Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

What Healthcare Providers Need To Know About Computer Security And Standards

Posted on April 28, 2020 by Meghan in Blog

Do you see cyber and privacy incidents in the news – and worry that your computer system is at risk?

Are you overwhelmed with managing your computer network by yourself?

 

Jon Harmon knows that healthcare providers need to have strong computer security and standards.   

Jon shares his tips about computer security and standards that every healthcare provider needs to know.

Jon Harmon is my guest expert on Practice Management Nuggets For Your Healthcare Practice.

 

Jon Harmon's #1 Tip to Healthcare Providers and Vendors

Keep your systems up-to-date! Click to Tweet

My Favorite Takeaways From The Podcast

  • When using WiFi connections, always keep devices with confidential information connected to a separate private network – this helps mitigate the risk from outside threats.
  • Keep you computer systems up-to-date.
  • Have a regular off-site backup of your data.
  • Always accept regular updates to all network devices.
  • Don't let hardware run past it's recommended lifecycle.
  • Regularly update yourself and your staff on computer security.
  • Have siloed permissions on data on a need-to-know basis.
  • Don't rely on one person – great computer security needs a team!

Featured Guest: Jon Harmon

Accounts Manager, TRINUS

Jon joined TRINUS as Accounts Manager in October, 2017.

He likes to challenge himself in new and exciting opportunities in the Technological world. Jon loves being a husband and a dad. He’s passionate about Martial Arts and is also an avid historian of all incarnations of Punk Rock, Classic Rock and Alternative Rock.

Visit the Trinus Technologies website!

 

 

Be sure to tune in to my interview with Jon Harmon,

What Healthcare Providers Need to Know About Computer Security and Standards | Episode #087

 

Listen To The Podcast Here
#PracticeManagementNugget, computer security, cyber aware, cyber security, healthcare, information technology, podcast

Why You Need To Get The Right Agreements With Your Vendors

Posted on February 4, 2020 by Jean Eaton in Blog

Donna Grindle knows having a business arrangement agreement between a healthcare provider and their business associate is very important in defining clearly the responsibilities of both parties.  

But, many healthcare providers, business owners, and vendors don’t get this right!

Donna shares her observations on the HIPAA violations trends from the United States so that healthcare providers and vendors in Canada can prevent similar experiences and avoid massive fines and penalties.

Donna Grindle is my guest expert on Practice Management Nuggets For Your Healthcare Practice.

Donna Grindle's #1 Tip to healthcare providers and vendors

Don’t assume. Ask questions! Click to Tweet

My Favorite Takeaways From The Podcast

  • Healthcare privacy and security regulations are more similar than different.
  • Educate as many people as possible about the importance of privacy and cybersecurity.
  • Don't assume that you don't have to ask questions.
  • Privacy is a civil right.
  • Under HIPAA, any business that provides a service to covered entities (healthcare providers) that requires them to have access to protected health information is then considered a business associate (BA).
  • BA's are separately and equally liable to protect patient information.
  • You must have a written agreement between your vendors and your healthcare providers that describes how you will protect patient health information. If you disclose personal information without a written agreement, you are breaking the law.
  • BAA / IMA must include liability clause.
  • Tips: Healthcare Provider Selecting A Vendor
  • Tips: Vendor Selecting A Healthcare Client
  • Cybersecurity insurance

Featured Guest: Donna Grindle

Image ladyFounder & CEO Kardon and
Co-Host Help Me With HIPAA Podcast

Donna brings over 30 years experience in healthcare IT which is the solid foundation of Kardon’s HIPAA privacy and security consulting. Donna stays busy with speaking engagements, the weekly Help Me With HIPAA podcast, and managing a business with a growing client list. Donna’s sense of humor and southern charm spills out into everything she does.

