Do You Need to Build A Privacy Awareness Training Plan for Your Healthcare Practice?

Posted on January 23, 2023 by Meghan in Blog

Do You Need to Build a Privacy Awareness Training Plan in your Healthcare Practice?

A practical privacy awareness training plan will save time for clinic managers and privacy officers.

Employees and healthcare providers who keep privacy and security top of mind will contribute to increased patient satisfaction, improve privacy compliance, and reduce privacy and security incidents in your practice.

Privacy awareness training is more than a checklist when new employees are hired.

As an employer and health care provider, you are responsible to provide training to all your employees about privacy awareness.

Your privacy officer should have direct involvement in the planning and monitoring of the privacy awareness training. The privacy officer may also:

Facilitate training opportunities
Develop / contribute to policies and procedures
Monitor for compliance
Provide instructions
Implement specific projects

If you don’t provide the training – and if your employees don’t understand the policies – and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

Protect your organization and your patients. Equip your staff with the information they need to confidently and correctly handle personal health information. Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Quickly and Easily Build Your Privacy Awareness Training Plan For the Whole Year!

Effective training for adult learners suggest that we must re-enforce key concepts at least 4 times a year. This applies to privacy awareness topics, too.

Start your privacy awareness training at orientation and on-boarding of ALL of your team members, including healthcare providers.

Then, re-enforce the key concepts throughout the year with work aids, posters, a ‘training minute' at regular staff meetings or team huddles, and coaching during the work day.

When You Plan It, It Will Happen

Is this you? If you want something to happen, you schedule it in your calendar.

Planning is key to design and deliver an effective privacy awareness training plan for your healthcare practice.

Let me show you a quick and easy way to plan your privacy awareness training for the whole year!

In this 60-minute webinar, you will outline a privacy awareness plan for your practice.

Training plan theory
Training strategies
Privacy awareness training plan
Build your privacy awareness training plan for the whole year!
Resources you can use right away to start training

Register before February 17, 2023 to access the Replay

Build a Privacy Awareness Training Plan for Your Healthcare Practice

Register now to get access to the limited time replay and resources!

Yes! I want to attend the workshop

This Workshop Includes:

Live on-line training
Q&A with Jean Eaton, Your Practical Privacy Coach when you join the webinar live
Access to the replay for a limited time
Learning Resources Guide

Did you enjoy reading this article? You may also be interested in:

Do You Want To Be A Confident Healthcare Privacy Officer?

Keeping Privacy Active in the Minds of Clinic Staff

5 Low Cost Steps You Can Take to Prevent Employee Snooping

3 Parts to Every Privacy Awareness Training Plan

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

healthcare, privacy awareness, privacy awareness training, privacy awareness training plan, privacy officer, privacy training

Do You Want To Be A Confident Healthcare Privacy Officer?

Posted on September 6, 2022 by Meghan in Blog

What Is a Privacy Officer?

A privacy officer is a key employee in a healthcare organization who is named by the healthcare provider (custodian) and assigned the responsibility to oversee all activities related to the implementation of, and adherence to, the organization’s privacy practices, and to ensure operational procedures are in compliance with relevant privacy laws. The Privacy Officer monitors employees and systems about how information is collected, used, and disclosed and access to identifying information.

A privacy officer may be known by other titles like privacy compliance officer or a security officer.

If your healthcare business involves the collection, use, and disclosure of your clients' and patients’ personal health information, a privacy officer is necessary in order to meet legislated requirements.

If You Don't Have a Privacy Officer

Healthcare practices without a privacy officer often experience confusion about how patients’ personal health information should be collected, used, and disclosed. Patients may complain about lack of access to their personal health information. Without a named privacy officer to assume the responsibility to implement and monitor reasonable administrative, technical, and physical safeguards you are more likely to experience privacy and security incidents, privacy breaches, investigations, fines, and charges under the privacy legislation!

Here are some examples of what can happen if you don’t have a privacy officer:

In 2019, the British Columbia Office of the Information and Privacy Commissioner (OIPC) conducted a privacy audit of 22 medical clinics. OIPC auditors examined 22 clinics and found gaps in privacy management programs at several clinics, including the absence of a designated privacy officer, a lack of funding and resources for privacy and a failure to ensure that privacy practices keep up with technological advances.
A complaint was made against a medical clinic with an employee suspected of accessing health information for an unauthorized purpose. The Alberta OIPC investigated and revealed confusion around the roles and responsibilities of privacy compliance among the custodians and the privacy officer. The OIPC determined that the custodian was in contravention of the regulation which requires custodians to ensure that their affiliates are aware of and adhere to the all of the custodian’s administrative, technical, and physical safeguards with respect to health information. (See Do You Know Where Your Policies and Procedures Are?)
Employees are not aware of privacy requirements and engage in snooping into personal health information. Consequences of employee snooping include firing, charges under the Health Information Act and court ordered fines, jail time, probation, community service and more. (See Snooping Conviction Earns 3 Years Probation )

