Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Business are Victims of Economic Crime and Fraud

Posted on March 14, 2016 by Jean Eaton in Blog

March is Fraud Prevention Month

40% of Canadian organizations reported that they were victims of fraud in the last two years. This includes asset mis-appropriation, procurement, and cyber fraud, as reported on CanadaAM on March 9, 2016 interview with Lori-Ann Beausoleil, PWC Canada.

Ophthalmology Business article, ‘6 Ways To Curb Employee Theft‘  includes tips that physicians and administrators can do to curb the risk of theft.

  1. Vet your employees
  2. Track inventory
  3. Let employees know that you are concerned about fraud
  4. Separate financial-related duties
  5. Out of sight, out of mind
  6. Use electronic health records (EHR) to your advantage

Read ‘6 Ways To Curb Employee Theft‘ to see all the suggestions by Jean L. Eaton, Steve Dawson, Jodie Boxe in this article by Vanessa Caceres.

For more suggestions on how to manage risks especially when your staff work alone, see my interview with Dave Rodwell, ‘Do Your Staff Work Alone?'

There are many things that you can do to prevent fraud in your healthcare practice. Being aware of the risk is your first step.

corporate security, Dave Rodwell, fraud prevention, health care, healthcare, incident plan, Jodie Boxe, ophthalmology, Practice Management Mentor, Practice Management Nugget, risk management, security, Steve Dawson, Vanessa Caceres, work alone

The Email You NEVER Want to Get: I Have Received a Complaint From a Patient

Posted on February 22, 2016 by Jean Eaton in Blog

“Alice, I have received a complaint from a patient that you may have committed a privacy breach,” said the clinic manager.

You told me what happened. You did not follow our clinic policies and procedures properly when you left messages for the patient about her follow-up healthcare appointments.

I want to work with you to review and improve our office procedures and training so that this does not happen again.

I also want you to take our privacy awareness training. We provide this training for all new employees during orientation. Sometimes we each need a refresher to remind us how we can maintain privacy, confidentiality, and security of our patients’ information each day.

Alice, you are a good employee I believe that you want to do your job better. Privacy of our patients' information is very important. Our policies and procedures help us to ensure that we are doing our jobs well. This is your warning; if this type of error happens again, I will need to take additional disciplinary steps.

If you have any questions, please talk to me, your supervisor or our Privacy Officer.”

 

Privacy breaches happen.

Healthcare providers are responsible to ensure that employees understand their roles and responsibilities. When a breach happens, we need to contain the breach, correct the problem, and prevent it from happening again.

[clickToTweet tweet=”Do you have an office policy about when and how you should leave telephone messages for patients?” quote=”Privacy awareness training will prevent breaches and may be used as part of the strategy to prevent recurrence.”]

 

Privacy awareness training happens throughout the year. Informal training that is timely – say, the news item of the latest privacy breach – are great opportunities to reinforce key messages. Use ‘what if that happened to us, what would we do?’ to discuss lessons learned and improve your current practices, if necessary.

Review near-miss privacy and security incidents in your practice. This is the ideal time to discuss and fix potential problems before they become breaches.

The Privacy Officer may create and deliver the training and will monitor, supervise, and support the training.

Use a variety of written and multi-media content like

  • posters,

  • newsletters,

  • videos,

  • infographics, and

  • lunch ‘n learn discussions

to reinforce key messages. People love games, challenges, and cyber competitions, too, as a way to create variety and interest in privacy and security.

Privacy awareness training alone won’t guarantee that mistakes or errors in judgement won’t happen, but the healthcare provider and employer are legally responsible to take reasonable steps prevent privacy and security breaches.

Do you have a privacy awareness training program for your healthcare practice?

Let us help you with privacy awareness training on-line and in-person.

discipline, health care, healthcare, healthcare provider, primary healthcare, privacy, privacy awareness, privacy breach, privacy breach sanctions, training

Are You a Vendor That Supports Healthcare Practices?