Be sure to tune in to my interview with Donna Grindle,

What Healthcare Practices Should Know About Vendor Vetting And Accountability | Episode #085

Listen To The Podcast Here
#PracticeManagementNugget, BAA, business associate agreement, Donna Grindle, healthcare, HIA, HIPAA, IMA, information manager agreement, podcast, privacy compliance, vendor vetting

PIPEDA Mandatory Privacy Breach Notification

Posted on January 19, 2020 by Jean Eaton in Blog

Organizations subject to PIPEDA are required to report to the OPC any breaches of security safeguards involving personal information that pose a risk of significant harm to the individuals.

PIPEDA

PIPEDA is a Canadian federal law that sets out the rules for the collection, use and disclosure of personal information in the course of those commercial activities. PIPEDA outlines the 10 Fair Information Privacy Principles that businesses must follow regardless of their size. Organizations need to know privacy rules and make sure that you have the appropriate safeguards implemented in your business.

 

Does PIPEDA Apply To You?

image of map of Canada

PIPEDA applies to most businesses across Canada, excepting Quebec, British Columbia, and Alberta. These provinces have their own private sector laws that are substantially similar to PIPEDA.

But even in those provinces, PIPEDA covers federally regulated industries like transportation, telecommunications and banking. In addition, all businesses that operate in Canada and handles personal information that crosses provincial or national borders are subject to PIPEDA, regardless of which province or territory that they're based in. All businesses in the three territories also fall under PIPEDA.

In Alberta, we have privacy legislation called the Health Information Act (HIA) that takes precedence over PIPEDA and Alberta's Personal Information Protection Act, (PIPA). If a business, like a physician's office, has a privacy breach which includes health information, then the custodian of the physician office must report the privacy breach following the HIA regulations. If employee information or other non-health information is included in the breach then that triggers privacy breach notification under PIPA. Sometimes, a breach can include both types of information and the physician office must notify under each legislation.

In BC, the Personal Information Protection Act (PIPA) is BC's private sector privacy law that has also been deemed substantially similar to the federal private sector privacy law. BC does not have health information specific privacy legislation, so PIPA applies to private organizations in BC, including physician practices, and governs how the personal information about patients, employees and volunteers may be collected, used and disclosed.

If you are a business in Canada, for example, an electronic medical records (EMR) business and you have a data center in Canada where all of your clients across Canada provide their information and store it in your data center, the EMR vendor likely falls under the PIPEDA regulations.

The vendor may be responsive to other legislation as well. If you are an EMR vendor, you do not directly comply with the HIA in Alberta because that applies only to custodians. However, as an information manager of a custodian under the HIA, you have some obligations under the HIA in the event of a privacy breach. But that does not mean that you don't also have obligations under PIPEDA.

 

What Is Included In Personal Information?

image file folders

Personal information is more than just a name or an address. It's data about an identifiable individual that can, by itself or combined with other information, identify a person. It could be a person's age, ethnicity, medical information, credit card number or even an income level. It might also include their Internet Protocol (IP) address or their website or email information.

Regular surveys done by the Office of the Privacy Commissioner of Canada says that small businesses tend to be less aware of their privacy responsibilities than larger organizations. In 2017, 65% of large organizations with more than 100 employees indicated that they were privacy aware. But only 43% of small businesses indicated that they were privacy aware. Smaller companies may not have dedicated compliance officers or privacy officers, and they may not have a sense of privacy knowledge.

The compliance challenge for smaller organizations is made more difficult by the limited human and sometimes the financial resources available to them and the gap on the knowledge about the privacy obligations.

Lack of awareness can potentially lead to complaints about your business, which has an impact on your business's reputation.

 

Privacy Breach

A privacy breach occurs when there is an unauthorized access to or the collection, use, disclosure, our disposal of personal information. There are many things that could qualify as a privacy breach. If you have a financial transaction that includes clients’ information and now is publicly available on your website, that's a privacy breach. If you have somebody in your organization who has access to personally identifying information as part of their job, but they use it for some purpose other than their job, that's snooping, and that is a privacy breach.

There are many examples about what is a privacy breach, but any time that you view, use, or disclose without aauthorization is considered a privacy breach.

Privacy breaches also have a negative impact to our business because it takes time and resources to manage a privacy breach, and it has a huge impact to the reputation of an organization.