Roles and Responsibilities

So, what does a privacy officer do? The roles and responsibilities of a privacy officer in a typical healthcare practices include the following:

Identify privacy compliance issues for the business.
Ensure privacy and security policies and procedures are developed and keep them up to date.
Ensure that everyone working at your clinic and your vendors are aware of their privacy obligations.
Monitor your clinic's ongoing compliance with privacy legislation like the Health Information Act (HIA) in Alberta.
Provide advice and interpretation of related legislation for the business.
Respond to requests for access and corrections to personal information.
Ensure the security and protection of personal information in the custody or control of the business.
Act as the primary point of privacy and access contact for staff, patients, vendors, regulators and other stakeholders.

Get the FREE Practice Management Success Tip, Privacy Officer Job Description Template.

healthcare, healthcare privacy officer, HIA, privacy officer, privacy officer training, webinar

When Your Patient Requests Tax Receipts

Posted on March 22, 2022 by Meghan in Blog

When Your Patient Requests Tax Receipts

Ever thought that someone might want to submit your tax returns for you?

No problem.

They will even collect your refund – their payday when they scam your personal identity.

Michael Kaiser Blog, Executive Director of Stay Safe Online, notes on his blog that tax cyber crimes are on the rise. The Tax ID thieves usually file returns early using the taxpayers' stolen personal information so that they can cash the refunds before the taxpayer can file their legitimate tax return.

We can help to prevent this theft when we implement proper release of information practices.

Help Your Patient Requests Their Information for Tax Receipts

It's tax time! When patients or clients ask you for their account statement information, take the time to ask them for photo ID and a proper authorization to disclose their personal information.

Help them to understand that you can release information to the patient or to another person (a spouse, for example) only with the patient's written authorization. Even ‘just' health care billing information is important.

You Care About Patient Access and Privacy for Tax Receipts

Show your patients that you care about the safety of their information by taking steps to make sure we are protecting their patient and client information.

This Practice Management Success Tip, Patient Health Information for Tax Reporting includes

Tips to help you implement this procedure
Template authorization form
Poster to quickly explain to your patients how your procedure helps to protect their privacy

Yes! I want the Poster and Procedure Template!

Practice Management Success

If you are a member of Practice Management Success, login and access the poster, procedure, and form template.

Not a member? Join today!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Release of Information Checklist

Do You Know Where Your Policies And Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

When we know better, we can do better…

Jean L. Eaton is constructively obsessive about privacy, confidentiality, and security expecially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

consent disclosure for tax, healthcare, patient access, patient access to information, tax cyber fraud, tax fraud

Why You Need Policies and Procedures

Posted on March 15, 2022 by Jean Eaton in Blog

Why You Need Health Information Policies and Procedures

Maybe you’ve heard you need written policies and procedures for your health information, but you’re left asking yourself why it’s so important?

The truth is, without written policies and procedures, you open a healthcare practice up to a whole host of problems, including major legal issues.

In fact, every business needs good practices that apply to your:

Information that you collect from patients/clients
Website
Email
Business practices including electronic (or paper) patient records, and computer network
Financial information
Billing, collection, and payment processing

Within the healthcare industry, there are additional legislation requirements that require specific written health information policies and procedures.

The Health Information Act (HIA) and the Personal Information Privacy Act (PIPA)

As we mentioned, when a custodian collects health information, you must follow the Health Information Act (HIA) in Alberta.

Like most other private businesses in Alberta, private healthcare practices must also comply with the Personal Information Privacy Act (PIPA).

The colleges of regulated health professionals (like the Alberta Dental Association and College (ADAC) and the College of Physicians and Surgeons of Alberta (CPSA), require dentists and physicians to meet the standards of practice which includes compliance to HIA and PIPA legislation.

In addition, the college has other standards of practice that you must meet, including policies and procedures for the collection, use, disclosure, and access of health information.

So, let’s explore further why written policies and procedures are so essential, as well as what can happen without them, and why healthcare practices may not think they need them in the first place.

Benefits of Policies and Procedures

One of the most critical benefits of having policies and procedures in place is that they’re good for business.

Here’s how:

They contribute to consistent, efficient workflow.
You can figure it out once, write the procedure, tweak it to make it better, and then repeat the same procedure again and again.
They help you make better business decisions, like buying supplies, choosing services, and selecting vendors.
They help support your accreditation efforts.
On-boarding employees the right way with no missed steps is much easier with policies and procedures in place.