Posted on January 14, 2016 by Jean Eaton in Blog

New healthcare business needs IT solutions and asking if you have a PIA

(what will you do about it?)

Healthcare practices throughout Canada and the US need IT services and have money to buy new hardware, software and service contracts. They also need a Privacy Impact Assessment (PIA) and want to work with a vendor who is PIA prepared.

Vendors are required to comply with the healthcare providers ‘PIA's and their privacy, confidentiality, and security best practices.

“A PIA should be as commonplace to a healthcare practice as a business plan is to a business.”

-Jean L. Eaton, Your Practical Privacy Coach

BUT most healthcare practices don't know this and often don't know that a PIA is usually part of their professional college requirements and often even a legislated requirement! Developing a PIA and the supporting policies and procedures will help a healthcare practice to prevent gross errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor. A vendor that supports healthcare practices must:

  • Understand the PIA process and the healthcare customer needs
  • Understand the requirements of legislation (for example, Health Information Act Regulations, Electronic Health Records Regulations, HIPAA, etc.) that the clinic must follow, it includes technical safeguards to protect privacy and confidentiality and security of patients' health information.
  • Makes sure that vendor's business practices meet privacy and safety legislation. This is an excellent opportunity for the seller to lead by example and demonstrate how to implement and follow best practices. This includes:
  • Having a named Privacy Officer
  • Implementing an internal privacy and security incident management program
  • Implementing a privacy awareness program for all of your employees
  • Providing an Information Management Agreement (IMA) or Business Agreement (BA) to the healthcare provider that meets regulations.

Vendor_largeNot every healthcare practice knows all of the technical, physical, and administrative safeguards that should be in place to prevent the risks of unauthorized access, use, or disclosure of sensitive health information. A vendor that understands the requirements can make better recommendations for the healthcare practice. In fact, the experienced vendor can:

  • Create a premium value-added service to guide all new clinics with step by step instructions about the regulations and requirements of the service and
  • Profile how the vendor can best support the healthcare practice
  • Create more sales and help more customers by providing the services they need (even if they don't know it, yet!).
  • Coach the healthcare practice early in the sales process about how the vendor's services can support the healthcare practice. This results in less work and headache for both the practice and the provider.

Do you want to become the preferred vendor in this large customer niche?

You need to learn what the healthcare business needs to successfully complete their Privacy Impact Assessment. Then you can develop branded PIA Readiness Plan for your business that you can give to the healthcare provider to support them to create their PIA.

 

Have you seen this?

IT vendor Privacy Impact Assessment Readiness Plan

 

Brought to you by Jean L. Eaton, Your Practical Privacy Coach

Join Privacy Nuggets and get some more tips, tools, and templates that you can use right away to improve your privacy management program.

 

BA, health care, healthcare, IMA, IT vendor, PIA, Practical Privacy Coach, Privacy Impact Assessment, Privacy Impact Assessment Readiness Plan, vendor

Do You Have Questions for Your Doctor?

Posted on November 23, 2015 by Jean Eaton in Blog

Being prepared for your appointment with your physician is important. Asking good questions helps you to make better health decisions with your healthcare team.

If you have a new health problem here are some sample forms that you can use to help you prepare for your appointment with your doctor. You can use these when you have a new or different treatment or medical test or may need surgery.

Medical Tests: Questions to Ask the Doctor
Surgery: Questions to Ask the Doctor

These forms are available from MyHealth.Alberta.ca and Healthwise. Including patient-specific health education within your workflow improves patient engagement and positive outcomes.

health care, healthcare, patient education, patient engagement

Do You Need Privacy Awareness Training for Your Healthcare Practice?

Posted on October 29, 2015 by Jean Eaton in PMN Replay, PMN Stitcher, Practice Management Nugget Interview

Join us for the free webinar,

Privacy Awareness in Healthcare: Essentials

Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Give your staff the knowledge and tools they need to apply policy in their day-to-day work AND prevent a privacy breach with privacy awareness training.

Privacy awareness training is easy with interactive online learning experiences that are more effective than conventional training.

