Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Add Custodians To Your PIA

Posted on December 28, 2020 by Meghan in Blog

Add Custodians To Your PIA

Congratulations! You have expanded your practice and recruited a new healthcare provider to your team. Now you also need to add a custodian your PIA.

To do this, you need to orientate the provider to your practice including the policies and procedures to protect the privacy, confidentiality, and security of the personal health information and inform the Office of the Information and Privacy Commissioner (OIPC).

When the new healthcare provider is a member of a regulated health profession as defined by the health privacy legislation in Alberta, the Health Information Act (HIA), the provider also has responsibilities as a custodian.

HIA Definitions:

Custodian

A health service provider; specifically, a member of the following regulated health professions: Optometrists, Opticians, Chiropractors, Midwives, Podiatrists, Denturists, Dentists and dental hygienists, Registered nurses, Pharmacists, and Physicians (and others).

Affiliate

An employee of a custodian or as designated by the custodian, for example medical office assistant, receptionist.

The incoming custodian must ensure that the reasonable safeguards to project the administrative, technical, and physical safeguards of the personal health information are implemented in the practice. This includes ensuring that they have reviewed the current privacy impact assessment (PIA).

The lead custodian also has an obligation under the Alberta Health Information Act (HIA) to inform the Office of the Information and Privacy Commissioner (OIPC) when there are changes to the organization management of the clinic.

 

How To Add Custodians To Your PIA

In Alberta, the lead custodian in a clinic must update their PIA regularly and inform the OIPC when there are significant changes to their PIA.

One common trigger for informing the OIPC  is the addition of a custodian to the practice. Often, this PIA amendment can be as simple as a letter to the OIPC.

  1. The lead custodian or privacy officer will prepare an amendment to the previously submitted Privacy Impact Assessment when new custodians join the practice. Often a letter to the OIPC signed by the lead custodian is sufficient.
  2. The PIA amendment must include how the custodian has been made aware of the current PIA and how they are meeting their requirements to enter into an agreement with information managers as defined in the Health Information Act section 66.
  3. The lead custodian will submit the PIA amendment to the OIPC for acceptance.
  4. The new custodian must acknowledge that they have been informed of the Health Information Privacy and Security Policies and Procedures and the submitted PIA and agree to follow these practices. The new custodian will sign the letter to the OIPC and attach it to the PIA amendment from the lead custodian (in step #1 above) to the OIPC for acceptance.

 

Routine Onboarding Of New Employees

Before the new custodian is granted access to patient health information, your computer network, and your electronic medical record (EMR), you need to ensure that new custodians are aware of your Health Information Privacy and Security Policies and Procedures, PIAs, and information manager agreements, including the information management agreements with Alberta Netcare Portal, patient records management, EMR vendor, billing vendor, and/or others.

You should have a written policy and procedure ‘When a New Physician / Custodian Joins Your Practice’ to guide you when onboarding new custodians. The procedure should include the forms below and template letters to the OIPC. These templates are also available to members of Practice Management Success.

Add custodians to your PIA
Do You Need Help With Your PIA?

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Top 3 Agreements Your Healthcare Practice MUST Have (and why)

What Is a PIA?

How Do You Declare as an Affiliate?

Podcast – Close, Move, Merge Your Practice | Episode #090

Alberta, amendment, custodian, dental, Health Information Act, medical clinic, OIPC, PIA, Privacy Impact Assessment

OIPC Annual Report

Posted on December 27, 2020 by Meghan in Blog

Alberta Office of the Information Privacy Commissioner Annual Report

Recently, the Alberta Office of the Information Privacy Commissioner (OIPC) released their Annual Report 2019/2020.

The report is from April 2019 to March 2020. This is the first full year of mandatory privacy breach reporting requirements in Alberta.

Because of the volume of the privacy breaches, the OIPC have now chosen to triage privacy breach reports. They are fast tracking any of those breaches where individuals have not yet been notified about that privacy breach or where there is a potential offense is suspected.

If you've submitted a privacy breach report to the commissioner's office and haven't heard from them yet, it may be because it's gone through this triage process and, if you have completed an internal investigation and notified affected individuals, your breach report has not been flagged as a high priority.

