Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

How AI Improves EMR Auditing

Posted on September 8, 2020 by Jean Eaton in Blog

Healthcare providers and clinic managers have three common myths about EMR user monitoring auditing.

Myth #1 – The electronic medical record EMR automatically does all the auditing – I don’t have to do anything

Myth #2 – I don’t have to audit my users – I know them

Myth #3 – I won’t have to worry about this until I have a breach

Rob Pruter, the User Monitoring Expert at SPHER is my guest on this episode of Practice Management Nuggets For Your Healthcare Practice!

He’s going to share with us how to protect your practice and your patients when you use Artificial Intelligence (AI) technology that can recognize unusual activities and generate a warning message.

Finally, an easy way to perform user monitoring and quickly recognize risks from external bad actors and employee snooping incidents!

Rob Pruter's #1 Tip to Healthcare Providers, Clinic Managers, and Privacy Officers

Nobody goes to the doctor to get their identity stolen! Click to Tweet

My Favorite Takeaways From The Podcast

  • Patients trust their healthcare providers – not just about their medical information, but personally identifying information, too.
  • Identity and access management is critical! Everyone needs a unique user ID.
  • Increasingly important given the trend to remote access and browser based EMR access. Don't be complacent just because you can't see the users.
  • Artificial Intelligence (AI ) technology can quickly recognize unusual activities and generate a timely warning message so that you can react appropriately.
  • You don’t know when someone’s credentials have been compromised. People’s personal circumstances change. You need to demonstrate reasonable safeguards including user monitoring.
  • Designate a person (privacy officer, compliance officer) in the organization responsible to ensure regular review of users’ behaviour. This has a significant impact on decreasing the likelihood of being impacted by a privacy and security breach.
  •  

Featured Guest: Rob Pruter

SPHER Inc.

Rob is the Chief Revenue Officer at SPHER, Inc.

He is responsible for all global sales, marketing, and partner revenue at SPHER, Inc.

For the past 20 years, he has successfully built marketing programs and partner alliances in the healthcare IT space with larger companies and innovative start-ups.

He has a passion for protecting patient privacy and cybersecurity for the healthcare industry.

And he is my new best friend with a passion to improve audit log monitoring!

To find more from Rob, download the brochure from SPHER!

 

Be sure to tune in to my interview with Rob Pruter

How AI Improves EMR Auditing | Episode #094

 

Listen To The Podcast Here
#PracticeManagementNugget, AI, artificial intelligence, audit log, audit trail, clinic manager, compliance, healthcare, medical, podcast, review, Rob Pruter, SPHER, user monitoring

How To Make LinkedIn Work For You

Posted on August 17, 2020 by Meghan in Blog

Are you a clinic manager or healthcare provider who wants to build your network and re-fresh your professional connections so that you are better prepared for your next career move or, maybe, start or build your own business?

You have heard that LinkedIn is THE place to grow your career and your professional presence.

But are you wondering what the correct etiquette is, and the best practices for your LinkedIn profile?

Janice Porter knows the essentials to using LinkedIn that will make a big difference in improving your visibility and credibility – both crucial to prepare for your next job or move your healthcare practice towards profitability.

Janice will help you develop and use LinkedIn as a primary tool for bringing in new business.

Janice Porter is my guest expert on Practice Management Nuggets For Your Healthcare Practice.

Janice Porter's #1 Tip to Healthcare Providers

Keep your LinkedIn profile fully optimized! Click to Tweet

My Favorite Takeaways From The Podcast

  • LinkedIn is great for professional to professional connections
  • Keep your profile fully optimized – if someone searches your name, Google indexes LinkedIn so highly that your profile will be a top hit
  • First impressions are important! Make sure your profile is completed and professional
  • You need to have a LinkedIn profile for legitimacy
  • A professional headshot can improve your profile by over 93%
  • Be authentic
  • Create an optimized headline
  • Personalize your background
  • Be active and share content on your newsfeed
  • When you connect with people, write personalized messages 
  • Make new connections
  • When you build connections online, always aim to bring the relationship offline (Zoom coffee calls are a great idea!)