 

Privacy Breach Notification

image timeline

The November 2018 PIPEDA mandatory privacy breach notification regulations requires you to know where all of your personally identifiable information sources are and know the safeguards implemented to protect the data.

Then, you need to monitor the data to identify any breaches. If there is a breach of those security safeguards, you need to record all breaches. So even if there is a breach of a safeguard that nobody has exploited, you still need to record that you have identified that there is a potential risk and what you've done to be able to manage that risk and prevent that from happening again.

Next, you need to determine the risk of significant harm, or ROSH. (more about this later.)

The risk of harm test that identifies what information had been included in the breach and the type of harm that could happen to that individual as a result of the breach. When it reaches that ROSH threshold, then you need to notify the Office of the Privacy Commissioner of Canada office. Or, if you are in BC, Alberta or Quebec, you need to report that to the provincial privacy commissioner.

You also need to notify other people about that privacy breach.

You probably need to notify your clients. If you are an EMR vendor or another vendor that's providing a service to healthcare providers, you need to notify them about the breach.

As an example, if you are an EMR vendor that has been breached–perhaps a security compromise or hack into your data centre–you have a responsibility to notify the healthcare providers who collected the personal information. The EMR vendor must also report the privacy breach to the Office of the Privacy Commissioner.

You might also have an obligation to notify the individuals that have been affected by that breach. In your information manager agreement in Alberta, you should have clear written expectations about whether or not a vendor should notify the patients directly about a privacy breach or if the custodian or the health care provider is going to assume that responsibility. This is an important detail that you need to identify in your information manager agreement.

Also see the Practice Management Success Tip Top 3 Agreements Your Healthcare Practice Must Have (And Why) from Information Managers at https://InformationManagers.ca/top-3 for more on information management agreements (IMA.)

 

ROSH

image lady with paper

The risk of significant harm (ROSH) is a framework for assessing the risk to the individual as a result of the breach of individually identifying information. Adopt and use a framework for your organization to assist you to quickly and consistently assess a breach for ROSH.

If there is personally identifying information included in the breach, we can assume that the information is sensitive information to the individual. Generally, I recommend a default that if individually identifiable information is included in the breach, then assess that there is a significant risk of harm to the individual.

The circumstances of a breach may make the information more or less likely to be used maliciously. For example, additional questions that you may want to consider include how did the breach occur? How likely is it that someone would be harmed by the breach? Who actually accessed or could have accessed that personal information? How long has that personal information been exposed? Is there evidence of malicious intent, like hacking? Or was it a theft? Or did somebody intentionally tried to use that information and use it in a very covert way? Were a number of pieces of personal information breached therefore, increasing the risk of misuse? Is the breached information in the hands of an individual that represents a reputation to the risk of that individual or themselves? Or, was the information exposed to a limited, known number of entities who have committed to destroy and not disclosed the data.

 

Privacy Is Good For Business

image people in business

As always, good privacy is good for business. Poor privacy protection can damage your company's reputation and cut into your profit margin. When your practice proactive privacy, you enjoy the confidence and trust of your customers. Canadians tell us that the more they trust a company, the more likely they are to do business with it. Getting privacy right is your opportunity to demonstrate that you deserve their trust and their business.

Remember that one of the fair information principles is accountability. At the end of the day, you are responsible for protecting the personal information that you have collected.

 

Reference: Privacy and your business: An introduction to the Personal Information Protection and Electronic Documents Act. Office of the Privacy Commissioner of Canada. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/pipeda-compliance-and-training-tools/pp_bus/

Privacy Management Program

Build privacy protections into everything you do is a business. Having clear policies and procedures for the collection, use and disclosure of personal information is of vital importance for your business.

 

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

How to Manage a Privacy Breach with Confidence

The 4 Step Response Plan will help you with prevent privacy breach pain and give you the tips, templates, training, and tools that you can use right away to prepare your privacy breach response plan:

In the world of privacy breaches ‘If’ has become ‘When’. Will you be ready?