OIPC Report

OIPC Investigations

The OIPC conducted investigations regarding offences under the Health Information Act (HIA), usually privacy beaches. In that time period, they forwarded 18 cases to the Special Prosecutions Branch of Alberta Justice for further investigation. 

Privacy Breach Trends

There were some interesting privacy breach trends that were reported by the commissioner's office that were reported to them under the PIPA legislation, the Personal Information Protection Act. Of the cases that were reported to them, a hundred of them were all electronic systems compromises. So they have lost some security in the computer network system of some kind, either that was in their direct control or by a third party vendor.

Human error is still a large source of privacy breaches. This can include both misdirected communications, such as miss-sent snail mail, email, or faxes; and unauthorized disclosure, such as when health providers discuss health information with other providers not involved in the patient care.

There were also 20 incidences of theft that they noted in this report and it included rogue employees.

Snooping continues to be an issue, although the report did not provide numbers to go with that.

Ransomware is also a serious issue, one that the commissioner office predicts to continue, particularly in clinics who have a lack of technical security controls on their computer systems.

Social engineering, which is tricking someone into divulging information based on false pretenses and assumptions, is a significant danger in the healthcare industry.

 

Social Engineering Example

Somebody posed as a pharmacist and wrote emails to pharmacies in order to get information about a particular patient. The email reads like the patient traveled from one location to another location and the fraudulent pharmacist is asking their buddy pharmacists at the other location to provide some information. 

This social engineering campaign was considered a significant threat and the college of pharmacists actually released an advisory to pharmacies to warn them of this social engineering attack.

This is a good word of caution for all of us is to not make assumptions just because somebody's email signature line says a pharmacist or other healthcare provider. We still need to make sure that we have verified the identity of that individual and not rely on that email signature alone.

You can download the report from the OIPC website. It provides a variety of other statistics and examples about investigations reports and privacy breach trends that may be of interest to you.

Download the OIPC Annual Report Here

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

4 Step Response Plan – Prevent Privacy Breach Pain On-line Webinar

5 Low Cost Steps You Can Take Now To Prevent Employee Snooping In Healthcare And Prevent Privacy Breach Pain

Snooping Conviction Earns 3 Years' Probation

Keeping Privacy Active in the Minds of Clinic Staff

3 Parts To Every Privacy Awareness Training Plan

What Healthcare Providers Need to Know About Computer Security and Standards

Health Information Act, medical clinic, OIPC, privacy and security, privacy breach

New Health Information Policy and Procedure Manuals!

Posted on November 23, 2020 by Meghan in Blog

Written Health Information Policies and Procedures

Most healthcare practices have good systems in place to properly collect, use, and disclose health information – but most practices don’t have these in writing!

Patients have the right to access their personal health information but yet frequently complain about long wait times and uncooperative front office staff when trying to request their personal information.

New staff members are hired and don’t receive clear written instructions on how to perform routine health information management tasks.

Why do these same problems repeatedly appear in practice audits and privacy complaints?

The most common reason that I see is incomplete, outdated or missing written policies and procedures! It doesn’t have to be this way.

I have seen how privacy compliance and patient satisfaction improves when practices have access to written templates. But templates and checklists alone are not enough!

You know your practice better than anyone else. When you customize standard policies and procedures to best reflect your practice, you develop strategies for your daily tasks.

And, when your team receives short on-demand video tutorials about the purpose of the policies and procedures and how it impacts patient care, the staff better understand and more consistently follow the policies and procedures.

That’s why I’ve developed the Health Information Privacy and Security Policies and Procedures Manual with templates and training to help you with your health information practice management and practice management. These policies and procedures have been implemented in hundreds of practices across Alberta and Canada.

I have consulted with medical, pharmacy, chiropractic, nursing, and nurse practitioners to create practical policies and procedures for them. Now, I’ve used these best practices as templates that you can use right away!

Now For Chiropractic and Nursing, Too!

Your healthcare practice needs a Health Information Policy and Procedure Manual. Written policies and procedures assist you to correctly, efficiently, and confidently collect, use, access, and disclose health information so that you can meet your accreditation, privacy impact assessment, and regulatory compliance requirements.