Featured Guest: Janice Porter

Janice Porter & Associates

Janice is known as a master communicator, and her passion is specializing in working and teaching professionals online and offline networking and marketing strategies for attracting, developing, nurturing, and retaining relationships that enhance business growth and profitability.

Janice believes anyone in business or looking for a new position, needs to have a professional LinkedIn profile, and that LinkedIn is a powerful, under-utilized online platform for attracting new clients, new referral partners, or being found by recruiters.

Connecting like-minded people is one of her innate gifts, because she cares and deeply values each person in her network. It is with deep insight and a steadfast belief in relationship marketing that Janice makes the introductions, and only when she is knows it will be beneficial to both parties.

To find more from Janice, download 16 Steps To A Fully Optimized LinkedIn Profile.

 

Be sure to tune in to my interview with Janice Porter,

How To Make LinkedIn Work For You | Episode #092

 

Listen To The Podcast Here
#PracticeManagementNugget, healthcare, healthcare careers, Janice Porter, LinkedIn, networking, podcast, profile

Pandemic Incident Response Review

Posted on May 15, 2020 by Meghan in Blog

Each healthcare practice has been impacted by the COVID-19 pandemic.

This is certainly a disruption to our business continuity and a risk to privacy and security of patient, employee, and business information.​

 

In this podcast on Practice Management Nuggets For Your Healthcare Practice, Jean L. Eaton shares a strategy to help you with your pandemic incident response review so that you can respond to a similar incident with confidence.

 

Jean Eaton's #1 Tip to Healthcare Providers and Vendors

Update your Pandemic Incident Response Plan! Click to Tweet

Each healthcare practice has been impacted by the COVID-19 pandemic.

This is certainly a disruption to our business continuity and a risk to privacy and security of patient, employee, and business information.

Each custodian and healthcare provider must maintain a written record of safeguards that have been implemented during the pandemic, ensure that these are communicated to their affiliates, and monitor to ensure they are followed.

  • What can we learn about the pandemic incident response so far?
  • As we prepare to re-open our practices, what can we anticipate?
  • If we experience a second wave and have to lock down again, are you prepared?

Jean L. Eaton

Jean EatonInformation Managers Ltd.

I am constructively obsessive about privacy and confidentiality in the healthcare sector–and I think you should be, too!

I offer tips, templates, and training to assist healthcare providers, clinic managers, practice managers, privacy officers and independent healthcare practice owners on practice management and privacy legislation that are actually fun and practical.

Your Practice Management Mentor and Your Practical Privacy Coach

 

Be sure to tune in to my podcast for tips on your pandemic incident response,

Pandemic Incident Response Review | Episode #088

 

Listen To The Podcast Here
#PracticeManagementNugget, COVID-19, healthcare, incident response plan, pandemic, podcast

What Healthcare Providers Need To Know About Computer Security And Standards

Posted on April 28, 2020 by Meghan in Blog

Do you see cyber and privacy incidents in the news – and worry that your computer system is at risk?

Are you overwhelmed with managing your computer network by yourself?

 

Jon Harmon knows that healthcare providers need to have strong computer security and standards.   

Jon shares his tips about computer security and standards that every healthcare provider needs to know.

Jon Harmon is my guest expert on Practice Management Nuggets For Your Healthcare Practice.

 

Jon Harmon's #1 Tip to Healthcare Providers and Vendors

Keep your systems up-to-date! Click to Tweet

My Favorite Takeaways From The Podcast

  • When using WiFi connections, always keep devices with confidential information connected to a separate private network – this helps mitigate the risk from outside threats.
  • Keep you computer systems up-to-date.
  • Have a regular off-site backup of your data.
  • Always accept regular updates to all network devices.
  • Don't let hardware run past it's recommended lifecycle.
  • Regularly update yourself and your staff on computer security.
  • Have siloed permissions on data on a need-to-know basis.
  • Don't rely on one person – great computer security needs a team!