The best way to do this is by developing a privacy management program that covers all aspects of how you handle personal information. The 4 Step Response Plan will help your organization be prepared to prevent privacy breach pain. 

Click here for more information on the on-line 4 Step Response Plan course available now!

image

 

 

Learn How To Manage A Privacy Breach With Confidence
#PracticeManagementNugget, Canada, healthcare, mandatory notification, mandatory privacy breach notification, personal information protection electronic documents act, PIPEDA, podcast, privacy breach

Top 3 Practice Management Nuggets Blogs and Podcasts in 2019

Posted on January 2, 2020 by Jean Eaton in Blog

I wish you a prosperous New Year and personal and professional growth.

Practice Management Nuggets blog posts and podcasts is designed to help you achieve that. I started this in January 2014. We’ve grown over the years and improved the technology and platforms to better help you start, grow, and improve your healthcare practice. I help you to manage the pink elephant in the room!

Over the last year, you have made these blog posts and podcasts rank in the top 3 for 2019. If you missed these, or want to re-visit them, follow the links below.

Check out these top 3 Practice Management Nuggets blog posts and podcasts. Click to Tweet

Here Are The 3 Best Blog Posts And Podcasts Of 2019

Top 3 Blogs 

Recent Privacy Breach Convictions Under Alberta’s Health Information Act

Curiosity Is NOT Need-To-Know

The Top 3 Agreements Your Healthcare Practice MUST Have (and Why)

 

Top 3 Practice Management Nuggets Podcasts For Your Healthcare Practice

Privacy Awareness Quiz #PrivacyMatters | Episode #076

How Improved Patient Satisfaction Saves You Time And Money | Episode #074

Fax Received in Error – Is this a Notifiable Privacy Breach? | Episode #067

Stay tuned for more guest experts, tips, tools, templates and training in 2020!

blog, healthcare, podcast, privacy

How To Correctly Identify Patients And Use Photo ID

Posted on December 10, 2019 by Jean Eaton in Blog

Patients should be asked to show their Alberta Health Care Insurance Plan (AHCIP) card and photo identification when visiting a practitioner office.

The Importance Of Correct Patient Identification

Failure to correctly identify patients can lead to serious problems such as medication errors, as well as privacy breaches.

Positive patient identification is critical to ensure patient safety and protect patient data. According to industry research cited by RAND, 7-10% of registering patients are misidentified upon entry.

Patient mis-identification contributes to:

  • 27% of radiation errors
  • 29% of medication errors
  • 5% of wrong-patient/wrong-site surgeries
  • 850 medical errors and 20 deaths related to blood transfusions

And, of course, we must deal with the administrative headache of privacy breaches and medical identity theft and duplicate patient records!

In Canada, health ministries have underscored the importance of correct patient identification when they issue Patient Safety Alerts. Correct patient identification criteria is also included in Accreditation Canada standards.

Verifying patient information improves patient care and efficient business practices. Click to Tweet

Verifying patient information improves patient care and efficient business practices.

  • Care – Good patient care starts with correct patient identification. Incorrectly identifying patients contributes to medication, transfusion, procedure and testing, errors.
  • Good Documentation – Avoid incomplete, inaccurate, and duplicate patient records!
  • Gatekeeper –Each caregiver has the responsibility to identify the patient before providing a health service. I think that the family physician has an added role and responsibility of the patients’ gatekeeper to additional health services to ensure that the documentation of patient identification is correct at the time of registration.
  • Billing – Avoid rejected billing and re-work when you correctly identify the patient and record the data correctly the first time. Patient demographic information is best corrected while the patient is present at the clinic instead of trying to contact the patient after they leave the clinic.
  • Uninsured Services – The practitioner will submit a claim to the Alberta Health Care Insurance Plan directly for all insured services provided. If a provincial health care card is not shown or the individual is not eligible for coverage, they may be asked to pay for health services before receiving them.

How To Correctly Identify Patients

Ask The Patient Questions – When a patient presents to register for a new or repeat visit, ask for at least two sources of patient identification. You may also request new patients to complete a new patient registration form.