If you’re looking for even more proof of the benefits of having written procedures, it can also help you avoid:

Internal disputes within your team and external disputes with your patients and clients
Re-work and re-training employees
Poor customer service
Poor reputation
Fines and penalties

Fines And Penalties For Not Having Written Policies And Procedures

You might be wondering why you would face fines and penalties for not having written policies and procedures in the first place.

The HIA requires the custodian – which includes the physician, pharmacist, dentist or dental hygienist – to take reasonable safeguards to protect the privacy and confidentiality of patients’ health information.

Having written policies and procedures is a common, expected, and reasonable safeguard.

Let’s say you have a privacy breach in your practice or an error (like sending a fax to the wrong number or you are a victim of a phishing or ransomware attack).

You can learn more about what makes a privacy breach a privacy breach here.

If you can’t demonstrate that you had the appropriate reasonable safeguards, like written policies and procedures in place, you are guilty of an offence under the law.

It’s illegal not to have policies and procedures when you collect health information.

If you are guilty of this offence, you are liable for a fine of a minimum of $2,000 and not more than $500,000. (HIA section 107(7)).

3 Policies and Procedures Myths

One reason some healthcare practices fail to have written policies and procedures is because they believe they don’t need them.

Often, this is because they’ve fallen prey to the common myths about policies and procedures.

There are 3 of the common myths that stop healthcare providers and their clinic managers from creating written policies and procedures:

It’s Too Hard

While it does take some skill to write clear, easy to read, and easy to understand policies and procedures, it doesn’t have to be heard. In fact, you can even purchase templates to make this easier.

It Takes Too Much Time

Writing policies and procedures does take some time.

But investing the time to create policies and procedures pays off by preventing suffering from inconsistent or broken procedures, using or disclosing health information in error, and having to pay fines, penalties, public relations nightmares, or spending the time required to run a privacy or security investigation.

It’s A Waste Of Time

Here are a few good reasons that prove writing policies and procedures is not a waste of time:

Practical privacy policies and procedures will create a more efficient practice and help you make better business decisions.
The policies and procedures become the foundation of your privacy impact assessment.
Policies and procedures are pre-requisites for other initiatives, like access to Netcare or other community integration initiatives, and privacy impact assessment (PIA). Click here to learn more about PIAs.
You must have them as part of your legislative compliance.
It’s the law. Not having policies and procedures regarding the collection, use, disclosure, and access of health information is illegal.

As you can see, written policies and procedures help ensure consistent office procedures and good communication between team members in your healthcare practice.

In addition to those good reasons, you must have good written policies and procedures about how you collect, use, disclose, and provide access to health information to avoid legal problems, fees, penalties, and other problems.

Not Sure Which Policies and Procedures That You Need?

Show Me Policy And Procedure Checklist

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies and Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

Privacy Impact Assessments (PIA)

Alberta, clinic, custodian, health, Health Information Act, healthcare, HIA, medical, physicians, PIPA, Policies and procedures, privacy, Privacy Impact Assessment, reasonable safeguards

Build Your Authority, Appeal, and Profit as an Author

Posted on February 8, 2022 by Meghan in Blog

Build Your Authority, Appeal, and Profit as an Author

If you have ever thought about self-publishing, becoming an author-preneur, or if you want to publish in a traditional format, Linda Stirling can help you with that!

Would you like to help family members of your patients be better prepared to support your patient after treatments?
Would you like to coach your patients in between in-person visits?
Do you ever feel that you could help more people avoid / prevent illness if they just did this one thing that you specialize in?
Do you want your patients to be more compliant with the follow-up actions that will help them patients recover faster?
Would you like more referrals from other providers to your practice?

You can accomplish these goals when you build your authority, appeal, and profits as an author.

When it comes to writing a book, people are usually in one camp or another. The first camp thinks it’s easy and the second camp thinks it’s too daunting to tackle.

The fact of the matter is that both groups need strategies and with these strategies they can be successful.

Breaking strategies down into manageable nuggets is where authors find success.

Before you even consider strategies, however, you need to think about your why. That’s where the power of success lies. Once you are clear about your why, that gives you the mental energy to complete your book.

Linda will walk you through some of the essentials for creating a profitable book that represents you well.

My Takeaways – Build Your Author Platform

We are each looking for ways to give our clients more of us without giving more of our time. When you build your author platform, you can leverage your time to support your current clients and attract your ideal clients.

You have a big message to share. Your next step is to publish your message so that the people who need your expertise can easily find and be inspired by you.