  • Starting with a template saves you time and money
  • Be privacy and security compliant
  • No special software to buy or learn
  • Use your existing MS Word and MS Excel office productivity software
  • One-time fee
  • On-line support
  • Available now!
Health Information Policy and Procedure Manual

Click the >> arrow to watch a short demo of the robust manual you can create quicker than you thought possible!

Different Policy and Procedure versions available for your specific type of healthcare practice

Medical Doctor

Medical Practice

Dental Practice

Dental Practice

Chiropractor

NEW!

Chiropractic Practice

Nurse Practitioner

NEW!

Nurse Practitioner Practice

Registered Nurse

NEW!

Registered Nurse Practice

Health Information Policy and Procedure Manuals ready for you now!

Step 1: Complete the questionnaire and download the templates

Step 2: Easily generate draft 24+ policies and 28+ procedures and forms using MS Word

Step 3: Edit the documents

Step 4: Video coaching and best practices for the policies and procedures and implementation tips

Step 5: Customize for your healthcare practice

Step 6: Video orientation for your employees

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them.

Show me the Policy and Procedure Templates!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies and Procedures Are? 

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

Do You Use Employee Privacy and Security Policy and Procedure Checklist Templates?

chiropractors, dentist, health information, Health Information Act, healthcare, medical clinic, Nurse Practitioners, Policies and procedures, policy, privacy and security, Privacy Impact Assessment, procedure, Registered Nurses, template

Payroll In Your Healthcare Practice

Posted on April 17, 2017 by Jean Eaton in Blog

Did you know there are over 190 pieces of federal and provincial legislation when it comes to payroll?

Payroll covers hiring and firing, salary, leave dates, benefits, bonuses, employment records, statement of earnings and other topics. Payroll and human resources solutions are critical functions for every healthcare practice.

Small businesses often spend over six hours a month on payroll functions when they do the payroll internally. If the clinic manager has not had training to manage the payroll and learn the employment standards rules like overtime and holidays, it can take many more hours! Clinic managers can quickly be overwhelmed by the responsibilities of managing payroll.

Common Payroll and Human Resources Errors

Doing payroll by hand can save you money. But it can create problems, too, like

  • Incorrect calculations – it’s easy to make errors. Even small miscalculations can cause problems later when you are preparing tax reports.
  • Time consuming and time critical tasks.
  • Record keeping is hard – paper payroll deduction calculation forms, employee work schedules, bookkeeping, employee files, and time cards and holiday request forms in many places – and not always easy to find when you need it.

[clickToTweet tweet=”Reduce The Time You Spend Managing Scheduling Employees: Proven Ways To Get It Done!” quote=”Reduce The Time You Spend Managing Scheduling Employees: Proven Ways To Get It Done!”]

You can choose to do your payroll internally, outsource to a reputable company, or a bit of both.

Payroll administration in a small healthcare practice includes all the activities necessary to process payroll, including schedule employees, maintain related records, filing tax reports and voluntary deduction reports, processing involuntary deductions such as levies and garnishments, preparing accounting transactions and documents, documenting and updating procedures, and preparing management reports and employee payroll reports.

In your healthcare practice, you need to identify a few key individuals who have signing authority for the payroll process. In many practices, the clinic manager and the lead physician are authorized to manage the operational tasks (e.g. scheduling, time sheets, calculating worked hours) and the bookkeeper prepares the paycheques, payroll remittances to Canadian Revenue and maintains individual employee payroll record keeping.

An outsourced payroll processor can assist you to automate these tasks.

Employers have significant responsibilities to manage payroll. There are strict employment laws and regulations – in fact, there are over 190 pieces of federal and provincial legislation related to employment legislation. Carefully documenting all the actions related to advertising, recruiting, hiring, dismissal, and wages and earnings is a critical step to meet these requirements.

It is important to have a consistent and efficient payroll process from the end of each worked pay period to providing the paycheque. Use this summary of the key steps in the payroll cycle as a checklist that you can use right away to implement appropriate payroll administration process in your healthcare practice.

Key Steps in the Payroll Cycle

  1. Employment Records

An employer must maintain an employment record for each employee. Start this when you hire the employee. (See the Hiring Resource Guide for templates for letter of offer, employee records in addition to the 9 Key Steps to Hiring). The letter of offer includes the employment status (e.g. full or part time), number of hours worked, rate of pay, pay period, start date, probation period, etc.