Make online training available to all your new and current employees quickly and efficiently.

Heather Mooney will demonstrate the online training platform.

In this FREE 30-minute Practice Management Nugget Webinar Heather and Jean will answer your questions about online privacy awareness training program so that you can decide if this is the right choice for your healthcare practice.

Heather Mooney, VP Business Development, Corridor Interactive

Heather is the sales and marketing strategist with experience in channel and account management; responsible for driving the sales and marketing program.

Privacy Awareness in Healthcare: Essentials Individual and group training licenses with Corridor Interactive available here.

 

Try out a Trial Membership to Information Managers Network to access more great interviews webinar replays and resources.

Trial Membership Information Managers Network

 

Information Managers Network Login

 

Subscribe to our YouTube Channel
Practice Management Nuggets are now also available as podcasts! Find us on Stitcher Radio and iTunes!

Practice Management Nugget Webinar

Privacy Awareness in Healthcare: Essentials

hosted by Jean Eaton of Information Managers Ltd.

 Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

PMN_2015Nov05_Privacy_Awareness_Heather_logo

Corridor Interactive, health care, healthcare, Heather Mooney, Practical Privacy Coach, Practice Management Mentor, privacy awareness training

Privacy Statements in Plain Language

Posted on March 10, 2014 by Jean Eaton in Blog

 In search of plain language

I spent a lot of years in school and assumed that multi-syllable words would earn extra marks.  Now I spend a lot of time trying to use ‘plain language' so that it is easier for people to read and understand what I write.

In a recent article from IAPP (International Association of Privacy Professionals), “Privacy Policies: How To Communicate Effectively with Consumers” the authors discuss the regulatory and judicial consequences to your business of failing to make sufficiently clear, accurate, and comprehensible privacy disclosures for on-line consents.  They also provide some great resources on how to improve your plain language skills.

Primary care practice managers and clinic managers are required by legislation and regulated professions standards to develop forms and notices to inform their patients and clients of what to expect at the clinic.  These documents usually have one of two main purposes:

  • inform our patients and client about how their information is being collected, what will be done with it and what their choices are.
  • inform our patients and clients about their care and treatment.

Each purpose is important – important enough for us to take the time and effort to make the documents easy to read and easy to understand.  Let's create a Privacy Statement poster that you can use and adapt for your practice.  First, we need some guidelines about plain language.

What is plain language?

PrivacyStatement

Document Management Tip: Privacy Statements in Plain Language

The objective of plain language is to write in simple conversational English at about an eighth grade reading level.  Here are some basic plain language guidelines that make documents easy to understand.  (A full discussion of tips for writing a plain language privacy policy can be found in Kinsella Media’s Plain Language Primer for Privacy Policies.)

  • Omit legal/technical jargon and limit defined terms,
  • Use positive language,
  • Avoid double negatives,
  • Use active voice,
  • Pare down sentences to one thought,
  • Omit wordy phrases (instead of “in order to” use “to”)
  • Use personal pronouns,
  • Keep the message personal by using question and answer format to explain common situations
  • Describe complex issues in “if this, then that” terms. For example; “If you have a question or complaint, then contact us here.”

Design the poster using a reader friendly format much like an advertisement.

  • Use simple, descriptive headers,
  • Fonts need to be large enough so the average person can easily read the notice. Twelve points or bigger using fonts like Verdana or Arial improves readability,
  • Emphasize key points by using bullets, underlining and/or italics,
  • Never use all CAPITAL LETTERS,
  • Use highlighting in moderation,
  • Use examples to describe practices or put the content into an easy-to-read chart

Download the Document Management Tip:  Privacy Statements in Plain Language

 Content in a Privacy Statement

List the objectives or main points of your statement.  For example,

  •  Your mission statement or goal.  This is the opening or introduction of the privacy statement.  Explain why this statement is important to the patient.
  • What types of personal information we collect about you,
  • How we use your personal information,
  • With whom we share your personal information,
  • To whom is your personal information disclosed,
  • How we protect your personal information,
  • Who you can contact if you have a complaint or want more information

Privacy Statement Poster Sample #1

Our Clinic respects the privacy rights of our patients and employees and is committed to protecting the personal information that we collect from you. We have adopted this Privacy Statement to guide how we collect, use and disclose the information you provide to us.