There are many steps to publish and promote your book. I hear from many entrepreneurs who have published their book – and haven’t made any sales. You need a mentor like Linda Stirling will help you navigate the tricky path to publish, promote, and profit from your book.

Linda Stirling's #1 Tip to Healthcare Practices

Know your why! Click to Tweet

Listen To The Podcast – Build Your Authority, Appeal, and Profit an an Author

Build Your Authority, Appeal, and Profit as an Author| Episode #104. Expert tips with Linda Stirling on Practice Management Nuggets Podcast For Your Healthcare Practice.

Listen here: Practice Management Nuggets Podcast

Listen To The Podcast Here

Featured Guest: Linda Stirling

Linda Stirling Can Help You Build Your Authority, Appeal, and Profits as an Author!

Linda Stirling will walk you through some of the essentials for creating a profitable book that represents you well.

Get started right away with the free A Writers Strategy Guide: Your Guide to Breaking Free, Starting Right & Keeping On Track.

Download the free guide from Linda here

Linda Stirling has built her successful business by Guiding Writers to Prosperity and Visibility

Linda Stirling’s heart is in helping every writer she works with achieve his or her dreams, whether that’s through publishing their work through The Publishing Circle or teaching them to self-publish through The Publishing Authority.

Her coaching helped multi-award-winning author David Crow, author of the international bestseller The Pale-Faced Lie, reach sales of just under $30,000 per month with his book.

She helped author Lorena Angell take her series to an average of 60 sales per day from its previous 6 per day; sell her work in 47 countries, and rank alongside authors such as Stephen King, and George R.R. Martin of Game of Thrones success.

Stirling also got the series optioned for film and television.

Many of the authors she’s published have achieved international acclaim.

#PracticeManagementNugget, author, content writer, healthcare, healthcare business, podcast, profits, self-publishing

Data Privacy Day 2022 Events and Resources For You!

Posted on January 25, 2022 by Jean Eaton in Blog

Data Privacy Day 2022 Events and Resources for You!

Data Privacy Day is an internationally recognized day dedicated to creating awareness about the importance of privacy and protecting personal information.

That means a lot to me and I think it means a lot to you, too. I think it is important that we give our patients and clients the gift of privacy. And that we have the right tools and resources for our employees to make good privacy and security decisions in our businesses.

Information Managers Ltd. is a Data Privacy Champion!

As a DPD Champion, Information Managers recognizes and supports the principle that organizations, businesses, and government all share the responsibility to be conscientious stewards of data by respecting privacy, safeguarding data, and enabling trust.

Each of us is responsible to manage our name and our identity. When you share your personal information, you have the right and responsibility to ask the person or business why they need the information and how they will protect your personal information.

Jean L. Eaton

Your Practical Privacy Coach, Information Managers Ltd.

You can be a Data Privacy Day Champion, too! Follow this link and complete the Organization Champion Form with the National Cyber Security Alliance.

Data Privacy Day Activities

5 Steps To Prevent Employee Snooping

SAY NO TO SNOOPING!

If an individual affiliate knowingly breaches the privacy and security of health information, and the custodian can demonstrate that reasonable safeguards (including privacy awareness training) were in place, the individual affiliate can be charged under the Health Information Act. Fines of up to $50,000 may be applied to the individual, in addition to other sanctions from their employers and/or their professional regulatory colleges where applicable (HIA s.107).

What Is Snooping?

Looking at someone’s personal information without having an authorized purpose to access that information to do your job is known as ‘snooping’.

Even when you are “just looking” at personal information but don’t share that information with anyone else, this is still a privacy breach.

It is illegal.

Snooping incidents are on the rise and can cost you time, money, heartache, and headache in your practice.

When there is an offence under the privacy legislation like the Health Information Act, there may be an investigation, charges and court appearances, fines, penalties, and loss of employment.

Snooping is entirely preventable.

How Can You Prevent Employee Snooping?

Let’s take a look at the pro-active steps that you can take today to prevent employee snooping.

Download the Practice Management Success Tip 5 Steps to Prevent Employee Snooping

The Practice Management Success Tip, 5 Steps to Prevent Employee Snooping, will help you

Take 5 practical steps to prevent employee snooping.
Provide clarity about what is considered a privacy breach.
Contribute to the health information privacy compliance in your healthcare practice.

Download 5 Steps to Prevent Employee Snooping HERE!

I Heart Privacy!

Just in time for Data Privacy Day! Print badges for your team.

Right-click the image and select ‘Save As' to download and insert the image into your favourite templates to make badges or stickers or labels.

Or, use the done-for-you sheet of labels that you can print right away and slip into badge holders or print to stickers or labels.