Featured Guest: Jon Harmon

Accounts Manager, TRINUS

Jon joined TRINUS as Accounts Manager in October, 2017.

He likes to challenge himself in new and exciting opportunities in the Technological world. Jon loves being a husband and a dad. He’s passionate about Martial Arts and is also an avid historian of all incarnations of Punk Rock, Classic Rock and Alternative Rock.

Visit the Trinus Technologies website!

 

 

Be sure to tune in to my interview with Jon Harmon,

What Healthcare Providers Need to Know About Computer Security and Standards | Episode #087

 

Listen To The Podcast Here
#PracticeManagementNugget, computer security, cyber aware, cyber security, healthcare, information technology, podcast

Why You Need To Get The Right Agreements With Your Vendors

Posted on February 4, 2020 by Jean Eaton in Blog

Donna Grindle knows having a business arrangement agreement between a healthcare provider and their business associate is very important in defining clearly the responsibilities of both parties.  

But, many healthcare providers, business owners, and vendors don’t get this right!

Donna shares her observations on the HIPAA violations trends from the United States so that healthcare providers and vendors in Canada can prevent similar experiences and avoid massive fines and penalties.

Donna Grindle is my guest expert on Practice Management Nuggets For Your Healthcare Practice.

Donna Grindle's #1 Tip to healthcare providers and vendors

Don’t assume. Ask questions! Click to Tweet

My Favorite Takeaways From The Podcast

  • Healthcare privacy and security regulations are more similar than different.
  • Educate as many people as possible about the importance of privacy and cybersecurity.
  • Don't assume that you don't have to ask questions.
  • Privacy is a civil right.
  • Under HIPAA, any business that provides a service to covered entities (healthcare providers) that requires them to have access to protected health information is then considered a business associate (BA).
  • BA's are separately and equally liable to protect patient information.
  • You must have a written agreement between your vendors and your healthcare providers that describes how you will protect patient health information. If you disclose personal information without a written agreement, you are breaking the law.
  • BAA / IMA must include liability clause.
  • Tips: Healthcare Provider Selecting A Vendor
  • Tips: Vendor Selecting A Healthcare Client
  • Cybersecurity insurance

Featured Guest: Donna Grindle

Image ladyFounder & CEO Kardon and
Co-Host Help Me With HIPAA Podcast

Donna brings over 30 years experience in healthcare IT which is the solid foundation of Kardon’s HIPAA privacy and security consulting. Donna stays busy with speaking engagements, the weekly Help Me With HIPAA podcast, and managing a business with a growing client list. Donna’s sense of humor and southern charm spills out into everything she does.

Be sure to tune in to my interview with Donna Grindle,

What Healthcare Practices Should Know About Vendor Vetting And Accountability | Episode #085

Listen To The Podcast Here
#PracticeManagementNugget, BAA, business associate agreement, Donna Grindle, healthcare, HIA, HIPAA, IMA, information manager agreement, podcast, privacy compliance, vendor vetting

PIPEDA Mandatory Privacy Breach Notification

Posted on January 19, 2020 by Jean Eaton in Blog

Organizations subject to PIPEDA are required to report to the OPC any breaches of security safeguards involving personal information that pose a risk of significant harm to the individuals.

PIPEDA

PIPEDA is a Canadian federal law that sets out the rules for the collection, use and disclosure of personal information in the course of those commercial activities. PIPEDA outlines the 10 Fair Information Privacy Principles that businesses must follow regardless of their size. Organizations need to know privacy rules and make sure that you have the appropriate safeguards implemented in your business.

 

Does PIPEDA Apply To You?

image of map of Canada

PIPEDA applies to most businesses across Canada, excepting Quebec, British Columbia, and Alberta. These provinces have their own private sector laws that are substantially similar to PIPEDA.

But even in those provinces, PIPEDA covers federally regulated industries like transportation, telecommunications and banking. In addition, all businesses that operate in Canada and handles personal information that crosses provincial or national borders are subject to PIPEDA, regardless of which province or territory that they're based in. All businesses in the three territories also fall under PIPEDA.