In the employment record, you also need to maintain key information about each employee including their full legal name, address, date of birth, and Social Insurance Number.

With each paycheque, the employer must provide to the employee a written statement of earnings (pay stub). The employee record maintains a cumulative reporting of all statement of earnings and remittances.

  1. Time Calculation

Review and calculate the employee’s work hours. There are many ways to do this however it is important that the payroll administrator verifies that the time is correct and authorizes the payroll payment.

  1. Wage and Deduction Calculation

Wages are payment for work that has been done. This definition excludes overtime pay, vacation pay, general holiday pay and termination pay. The employer must deduct the following from an employee’s earnings: Federal and provincial income tax; Employment Insurance premiums; and Canada Pension Plan contributions.

Deductions can be calculated manually or using payroll or accounting software.

  1. Paycheck Processing

In Alberta, an employee must be paid all wages, overtime and general holiday pay earned in a pay period It is important to have a consistent and efficient payroll process from the end of each worked pay period to providing the paycheque.

You can choose to pay by manual cheque or direct deposit.

Remember that the employee’s employment record needs to be updated for each payroll period.

[clickToTweet tweet=”Tips for your #healthcare practice – #payroll must be paid within 10 consecutive days after the end of the pay period” quote=”Payroll must be paid within 10 consecutive days after the end of the pay period.”]

 

  1. Payroll Accounting

The payroll transactions must be entered into the business’ bookkeeping. Calculate employer paid benefits and taxes and distribute to the government and insurance company.

 

Employer’s Responsibilities

Employers are responsible to prepare end of the year reports to their employees for income tax reporting. If an employee leaves the practice, takes a leave of absence (e.g. maternity leave), or has a workplace accident, the employer must be able to produce a Record of Employment that summarizes the hours worked, wages, and earnings.

Be realistic about your skills and expectations for healthcare practice. Many small practices don’t have human resources and payroll experts in their practice. It is unfair to assume that the new clinic manager has all the skills necessary to manage this responsibility independently.

This is an appropriate opportunity to outsource routine payroll tasks. Use the most appropriate resources for the task. Outsourced payroll and human resources vendors, bookkeepers, and human resources consultants can assist you. Many clinic manager associations and healthcare professional associations provide continuing education and in some cases, member services, to support your practice.

Many clinic manager associations and healthcare professional associations provide continuing education and in some cases, member services, to support your practice. The Employment Standards Took Kit for Employers is a great easy-to-use resource that you can download from the Government of Alberta.

New or Existing Practice?

If you are opening a new healthcare practice or have an existing healthcare practice and want to reduce the time you spend managing payroll and human resources, you need to attend this FREE webinar with Dania Moazzam, Small Business Consultant with Ceridian.

Register for this FREE 30-minute Practice Management Nugget Webinar with payroll and human resources solutions expert Dania Moazzam. She will help you reduce the time and stress of scheduling employees, payroll and human resources and laws that you need to follow for your healthcare practice.

Register for this free webinar here

The perfect lunch break for busy practice managers – only 30 minutes and it’s free!

Practice Management Nuggets Webinars is a regular interview series with practice managers, healthcare providers, or trusted vendors who support healthcare practices. Topics include things you need to know to help you start, grow, fix, or maintain your healthcare practice. The events will be short – about 30 minutes – with nuggets of information that you can use right away.

And best of all – this is a free, no cost opportunity for you and your staff to hear from experts on a variety of topics how they made their clinics and businesses a success! Register now to receive a weekly update of the Practice Management Nugget Webinar guest speaker. Even if you can’t attend register anyway and we will send you the replay. Replays will be available for only a limited time.

Practice Management Nuggets’© series is hosted by Jean Eaton (Your Practice Management Mentor) of Information Managers Ltd.

health care, health care practice, healthcare, human resources, medical clinic, medical practice, Payroll, scheduling

What is the elephant in the room?

The Elephant in the Room Find out here...

 

Privacy Policy

 

"I attended the Privacy Impact Assessment Walkthrough workshop (for ARMA members). Jean shared resources and on-going networking opportunities. The biggest benefit to me is to know that there is help out there in moving forward with our Privacy Impact Assessment responsibilities."

- Ellen Sauvé, Parkland County

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2023 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}