You can even customize the labels and add your business name!

Get the label sheets using the buttons below.

I Heart Privacy Badges with Data Privacy Day logo

I Heart Privacy Badges

Protect Your Organization and Your Patients With a Privacy Awareness Quiz

Equip your staff with the information they need to confidently and correctly handle personal health information.

Healthcare businesses need privacy awareness training to support key policies and procedures, and risk management programs need a privacy awareness training program.

Reasonable Safeguards

As an employer and healthcare provider, you are responsible to provide training to all of your employees about privacy awareness.

If you don't provide the training, or if the employees don't understand the policies and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties, including fines and even prison!

Patients value the privacy and security of their information.

Healthcare providers and clinic managers value privacy and security, and they value not having adverse results as a lack of compliance or patient safety issues.

Patients trust their healthcare providers with their sensitive, personal, and financial information.

If patients don't feel that the healthcare provider will keep their information confidential and secure, patients may choose not to share their information, which may impact their healthcare and treatment.

When we are privacy aware, we can better respond to patients' questions and build their trust in the quality of services that we provide.

Download the Privacy Awareness Quiz to use today to train your employees and protect your patients' health information.

Download the Privacy Awareness Quiz!

Privacy Protection In The Pink Seat with Dr. Angela Mulrooney & Jean Eaton

While privacy is not technology driven, the lack of privacy, perhaps, is impacted by technology.

Many dental practices are overwhelmed with creating and implementing privacy and security policies and procedures and how to prepare a privacy impact assessment.

Angela and I discussed practical privacy tips for your dental practice to help reduce the overwhelm.

These tips apply to all types of healthcare practices.

“Talk Shop – Protect Your Business from Information Breaches”

Jean Eaton is a guest on Lauren Sergy's “Talk Shop” YouTube channel.

Talk Shop: learn from industry experts to be a better communicator in work and in life, hosted by @lsergy. Privacy tips for business owners, just in time for Data Privacy Day!

For more Data Privacy Day resources and events from the National Cyber Security Alliance, click the button below!

Visit the National Cyber Security Alliance - Data Privacy Day website

Stay Safe Online

For more information about how to get involved in Data Privacy Day and the Champions program, visit https://staysafeonline.org/data-privacy-day.

You can also follow the campaign on Twitter at @StaySafeOnline or Facebook at https://www.facebook.com/DataPrivacyNCSA and use the official hashtags #PrivacyAware and #DataPrivacyDay to join the conversation.

Please use the social share buttons to share these Data Privacy Day activities with your friends and colleagues.

Follow Us On Social Media!

I share privacy tips and free links to additional resources on social media accounts that you can download and use right away!

Follow Us Here:

#DataPrivacyDay, #PrivacyAware, Data Privacy Day, Data Privacy Day Champion, Data Privacy Day Edmonton, healthcare

How Long Does It Take to Do a PIA?

Posted on December 3, 2021 by Jean Eaton in Blog

Click the >> arrow above to play the video.

I’m opening my practice next month.

I just learned that I need to complete a Privacy Impact Assessment.

What do I do now?

Unfortunately, I hear this question far too often!

Here’s What You Need to Know About the Timelines Required to Complete a Privacy Impact Assessment

In the perfect world, you will start your PIA process about 6 months before you plan to open your practice.

You will start with developing the privacy and security policies and procedures.

Next, you will discuss with the EMR vendors, computer IT support vendors, and other stakeholders about your operational needs and ensure that the vendors can meet PIA requirements.

At this point, about 4 months before Go Live, you will start writing your Privacy Impact Assessment documents.

You will review and accept the Privacy Impact Assessment internally to your organization and ensure that each of the custodians have reviewed, understood, and accepted the Privacy Impact Assessment.

Then, you will submit the Privacy Impact Assessment to the Office of the Information and Privacy Commissioner (OIPC) about 3 months before your go-live date.

Start With Privacy and Security Policies and Procedures

If you are planning to open your healthcare practice soon or planning to implement a new project in your existing clinic, your first step is to review (or create) your privacy and security policies and procedures..

Templates make it easier to complete your policies and procedures. Make this fast and easy with our templates!

Guidance for Electronic Health Record Systems

To help you with your discussion of PIA requirements with your vendors, the OIPC has produced a document, “Guidance for Electronic Health Record Systems“.

This guide was developed to assess the safeguards in electronic health record (EHR) systems. Custodians and their EHR service providers may use this document to support a Privacy Impact Assessment on an EHR system, or to examine whether changes to a system comply with Health Information Act requirements. Published in June 2016.