In Alberta, we have privacy legislation called the Health Information Act (HIA) that takes precedence over PIPEDA and Alberta's Personal Information Protection Act, (PIPA). If a business, like a physician's office, has a privacy breach which includes health information, then the custodian of the physician office must report the privacy breach following the HIA regulations. If employee information or other non-health information is included in the breach then that triggers privacy breach notification under PIPA. Sometimes, a breach can include both types of information and the physician office must notify under each legislation.

In BC, the Personal Information Protection Act (PIPA) is BC's private sector privacy law that has also been deemed substantially similar to the federal private sector privacy law. BC does not have health information specific privacy legislation, so PIPA applies to private organizations in BC, including physician practices, and governs how the personal information about patients, employees and volunteers may be collected, used and disclosed.

If you are a business in Canada, for example, an electronic medical records (EMR) business and you have a data center in Canada where all of your clients across Canada provide their information and store it in your data center, the EMR vendor likely falls under the PIPEDA regulations.

The vendor may be responsive to other legislation as well. If you are an EMR vendor, you do not directly comply with the HIA in Alberta because that applies only to custodians. However, as an information manager of a custodian under the HIA, you have some obligations under the HIA in the event of a privacy breach. But that does not mean that you don't also have obligations under PIPEDA.

 

What Is Included In Personal Information?

image file folders

Personal information is more than just a name or an address. It's data about an identifiable individual that can, by itself or combined with other information, identify a person. It could be a person's age, ethnicity, medical information, credit card number or even an income level. It might also include their Internet Protocol (IP) address or their website or email information.

Regular surveys done by the Office of the Privacy Commissioner of Canada says that small businesses tend to be less aware of their privacy responsibilities than larger organizations. In 2017, 65% of large organizations with more than 100 employees indicated that they were privacy aware. But only 43% of small businesses indicated that they were privacy aware. Smaller companies may not have dedicated compliance officers or privacy officers, and they may not have a sense of privacy knowledge.

The compliance challenge for smaller organizations is made more difficult by the limited human and sometimes the financial resources available to them and the gap on the knowledge about the privacy obligations.

Lack of awareness can potentially lead to complaints about your business, which has an impact on your business's reputation.

 

Privacy Breach

A privacy breach occurs when there is an unauthorized access to or the collection, use, disclosure, our disposal of personal information. There are many things that could qualify as a privacy breach. If you have a financial transaction that includes clients’ information and now is publicly available on your website, that's a privacy breach. If you have somebody in your organization who has access to personally identifying information as part of their job, but they use it for some purpose other than their job, that's snooping, and that is a privacy breach.

There are many examples about what is a privacy breach, but any time that you view, use, or disclose without aauthorization is considered a privacy breach.

Privacy breaches also have a negative impact to our business because it takes time and resources to manage a privacy breach, and it has a huge impact to the reputation of an organization.

 

Privacy Breach Notification

image timeline

The November 2018 PIPEDA mandatory privacy breach notification regulations requires you to know where all of your personally identifiable information sources are and know the safeguards implemented to protect the data.

Then, you need to monitor the data to identify any breaches. If there is a breach of those security safeguards, you need to record all breaches. So even if there is a breach of a safeguard that nobody has exploited, you still need to record that you have identified that there is a potential risk and what you've done to be able to manage that risk and prevent that from happening again.

Next, you need to determine the risk of significant harm, or ROSH. (more about this later.)

The risk of harm test that identifies what information had been included in the breach and the type of harm that could happen to that individual as a result of the breach. When it reaches that ROSH threshold, then you need to notify the Office of the Privacy Commissioner of Canada office. Or, if you are in BC, Alberta or Quebec, you need to report that to the provincial privacy commissioner.

You also need to notify other people about that privacy breach.

You probably need to notify your clients. If you are an EMR vendor or another vendor that's providing a service to healthcare providers, you need to notify them about the breach.