Ask for Photo Identification – Photo identification will validate that the information and the image of the patient in front of you corresponds to the information from the patient and AHCIP. If there is a discrepancy, the best time to sort it out is when the patient is still at the clinic.

New Patient Registration Form (optional) – A paper form allows for discretion when asking for demographic information including date of birth, address, medications, Alberta Health Care Insurance Plan, allergies, etc. This reduces overhearing the conversation from other patients and staff and can often improve workflow and reduce congestion at the reception desk.

Document – Record on the new patient registration form or the clinic note that the photo identification was reviewed and that the image matches the individual. Use a clinic note or other location in patient record that is used consistently in your healthcare practice. (Bonus Tip: You might be able to create a template clinic note in your EMR for this. Or, create a check list template of this and related tasks to be completed for each (new) patient registration.)

Enter the information into the patient demographic or EMR system. Use registration document standards to ensure consistent data entry.

Validate – the AHCIP # and the patient information is valid by using the Netcare parameter launch browser between the EMR and Netcare. This will also help to ensure that there are no data entry errors in the EMR. If necessary, assist the patient to complete a change of information form for AHCIP, or make an update entry in Patient Registry if you have appropriate access. If you don’t have access to the Netcare via browser or web sign-on, use the phone number to AHCIP for this purpose.

Don’t Photocopy The Photo Identification

You should record that you viewed the photo ID and verified, but do not record the unique number associated with the photo identification (for example, driver’s license number). Do not photocopy the photo identification.

Remember, we have a responsibility to collect the least amount of information necessary. Viewing photo id to verify the identity of the patient, is a reasonable step to ensure the safety of the patient and to prevent an error. Recording the drivers license number or photocopying the drivers license is not necessary to provide a health service and an unnecessary (and probably illegal) privacy and security breach.

Listen To The Podcast Here

Members of Practice Management Success

If you are a member of Practice Management Success, login and access the webinar replay, patient registration procedure template, collection notice template, and the new patient registration form template.

Not a member of Practice Management Success, yet? What are you waiting for?

Get Your Practice Management Success Membership Now!
#PracticeManagementNugget, AHCIP, Alberta Health Care, dentists, drivers license, healthcare, medical errors, Netcare, Patient identification, photo ID, podcast, registration, risk

Ransomware – 6 Mistakes Made By Dentists (And Their IT)

Posted on November 14, 2019 by Jean Eaton in Blog

Anne Genge of Alexio tells us that 96% of healthcare providers are concerned about how their staff are using personally identifying health information.

But, many healthcare providers and business owners don’t know what to do about it!

Can your staff protect you from a ransomware attack?

Yes, they can!

And it doesn’t have to be hard or expensive to do that.

Anne will help us to understand the cyber security risks that every healthcare practice in Canada is facing now and what you can do now to reduce your risk on Practice Management Nuggets For Your Healthcare Practice. Anne Genge, CEO of Alexio Corporation is my guest expert.

 

Anne Genge's #1 Tip to healthcare providers and practice managers

Invest in a professional cyber security risk assessment for your practice. Click to Tweet

My Favorite Takeaways From The Podcast

  • Ransomware is the biggest threat to any digital environment
  • Healthcare data is urgent – we need it to treat our patients.
  • Cyber security awareness is very low among healthcare providers.
  • Data loss often happens even when you can de-encrypt the data often resulting in 15% loss.
  • Without proper remediation, repeat ransomware attacks can happen.
  • Good backup insulate yourself from data loss, remediation costs, mandatory privacy breach reporting, loss of reputation, fines, and penalties.
  • Intrusion detection and prevention software can alert users to potential problems, but sometimes, individual users’ behaviour continues to put the practice at risk.
  • 90% -92% of successful breaches are facilitated by human error.
  • IT focus on efficient workflow and communications between systems. Security professionals monitor access to ensure it is authorized and appropriate. Both roles is necessary in our digital practices.