This is intended to assist you to have a discussion with your vendors. The guidelines are not part of the PIA submission. The Guideline will help you to ask good questions with your vendors so that you can get good answers. You will include the answers to the questions in your PIA submission.

If you are currently looking for a vendor for your EMR, practice management system, computer network system or, perhaps, your billing system, these are the questions that you need to discuss with your vendor. Their answers will help to inform you and assist you in selecting good vendors for your practice.

If You Are a Vendor That Supports Healthcare Practices

If you are a vendor that supports healthcare practices, I encourage you to download the document, Guidance for Electronic Health Record Systems, and complete it from the perspective of your product or service even if your product isn't an EHR. Then, you can share the completed document with your prospective clients and custodians as a demonstration of your privacy and security practices and support your clients with their PIA submission.

Don't Wait!

If you haven’t done your PIA yet, you definitely need to get this completed. You need to have your policies and procedures completed and your PIA submitted to the OIPC for their review and acceptance before you open your new practice.

Want more content like this?

For more information about Privacy Impact Assessments, see

Click Here to Get More About PIA's

health care, healthcare, medical, plan a PIA, Privacy Impact Assessment, timeline

Do You Know Where Your Policies And Procedures Are?

Posted on November 15, 2021 by Jean Eaton in Blog

Do You Know Where Your Policies and Procedures Are?

This is a cautionary tale.

And it could save you a lot of embarrassment – even legal issues.

The way a healthcare provider collects, uses and discloses personal health information (PHI) is critical to an efficient healthcare practice.

It’s also required by legislation and professional college regulations and standards.

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed. Otherwise, you face all sorts of risks, including privacy breaches and other legal problems.

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed. #Policies Click to Tweet

Don't let this happen to you!

Everyone in a healthcare practice — including front office staff, wellness practitioners and physicians and other custodians — must be aware of and follow these policies and procedures.

These policies and procedures also become the foundation of your privacy impact assessment (PIA).

That’s why, in this Privacy Breach Nugget, we’ll review a privacy breach investigation report from Alberta's Office of the Information and Privacy Commissioner (OIPC). Whether you have a new practice, or an existing practice, we have a number of services and resources designed to help you manage your practice in a way that not only meets legal requirements, but is streamlined and efficient, and keep your information secure.

What Happened

This report started with an employee suspected of accessing health information for an unauthorized purpose.

It started with at the clinic with a conflict between the employees and the employer.

An employee (Employee A) was on leave from her position at the clinic. Her access to the electronic medical record (EMR) was suspended during her leave.

Employee A wanted to access patient information to support her dispute with management. Over two months, Employee A used Employee B’s credentials to access patient records.

This action is in contravention of the Health Information Act (HIA) sections 27 and 28.

This is where this case becomes even more convoluted and, in fact, a better case study of what not to do.

Employee Dispute

Understanding the Health Information Act

The Health Information Act (HIA) requires the custodian (the physician, in this case) to take reasonable steps to maintain administrative, technical, and physical safeguards to protect patient privacy as required by sections 60 and 63 of the HIA, and section 8 of the Health Information Regulation.

In November 2013, the clinic submitted a privacy impact assessment (PIA) to the OIPC prior to its implementation of an electronic medical record (EMR).

The PIA included written policies and procedures.

The letter to the OIPC accompanying the PIA was signed by two physicians, as well as Employee A who was the privacy officer at that time.

The physician named in the investigative report is not the current custodian at the clinic. The physician was hired in 2015 and therefore not a member of the clinic in 2013 and not involved in the initial PIA submission.

During the investigation, both employees indicated that the policies and procedures to protect patient privacy were in a binder in the clinic, but it was never used or shared with the staff.

Oaths of confidentiality may have been previously signed by the employees, but the documents could not be produced during the investigation.

Section 8 (6) of the Regulation states the ‘custodian must ensure its affiliates are aware of and adhere to all of the custodians administrative, technical, and physical safeguards in respect of health information.’

It’s common practice for clinics to require employees to sign confidentiality agreements and ensure that they receive patient privacy awareness training with regular updates.

But in this investigation, the employees said they never received privacy awareness training.

Privacy-Breach-Nugget-023-Policies-Procedure-Manual

Show Me Policy and Procedure Checklist

Access To Patient Information

The employees also stated it was common practice at this clinic for individuals to not log off of their EMR account on the computers at the reception desks. It was common practice for other employees to access an open session to quickly perform a task in the EMR.

The investigator concluded that the physician was in contravention of the HIA section 63(1) which requires custodians to establish or adopt policies and procedures that would facilitate the implementation of the Act and regulations.

