result of lost or damage prescriptions, over seven hundred thousand Canadians have decided to go without their medications, rather than calling to have a new one issued.

Finally, as many as seventy eight percent of Canadians prefer to go directly to the pharmacy right after receiving their prescription to pick up their medication.

Workflow Efficiencies

Using Prescribe IT® in your practice, allows you to electronically send your patients prescriptions directly to the pharmacy of their choice.

This will create efficiencies and save you time:

No more lost prescriptions, no more time wasted needing to redo paperwork.
No more telephone or fax tag with pharmacies – Instead, Prescribe IT® offers secure physician to pharmacy messaging.
Integration into the patient record in your EMR – you can view that the prescription is dispensed.
Patients select the pharmacy of their choice – and arrive to pick up the prescription with no waiting to drop-off and pick-up delay.
Patients who prefer a paper copy of their prescription still have this option
Prescribe IT® is approved for use with the Triplicate Prescription program.

Which Pharmacies Accept PrescribeIT?

Many pharmacies have been approved to participate in PrescribeIT including Rexall, Guardian, IDA, Shoppers, and Safeway.

I’m Ready To Try Prescribe IT In My Practice – What’s Next?

Are you ready to bring Prescribe IT® into your practice?

Let’s take a look at how to get started.

I’m Opening A New Clinic

If you’re opening a new clinic and want to use Prescribe IT®, you’ll need to follow the following steps:

Prepare your Privacy Impact Assessment which describes your organization management system and your selected electronic medical records (EMR) solution.
PrescribeIT integration is currently available with the following EMR solutions: Telus Medaccess, Microquest Healthquest, QHR Accuro (soon).
Submit your application of interest to PrescribeIT now to be ready to implement when your Privacy Impact Assessment is accepted by the Office of the Information and Privacy Commissioner (OIPC).
Once your application is approved, Canada Health Infoway will send to you a Privacy Impact Assessment for PrescribeIT that you will review, edit if necessary, and submit to the OIPC.

I Have An Existing Clinic

You can apply to Canada Health Infoway to start using PrescribeIT® in your current clinic, if

You are using one of the accepted EMR vendors, and
You have an accepted Privacy Impact Assessment for your EMR implementation.

After your application submission, Canada Health Infoway will send to you a Privacy Impact Assessment for PrescribeIT that you will review, edit if necessary, and submit to the OIPC.

Get Started with Prescribe IT® Today

Are you ready to do away with paper prescriptions?

Tired of playing phone tag with the pharmacy, or having to redo paperwork due to patients losing paperwork?

To get started with PrescribeIT®, please fill out an application of interest form HERE

Do You Need A Privacy Impact Assessment?

If you’re looking for assistance with your Privacy Impact Assessment, we’re here to help you.

Contact Information Managers today!

PrescribeIT® is registered by Canada Health Infoway. Used with permission.

digital health, healthcare practice management

Do You Want to Turn Your Hectic Waiting Room Into a Reception Area?

Posted on November 22, 2017 by Jean Eaton in Archive

Practice Management Nugget Webinar for Your Healthcare Practice

with Chris Naraine, National Sales Director and
Robert Cove, Solutions Consultant of Bleen

Thursday Nov 23, 2017 12 Noon MST

Are you a clinic manager who dreads the Monday morning phone rush?

Are your walk-in patients pushy, impatient, and frustrated waiting for their turn to see the doctor?

Do your patients complain about how difficult it is to phone into the clinic jut to make an appointment?

You can do better than that!

My guests on Practice Management Nuggets Webinars for Your Healthcare Practice will show you how!

Chris Naraine, National Sales Director and Robert Cove, Solutions Consultant of Bleen know how automated scheduling solutions can help your small to medium family medical practices

Reduce 40% to 60% of your incoming phone calls.
Reduce 75% of your no-show appointments.

CLICK ON THE >> Play button to watch the replay.

THE WEBINAR REPLAY is now available for a limited time.

Chris Naraine, National Sales Director and Robert Cove, Solutions Consultant of Bleen know how automated scheduling solutions can help your small to medium family medical practices

Reduce 40% to 60% of your incoming phone calls.
Reduce 75% of your no-show appointments.

If you are ready to change your hectic, stressful front office for an efficient, respectful front office and you are a

Clinic manager of a small to medium family healthcare practice or
Healthcare provider planning a new practice

Jump on this FREE Interview with automated scheduling solutions experts Chris Naraine and Robert Cove and discover how you can improve your patient flow management.

Practice Management Nuggets’© series is hosted by Jean Eaton (Your Practice Management Mentor) of Information Managers Ltd.

#PracticeManagementNuggets, appointments, automated scheduling solution, Bleen, digital health, health care, healthcare, medical, on-line booking, practice management

Improve Your Patient Referral Management

Posted on September 23, 2017 by Jean Eaton in PMN Replay

Improve Your Patient Referral Management

with Dr. Denis Vincent

Recorded Live Thursday Oct 12, 2017 12 Noon MDT

Watch the replay now!

Many healthcare practices find that patient referral management is the single biggest time consuming and difficult chore in their practice. It is critically important to get this right.

Now healthcare practices of any size can improve your patient referral management process in this 30 minutes interview with Dr. Denis Vincent of ezReferral.

Dr. Denis Vincent of ezReferral knows the importance of Health Care Referrals Done Right.

If you are

– drowning in patient referrals
– tired of playing telephone tag with specialists and patients
– ready to stop using old fax technology that is a massive time waster, and can be very costly both financially and emotionally when faxes get lost in the system.

Interview with patient referral management expert Dr. Denis Vincent, ezReferral and discover how you can improve your patient referral management.

Health care referrals done right improves patient satisfaction and saves you time and money every day!

CLICK ON THE >> ARROW TO CONNECT TO THE WEBINAR

If you don't have a speaker or headset, you can listen to the audio through your telephone. Dial +1(425) 440-5010 (To dial a local number click here http://instantteleseminar.com/local/?pin=386568 Pin Code 386568#)

Click here to download your Learning Resources Guide

Join the Chat!

Ask your questions here – and receive a reply by email:

Dr. Denis Vincent of ezReferrel knows that you prevent fines and security incidents when you take steps now to prevent problems in the future. In this Free 30-minute Privacy Management Nugget Webinar, Dr. Vincent will show you how to:

Improve communication between referral and specialist office
Improve patient satisfaction
Improve patient care
Save you time and money

Dr. Denis Vincent

Practice Management Nuggets’© series is hosted by Jean Eaton (Your Practice Management Mentor) of Information Managers Ltd.

#PracticeManagementNuggets, digital health, Dr. Denis Vincent, ez Referral, ezReferral, health care, healthcare, medical, patient engagement, patient referral management, practice management