We will:

✔ only collect information required for your care and treatment

✔ give you access to your own records and, if requested, make copies of them at a reasonable cost

✔ only share your information with other health providers that they need to provide you with proper health care

✔ ask your permission to share your health information if required for other purposes unless I must provide it for legal reasons

✔ keep your information safe

✔ keep accurate records.

In the event our Clinic changes ownership or is closed, we will try to contact you.  We will tell you how you can get a copy of your information.  If you ask us, we will transfer your information to another health provider.

For more information, please talk to the Clinic Manager or Privacy Officer.

Privacy Statement Poster Sample #2

Our Clinic believes that the personal information that you provide to us is sensitive and important to you.  We will follow these principles to maintain the confidentiality and security of your information.

Principle 1 -We are accountable for the personal information that you give to us.

Principle 2 -Our Clinic will tell you why we collect your personal information, before the information is collected.

Principle 3 – Our Clinic will collect, use and may disclose personal information about you. You may withdraw consent at any time.

Principle 4 – Our Clinic will ask you for your personal information only when we need it to do our job to help you.

Principle 5 – Our Clinic will use or disclose your personal information only for the reasons that you provided it to us.

For more information, please talk to the Clinic Manager or Privacy Officer.

Privacy Statement Poster Sample #3

Our Promise to You

To help you, the Clinic needs to get information about you.  We will share your information only with those people you agree to.

We promise to: 

  • get only the information needed 
  • keep your information safe 
  • keep careful records 
  • ask for your “okay” to share your information 
  • let you read your own file and, if asked, make copies of them at a fair cost 
  •  only share your information with other people who are directly involved in your care and treatment

For more information, please talk to the Clinic Manager or Privacy Officer.

Using the Privacy Statement

The Privacy Statement should be made available to the patients in a way that would be reasonable to expect that the patient has an opportunity to read and understand or ask questions about the statement.  You could

  • frame the poster and hang it in the waiting room or examination rooms,
  • insert the poster into closed circuit TV monitors in the waiting room,
  • display the message into computer screen savers,
  • laminate the poster and use it as a cover page on the clipboard given to the patient when they are asked to complete forms at the clinic

Use more than one method to share the Privacy Statement.  This is a good strategy to ensure that each patient has the opportunity to read the poster on their first and subsequent visits to the clinic.

Conclusion

Revising your privacy statement into plain language helps the clinic review your own practices and often provides clarity and improvements.  An easily understood privacy statement helps to meet regulations and standards compliance of the clinic.  Perhaps most importantly, when the patient understands the privacy statement, the patient becomes actively involved in the process of collection, use, and disclosure of their personal information.  Using plain language may not be simple but it can help you improve your practice management.

 

What is the next notice, form, policy, or procedure in your practice that can benefit from a plain language revision? Send Jean your examples of your plain language privacy statements.  We will post a follow-up article with your comments and examples.

Other Similar Information Managers Resources

Tax Poster, Consent Disclosure for Tax Purposes Pro-active Privacy

Bibliography / Resources

Kinsella Media, LLC.  “Plain Language Primer for Privacy Policies”, http://www.kinsellamedia.com.  February 2014.

Wheatman, Shannon and Michelle Ghiselli.  “Privacy Policies: How To Communicate Effectively with Consumers”, https://www.privacyassociation.org/media/pdf/knowledge_center/ IAPP_KMPrivacyPaper_FINAL.pdf.  February 2014.

collection notices, health care, privacy, privacy statements, templates
«‹567

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

Thank you so much for the webinar [on Privacy Breach]. It was very informative and thought provoking.

- Sheryl McCormick, Executive Director, Cold Lake Primary Care Network

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}