As an example, if you are an EMR vendor that has been breached–perhaps a security compromise or hack into your data centre–you have a responsibility to notify the healthcare providers who collected the personal information. The EMR vendor must also report the privacy breach to the Office of the Privacy Commissioner.

You might also have an obligation to notify the individuals that have been affected by that breach. In your information manager agreement in Alberta, you should have clear written expectations about whether or not a vendor should notify the patients directly about a privacy breach or if the custodian or the health care provider is going to assume that responsibility. This is an important detail that you need to identify in your information manager agreement.

Also see the Practice Management Success Tip Top 3 Agreements Your Healthcare Practice Must Have (And Why) from Information Managers at https://InformationManagers.ca/top-3 for more on information management agreements (IMA.)

 

ROSH

image lady with paper

The risk of significant harm (ROSH) is a framework for assessing the risk to the individual as a result of the breach of individually identifying information. Adopt and use a framework for your organization to assist you to quickly and consistently assess a breach for ROSH.

If there is personally identifying information included in the breach, we can assume that the information is sensitive information to the individual. Generally, I recommend a default that if individually identifiable information is included in the breach, then assess that there is a significant risk of harm to the individual.

The circumstances of a breach may make the information more or less likely to be used maliciously. For example, additional questions that you may want to consider include how did the breach occur? How likely is it that someone would be harmed by the breach? Who actually accessed or could have accessed that personal information? How long has that personal information been exposed? Is there evidence of malicious intent, like hacking? Or was it a theft? Or did somebody intentionally tried to use that information and use it in a very covert way? Were a number of pieces of personal information breached therefore, increasing the risk of misuse? Is the breached information in the hands of an individual that represents a reputation to the risk of that individual or themselves? Or, was the information exposed to a limited, known number of entities who have committed to destroy and not disclosed the data.

 

Privacy Is Good For Business

image people in business

As always, good privacy is good for business. Poor privacy protection can damage your company's reputation and cut into your profit margin. When your practice proactive privacy, you enjoy the confidence and trust of your customers. Canadians tell us that the more they trust a company, the more likely they are to do business with it. Getting privacy right is your opportunity to demonstrate that you deserve their trust and their business.

Remember that one of the fair information principles is accountability. At the end of the day, you are responsible for protecting the personal information that you have collected.

 

Reference: Privacy and your business: An introduction to the Personal Information Protection and Electronic Documents Act. Office of the Privacy Commissioner of Canada. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/pipeda-compliance-and-training-tools/pp_bus/

Privacy Management Program

Build privacy protections into everything you do is a business. Having clear policies and procedures for the collection, use and disclosure of personal information is of vital importance for your business.

 

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

How to Manage a Privacy Breach with Confidence

The 4 Step Response Plan will help you with prevent privacy breach pain and give you the tips, templates, training, and tools that you can use right away to prepare your privacy breach response plan:

In the world of privacy breaches ‘If’ has become ‘When’. Will you be ready?

The best way to do this is by developing a privacy management program that covers all aspects of how you handle personal information. The 4 Step Response Plan will help your organization be prepared to prevent privacy breach pain. 

Click here for more information on the on-line 4 Step Response Plan course available now!

image

 

 

Learn How To Manage A Privacy Breach With Confidence
#PracticeManagementNugget, Canada, healthcare, mandatory notification, mandatory privacy breach notification, personal information protection electronic documents act, PIPEDA, podcast, privacy breach

Top 3 Practice Management Nuggets Blogs and Podcasts in 2019

Posted on January 2, 2020 by Jean Eaton in Blog

I wish you a prosperous New Year and personal and professional growth.

Practice Management Nuggets blog posts and podcasts is designed to help you achieve that. I started this in January 2014. We’ve grown over the years and improved the technology and platforms to better help you start, grow, and improve your healthcare practice. I help you to manage the pink elephant in the room!

Over the last year, you have made these blog posts and podcasts rank in the top 3 for 2019. If you missed these, or want to re-visit them, follow the links below.