These specific findings were made:

The custodian failed to ensure the clinic employees were made aware of and adhered to the safeguards put in place to protect health information in contradiction contravention of section 8(6) of the regulation.
The custodian was in contravention of section 8(6) of the regulation which requires custodians to ensure that their affiliates are aware of and adhere to all of the custodian’s administrative, technical, and physical safeguards with respect to health information. It’s important to note any collection use or disclosure of health information by an affiliate of a custodian is considered to be the collection, use, and disclosure by the custodian.
The custodian failed to ensure the employee and the other clinic staff adhered to technical safeguards as required by section 60 of the HIA and section 8(6) of the regulations.

Privacy Breach Nuggets You Need to Know

Privacy breaches are in the news every day. The more you know how breaches can affect you allows you to be more proactive to prevent privacy breach pain.

Get Your Privacy Documents In Order

To protect yourself and your practice from patient privacy breaches (and massive fines, see the conclusion to this article), follow these steps.

Find your policies and procedures and review them with all staff and custodians. Make sure you document that this has been done.
Review and update your privacy awareness training and ensure all staff, including custodians, have completed this recently. Make sure you have this documented, including certificates of attendance if available.
Oath of confidentiality documents should be signed by all of all clinic staff and custodians and maintained in a secure location.
Review your privacy impact assessment and ensure all of your current custodians have read this and understand it. Visit this post for more information to help you determine if you need a PIA amendment.

Monitor

This incident occurred in 2016. The OIPC office did not recommend any additional sanctions against the clinic, physicians, or employees.

To get templates of policies and procedures for your healthcare practice, be sure to sign up for the Practice Management Success Membership

New Amendments To The HIA

This case might have turned out differently today.

New amendments, as of 2018, provide a provision for fines under the HIA ranging from $2,000 to $200,000.

The public — and our patients — expect and trust us to make sure that their personal health information is kept secure and confidential.

It’s our responsibility to make sure we have these administrative, technical, and physical safeguards in place and are maintained in a consistent fashion.

When you've done the hard work to implement your patient privacy policies and procedures and your privacy impact assessment, make sure you continue your journey and keep these documents up-to-date and current. To help you, sign up for the Practice Management Success Membership.

There are many patient privacy breaches in the news each day, and you never know when it could happen to you.

The more you know about the breaches and how they can affect you allows you to be more proactive to prevent privacy breach pain. If you need to prepare your privacy breach management plan, start your on-line training 4-Step Response Plan right away!

If you need templates of policies and procedures for your healthcare practice, be sure to sign up for the Practice Management Success Membership. These tips, tools, templates, and training will help you save time and money to develop and maintain policies and procedures in your healthcare practice.

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

Click Here To Register for the FREE Training Video "Can You Spot the Privacy Breach?"

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

When Do You Need a PIA Amendment?

When is a Privacy Breach a Privacy Breach?

References and Resources

Alberta Office of the Information and Privacy Commissioner. Investigation Report H2019-IR-01 Investigation into alleged unauthorized accesses and disclosures of health information at Consort and District Medical Society Clinic. May 21, 2019. https://www.oipc.ab.ca/media/996888/H2019-IR-01.pdf

Alberta, clinic, custodian, health, Health Information Act, healthcare, HIA, medical, Patient privacy, physicians, Policies and procedures, Prevent privacy breaches, privacy, privacy breach, Privacy Impact Assessment, reasonable safeguards, templates

How To Make A Profit In Your Healthcare Business

Posted on September 13, 2021 by Jean Eaton in Blog

How To Make A Profit In Your Healthcare Business

Healthcare providers learn their skills at medical school, but don’t learn how to make their business profitable. One of the best ways you can serve your customers better is by having a more profitable business.

However, healthcare practitioners face unique pitfalls and business challenges. Many health professions naturally lend themselves to self-employment but often don’t receive training on entrepreneurship and how to start a healthcare business and especially the financial side having a profitable business. This can very quickly lead to feelings of stress and overwhelm which can cause otherwise skilled healthcare providers to leave their profession.

Many healthcare providers find that their job is physically demanding and, if their health requires them to work less for a period of time, they worry that they don’t have the financial resiliency to fund a reduced work schedule.

Independent healthcare practices often have small numbers of clinic staff who are expected to fulfill many roles. Clinic managers are often tasked with bookkeeping even when they haven’t received training to help them with that.

Consequently, many healthcare providers and business owners don’t have simple systems to manage the finances of their business and are making business decisions on wishes.

My Takeaways

Tammy Hyska’s personal experiences as the financial manager of her husbands’ chiropractic business and as an accountant to healthcare businesses in Alberta helps her to break things down for non-accounting people to understand without feeling overwhelmed.