6 Mistakes Made By Dentists (And Their IT)

  1. Think that IT has them covered and that ransomware won't happen to me!
  2. Not updating and monitoring computer systems with intrusion prevention/detection.
  3. Don't have a comprehensive backup of all of your data in at least 3 locations.
  4. Don't run backup restore tests regularly.
  5. Don't have a written mandatory cyber security awareness training plan.
  6. Don't have an independent cyber security risk assessment and management plan annually.

Instead,

Take steps to prevent a ransomware attack – including cyber security education for your team, implement good IT systems, complete and comprehensive backup, and an annual cyber security risk assessment preventative digital IT health assessment.

Let Alexio help assess your risk, protect your practice, ensure data recovery, and train your staff.

Protect your investment today.

Get started with a quick on-line self assessment

Book a 30 minute consultation with Anne!

Follow Anne and Alexio on social media for more training and tips

InformationManagers.ca/Likes-Alexio

Anne GengeFeatured Guest: Anne Genge

Alexio Corporation

Anne Genge is a pioneer in protecting health data and those who use it. She is a Certified Information Privacy Professional with a specialization in dentistry. Anne also holds certifications for HIPAA, Credit Card Security, Internet, and Network Security. Ransomware and data theft have changed the face of dentistry in the past decade meaning dentists need a new toolkit for protecting their practices.

With over 20 years of experience, Anne knows the challenges healthcare providers face with technology. She and her team at Alexio Corporation work with dental and medical professionals to minimize data risk and maximize patient care. As healthcare grows increasingly dependent on the digital environment, cyber-security becomes increasingly more difficult. Protection of patient data is not only law, it’s imperative for business success and reputation. Anne simplifies cyber-security for dentists and other healthcare providers and gives ‘real world’ strategies to protect patient information and the practice business.

Be sure to tune in to my interview with Anne Genge,

Ransomware – 6 Deadly Mistakes Made By Dentists (And Their IT) | Episode #082

Listen To The Podcast Here
#PracticeManagementNugget, Alexio, Anne Genge, dentists, healthcare, podcast, ransomware, security risk assessment

How To Capture Patient Satisfaction With CareSay

Posted on July 2, 2019 by Jean Eaton in Blog

‘This call may be recorded to ensure quality control.’

We’ve all heard the recorded message when we call our bank or service provider .

But, is this the best way to capture patient satisfaction with their healthcare visit experience?

Are you looking for options to capture patient satisfaction with their interactions with your office staff during phone calls and their entire visit?

There are other options that require less technology, easier to implement, respects privacy, provides a more meaning constructive, helpful, feedback for your clinic team and engages your patients to improve their satisfaction.

I reached out to Brian Lee from Custom Learning Systems about his suggestions on how to explore patient satisfaction.

Brian Lee is my guest expert on Practice Management Nuggets Podcast for Your Healthcare Practice. Brian Lee is one of North America’s leading experts in the field of World-Class patient experience, staff engagement and culture change.

In this 16 minute episode, Brian Lee, shares options for the healthcare provider and business owner to easily capture and measure the patient's experience and give them an opportunity for feedback so that you can improve patient satisfaction and patient care in your healthcare practice.

 

Brian Shares His Key Tips Including

  • Options to create a patient experience survey (including CGCAPS).
  • New tools that empowers the patient to provide clinics with feedback about their experience.
New tools empowers the patient to provide clinics with feedback about their experience. Click to Tweet

My Favorite Takeaways From The Podcast

  1. Ensure that we do constructive, positive education with our caregivers.
  2. Measure the patient's experience.
  3. Empower the patient to provide the clinic and the caregivers with feedback.

Be sure to tune in to my interview with Brian Lee on How To Capture Patient Satisfaction With CareSay | Episode #077

Then, click here to get the free CareSay Review app: the unique new app to help you Connecting service providers and patients in a whole new way!

If you are a member of Practice Management Success, login here and view the webinar replay.