Check out these top 3 Practice Management Nuggets blog posts and podcasts. Click to Tweet

Here Are The 3 Best Blog Posts And Podcasts Of 2019

Top 3 Blogs 

Recent Privacy Breach Convictions Under Alberta’s Health Information Act

Curiosity Is NOT Need-To-Know

The Top 3 Agreements Your Healthcare Practice MUST Have (and Why)

 

Top 3 Practice Management Nuggets Podcasts For Your Healthcare Practice

Privacy Awareness Quiz #PrivacyMatters | Episode #076

How Improved Patient Satisfaction Saves You Time And Money | Episode #074

Fax Received in Error – Is this a Notifiable Privacy Breach? | Episode #067

Stay tuned for more guest experts, tips, tools, templates and training in 2020!

blog, healthcare, podcast, privacy

How To Correctly Identify Patients And Use Photo ID

Posted on December 10, 2019 by Jean Eaton in Blog

Patients should be asked to show their Alberta Health Care Insurance Plan (AHCIP) card and photo identification when visiting a practitioner office.

The Importance Of Correct Patient Identification

Failure to correctly identify patients can lead to serious problems such as medication errors, as well as privacy breaches.

Positive patient identification is critical to ensure patient safety and protect patient data. According to industry research cited by RAND, 7-10% of registering patients are misidentified upon entry.

Patient mis-identification contributes to:

  • 27% of radiation errors
  • 29% of medication errors
  • 5% of wrong-patient/wrong-site surgeries
  • 850 medical errors and 20 deaths related to blood transfusions

And, of course, we must deal with the administrative headache of privacy breaches and medical identity theft and duplicate patient records!

In Canada, health ministries have underscored the importance of correct patient identification when they issue Patient Safety Alerts. Correct patient identification criteria is also included in Accreditation Canada standards.

Verifying patient information improves patient care and efficient business practices. Click to Tweet

Verifying patient information improves patient care and efficient business practices.

  • Care – Good patient care starts with correct patient identification. Incorrectly identifying patients contributes to medication, transfusion, procedure and testing, errors.
  • Good Documentation – Avoid incomplete, inaccurate, and duplicate patient records!
  • Gatekeeper –Each caregiver has the responsibility to identify the patient before providing a health service. I think that the family physician has an added role and responsibility of the patients’ gatekeeper to additional health services to ensure that the documentation of patient identification is correct at the time of registration.
  • Billing – Avoid rejected billing and re-work when you correctly identify the patient and record the data correctly the first time. Patient demographic information is best corrected while the patient is present at the clinic instead of trying to contact the patient after they leave the clinic.
  • Uninsured Services – The practitioner will submit a claim to the Alberta Health Care Insurance Plan directly for all insured services provided. If a provincial health care card is not shown or the individual is not eligible for coverage, they may be asked to pay for health services before receiving them.

How To Correctly Identify Patients

Ask The Patient Questions – When a patient presents to register for a new or repeat visit, ask for at least two sources of patient identification. You may also request new patients to complete a new patient registration form.

Ask for Photo Identification – Photo identification will validate that the information and the image of the patient in front of you corresponds to the information from the patient and AHCIP. If there is a discrepancy, the best time to sort it out is when the patient is still at the clinic.

New Patient Registration Form (optional) – A paper form allows for discretion when asking for demographic information including date of birth, address, medications, Alberta Health Care Insurance Plan, allergies, etc. This reduces overhearing the conversation from other patients and staff and can often improve workflow and reduce congestion at the reception desk.

Document – Record on the new patient registration form or the clinic note that the photo identification was reviewed and that the image matches the individual. Use a clinic note or other location in patient record that is used consistently in your healthcare practice. (Bonus Tip: You might be able to create a template clinic note in your EMR for this. Or, create a check list template of this and related tasks to be completed for each (new) patient registration.)

Enter the information into the patient demographic or EMR system. Use registration document standards to ensure consistent data entry.