On the most recent episode of Practice Management Nuggets podcast, I interviewed Tammy Hyska. Tammy shares practical tips for all practice owners, healthcare providers, and clinic managers who have an active role in managing the billing and the finances in the healthcare practice.

Tammy understands the common problems that healthcare providers experience when they manage their own business. She knows that people don’t train to be healthcare providers to have an excuse to do bookkeeping.

Instead, Tammy provides 5 practical tips to have a healthy business without becoming an accountant.

Have a separate business bank account and a separate personal bank account
Have a spending plan
Read Profit First by Mike Michalowicz
Use an accounting software
Avoid debt

Tammy Hyska's #1 Tip to Healthcare Practices

It's not what you MAKE but what you KEEP that matters! Click to Tweet

Listen To The Podcast

5 Critical Things Healthcare Practitioners Need To Have A Profitable Business | Episode #102. Expert tips with Tammy Hyska on Practice Management Nuggets Podcast For Your Healthcare Practice.

Listen here: Practice Management Nuggets Podcast

Listen To The Podcast Here

Featured Guest: Tammy Hyska

Tammy Hyska Can Help You Enjoy A Profit In Your Healthcare Business From Day #1!

Tammy Hyska will help you avoid money stress with these tips to set up the financial side of your business the right way with a simple strategy that will teach you just enough to have financial success without the overwhelm.

Get started right away with the free 5 Critical Things Healthcare Practitioners Need To Have A Profitable Business.

Download this free guide from Tammy here:

Download the free guide from Tammy here

Financial Confidence Formula

Then, check out the Financial Confidence Formula For Healthcare Practitioners training from Tammy Hyska. This is a complete system for operating a profitable business.

This course is ideal for new business owners and existing business owners and clinic managers who haven’t yet implemented the blueprint to a highly profitable business.

When you receive support to simplify and streamline the accounting side of things in your practice, you will reduce money stress.

Tammy will cover everything you need to get it right and avoid all the unnecessary pitfalls to make a profit in business.

Tammy Hyska, CPA, CA, has been a Chartered Accountant for over 20 years. As the Financial Freedom Coach in her independent consultancy, Tammy helps entrepreneurs have more profitable businesses. Tammy has in-depth understanding of health care businesses as her husband is a health care provider and Tammy helps her husband run the financial side of his practice. Tammy is passionate about helping small business owners have a more profitable business.

#PracticeManagementNugget, dental, dental business, healthcare, healthcare business, podcast

Zoom In Healthcare Is Easy!

Posted on September 12, 2021 by Meghan in Blog

Using Zoom in Healthcare is Here to Stay

In healthcare, it is important that patients trust you before they will share their personal information, listen to you, and before they will carry out your treatment recommendations.

In telemedicine, your patients need to be able to see your face, hear your voice in order to trust you.

When you appear confident on camera during telemedicine call this will build trust with your patient and remove distractions so that your patient better listens to your advice.

This on-line training will help you become more confident using Zoom for meetings, virtual care, and telemedicine.

The Communicate & Meet With Zoom in Your Healthcare Practice course will look at the basics of both joining and hosting a meeting, as well as the difference between the free and pro plan options.

Communicate and Meet with Zoom Training in Healthcare Video Cover

Communicate and Meet Using Zoom In Your Healthcare Practice

Online training

Are you using Zoom for your Telemedicine or Virtual Care Encounters? Build trust with your patients when you confidently use Zoom to Communicate and Meet.

Ideal for physicians, dentists, chiropractic, physio, optometry – every healthcare professional who use Zoom for telehealth, virtual care, or team meetings!

25 step-by-step videos to get started quickly and be successful with Zoom
Bonus downloadable Zoom instructions for patients
Bonus training: Easily Improve Your Video Conference Presence with Lauren Sergy
Bonus: Virtual Care Workflow
Bonus: Virtual Background templates and training

New to Zoom?

If you are new to Zoom, I suggest that you follow the on-screen videos step by step.

If you are familiar with Zoom, and just need to dig a little deeper into the advanced settings or have specific questions, you can select the training that would most help you.

Note: This training is not specific to Zoom Healthcare; however, many of the features are similar between the public and the Healthcare versions of Zoom.

The Practice Management Success Tip, Communicate and Meet Using Zoom In Your Healthcare Practice, will help you

Gain your patients' trust.
Communicate confidently on-camera with your patients and your employees.
Document your new virtual workflow process.
Present yourself professionally.

Show Me Communicate and Meet Using Zoom In Your Healthcare Practice

healthcare, healthcare business, medical, physician, small business, Social Media for the Small Healthcare Practice, telehealth, telemedicine, template, videoconferencing, virtual care, zoom