#digitalhealth, #PatientCenteredClinic, #PatientEngagement, #PracticeManagementNuggets, Brian Lee, CareSay, CGCAP, clinic, Everyone's a Caregiver, healthcare, medical, patient centered clinic, patient satisfaction, podcast, review

Fax Received in Error – Is this a Notifiable Privacy Breach?|

Posted on March 28, 2019 by Jean Eaton in Blog

Has this ever happened to you?

You are a clinic manager in a healthcare practice. One day, you receive a phone from a healthcare provider in another clinic.

They have received a fax with patients’ health information from someone in your clinic. But the fax is not addressed to them – they received it in error.

Is this a mandatory notifiable privacy breach under Alberta’s new Health Information Act (HIA) regulations?

Part A: Circumstances Where Notification Is Required

There are 5 triggers under the Alberta Health Information Act (HIA) that require mandatory privacy breach notification to the Office of the Information and Privacy Commissioner (OIPC) and the Alberta Minister of Health and the individual(s) affected in the breach.

In this scenario, the  receiving custodian accessed health information for an individual who was not his patient. Clearly, there is a reasonable basis to believe that the information has been accessed (read) by a person (section 8.1(1)(a) of the Health Information Regulation.)

However, the sending custodian had no reason to believe that the information would be misused.

Fax Sending Receiving Error

Part B: Circumstances Where Notification Is Not Required

 The sending custodian assessed the circumstances of the breach and concluded (as per section 8.1(1)(i) of the Health Information Regulation) that the receiving custodian:

  • Accessed the health information in a manner consistent with his role as a health services provider and did not do it for an improper purpose.
  • Is subject to confidentiality policies and procedures that meet the requirements of section 60 of the Act.
  • Did not use or disclose the information beyond determining that he received it in error.

The sending custodian assessed that the risk is appropriately mitigated and this privacy breach incident did not trigger mandatory notification requirements. 

Next Steps

The sending custodian must record the privacy breach in their business records. (I suggest that you use an internal privacy breach reporting form and spreadsheet. You can access these templates in the 4 Step Response Plan.) Remember to include your determination that you do not need to report this breach and the reasons that support your decision.

We know that faxes are a frequent source of privacy breach incidents. What can you do in your practice to reduce the risk of faxes in error?

Practice Management Nuggets Podcast

This topic is included in our Practice Management Nuggets podcast! Be sure to tune in to the podcast episode Fax Received in Error – Is this a Notifiable Privacy Breach? | Episode #067 .

Listen to the Podcast

My Favorite Takeaways From the Podcast

  1. Understand the mandatory privacy breach notification triggers and the circumstances where notification is not required.
  2. Record your privacy breaches – even the ones that do not trigger mandatory privacy breach notification.
  3. Review and improve your fax procedures. We know that this continues to be a frequent source of breaches. What can you do to better manage this known risk?

If you are a member of Practice Management Success, login here and view the webinar replay.

#PracticeManagementNuggets, clinic, fax, healthfare, mandatory privacy breach notification, medical, podcast, privacy breach

Are You Prepared For Patient Centered Care in Your Clinic?

Posted on February 21, 2019 by Jean Eaton in Blog

Do you have patients who come to your clinic once–and never return again?

Can’t remember the last time you did a patient satisfaction survey?

Do your patients complain about waiting too long, or not receiving the customer services that they expect?

Have your patients posted a complaint about your clinic on social media?

Do your staff ask you for training on how to empathize with difficult patients and their families?

Practice Management Nuggets Podcast

Brian Lee, CEO of Everyone's a Caregiver Learning Systems is my guest expert on Practice Management Nugget Podcast for Your Healthcare Practice. Brian Lee, CSP, is one of North America’s leading experts in the field of World-Class patient experience, staff engagement and culture change.

Brian Lee discussed options for the healthcare provider and business owner to easily deliver training to your healthcare team so that you can improve patient satisfaction and patient centered care in your clinic.

My favorite takeaways from the podcast

  1. In the patient centered clinic, everything that we see and do needs to meet the patient’s expectation or we need to manage those expectations.
  2. When you improve employee morale, you improve the patient experience, too.
  3. Most healthcare providers and support teams never receive education about healthcare customer service skills.

The return on investment of patient experience education, empowering providers and staff to deliver an enhanced, timely, patient experience, is pretty dramatic. When you are prepared for patient centered care in your clinic, you will improve patient satisfaction, and save time and money in your healthcare practice.

Be sure to tune in to my interview with Brian Lee on How Improved Patient Satisfaction Saves You Time And Money | Episode #074

Then, click here to get the free sample modules of the new Patient Centered Clinic: the unique on-line education to help you empower providers and staff to deliver an enhanced, timely, patient experience!

Patient Centered Clinic Empowerment

If you are a member of Practice Management Success, login here and view the webinar replay.

Listen to the Podcast
#PracticeManagementNuggets, Patient centered, patient centered care in Canada, patient centered care in community healthcare practices, Patient centered care in your clinic, patient centered clinic, patient centred clinic, patient-centered medical home, patient-centred, podcast

Holidays Are a Great Time to Listen to Podcasts!

Posted on July 22, 2017 by Jean Eaton in Blog

Holidays are a great time to listen to podcasts. You might be camping, taking a road trip, or relaxing in your own backyard.

A podcast is basically a digital recording. An audio-only talk show. The modern radio show.

You can listen and learn, laugh, and allow yourself to spark new ideas.

There are thousands of podcasts to choose from! You may be surprised how many podcasts that there are in Alberta. Check out Seen and Heard in YEG for a sampling of Edmonton podcasts.

Why Should I Listen to Podcasts?

• Podcasts are constructive and filled with positive information.
• Podcasts are entertaining.
• Podcasts are usually free!
• Podcasts can help you become the best version of yourself.
• Podcasts force you to stop and listen. With all that background noise out there these days, how often do you really listen?

Top Podcast Picks for You!

Did you know that Practice Management Webinars for Your Healthcare Practice are also available as a podcast?

This interview series with practice managers, healthcare providers, or trusted vendors who support healthcare practices. Topics include things you need to know to help you start, grow, fix, or maintain your healthcare practice. The podcasts are short – about 30 minutes – with nuggets of information that you can use right away.

This season, our top podcast downloads include:

  • Do You Feel That You Are Just Not Being Heard? With Lauren Sergy
  • Payroll and Human Resources Solutions for Your Healthcare Practice With Dania Moazzam
  • Worried About Inaccurate Health and Medical Information Online? With Carol Francis Bush
  • Harnessing Social Media to Strengthen Your Pharmacy Business With Saam Ali
  • Fill Cancellations Without Making a Single Phone Call With Hernish Acharya
  • How Do I Know If My Computer Is Secure? With Craig Petronella

You can select your podcast using your favourite podcast account including: iTunes, Stitcher There are over 30 Practice Management Nugget Podcast that you can select from.

I will send much good karma your way if you include #PracticeManagementNuggets in your Facebook and Twitter posts!

Happy listening, and remember #PracticeManagementNuggets #amlistening @albertapodnet

[clickToTweet tweet=”Perfect for #Healthcare #PracticeManagers, #amlistening! #PracticeManagementNuggets” quote=”Share Your Favourite Podcast”]

If you don’t currently listen to podcasts, I encourage you to visit iTunes or Stitcher to search for one that grabs your interest. You may be happy to discover that many of your favourite personalities already have a podcast you can start tuning into. Even Practice Management Nuggets is available in podcast format!

Please Subscribe and Share 

Click here to see all the episodes available on Stitcher!

Subscribe with iTunes

Click here to see all the episodes available on iTunes!

Happy listening, and remember #PracticeManagementNuggets #amlistening

Here’s a simple little video showing you how to subscribe to my podcast on Stitcher, on your desktop computer!

 

 

 

 

 

 

 

 

 

#amlistening, #PracticeManagementNuggets, #YEG, Alberta Podcast Network, healthcare, podcast, practice management nuggets
1234

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

Thank you so much for the webinar [on Privacy Breach]. It was very informative and thought provoking.

- Sheryl McCormick, Executive Director, Cold Lake Primary Care Network

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.