Validate – the AHCIP # and the patient information is valid by using the Netcare parameter launch browser between the EMR and Netcare. This will also help to ensure that there are no data entry errors in the EMR. If necessary, assist the patient to complete a change of information form for AHCIP, or make an update entry in Patient Registry if you have appropriate access. If you don’t have access to the Netcare via browser or web sign-on, use the phone number to AHCIP for this purpose.

Don’t Photocopy The Photo Identification

You should record that you viewed the photo ID and verified, but do not record the unique number associated with the photo identification (for example, driver’s license number). Do not photocopy the photo identification.

Remember, we have a responsibility to collect the least amount of information necessary. Viewing photo id to verify the identity of the patient, is a reasonable step to ensure the safety of the patient and to prevent an error. Recording the drivers license number or photocopying the drivers license is not necessary to provide a health service and an unnecessary (and probably illegal) privacy and security breach.

Listen To The Podcast Here

Members of Practice Management Success

If you are a member of Practice Management Success, login and access the webinar replay, patient registration procedure template, collection notice template, and the new patient registration form template.

Not a member of Practice Management Success, yet? What are you waiting for?

Get Your Practice Management Success Membership Now!
#PracticeManagementNugget, AHCIP, Alberta Health Care, dentists, drivers license, healthcare, medical errors, Netcare, Patient identification, photo ID, podcast, registration, risk

Ransomware – 6 Mistakes Made By Dentists (And Their IT)

Posted on November 14, 2019 by Jean Eaton in Blog

Anne Genge of Alexio tells us that 96% of healthcare providers are concerned about how their staff are using personally identifying health information.

But, many healthcare providers and business owners don’t know what to do about it!

Can your staff protect you from a ransomware attack?

Yes, they can!

And it doesn’t have to be hard or expensive to do that.

Anne will help us to understand the cyber security risks that every healthcare practice in Canada is facing now and what you can do now to reduce your risk on Practice Management Nuggets For Your Healthcare Practice. Anne Genge, CEO of Alexio Corporation is my guest expert.

 

Anne Genge's #1 Tip to healthcare providers and practice managers

Invest in a professional cyber security risk assessment for your practice. Click to Tweet

My Favorite Takeaways From The Podcast

  • Ransomware is the biggest threat to any digital environment
  • Healthcare data is urgent – we need it to treat our patients.
  • Cyber security awareness is very low among healthcare providers.
  • Data loss often happens even when you can de-encrypt the data often resulting in 15% loss.
  • Without proper remediation, repeat ransomware attacks can happen.
  • Good backup insulate yourself from data loss, remediation costs, mandatory privacy breach reporting, loss of reputation, fines, and penalties.
  • Intrusion detection and prevention software can alert users to potential problems, but sometimes, individual users’ behaviour continues to put the practice at risk.
  • 90% -92% of successful breaches are facilitated by human error.
  • IT focus on efficient workflow and communications between systems. Security professionals monitor access to ensure it is authorized and appropriate. Both roles is necessary in our digital practices.

6 Mistakes Made By Dentists (And Their IT)

  1. Think that IT has them covered and that ransomware won't happen to me!
  2. Not updating and monitoring computer systems with intrusion prevention/detection.
  3. Don't have a comprehensive backup of all of your data in at least 3 locations.
  4. Don't run backup restore tests regularly.
  5. Don't have a written mandatory cyber security awareness training plan.
  6. Don't have an independent cyber security risk assessment and management plan annually.

Instead,

Take steps to prevent a ransomware attack – including cyber security education for your team, implement good IT systems, complete and comprehensive backup, and an annual cyber security risk assessment preventative digital IT health assessment.

Let Alexio help assess your risk, protect your practice, ensure data recovery, and train your staff.

Protect your investment today.

Get started with a quick on-line self assessment

Book a 30 minute consultation with Anne!

Follow Anne and Alexio on social media for more training and tips

InformationManagers.ca/Likes-Alexio

Anne GengeFeatured Guest: Anne Genge

Alexio Corporation

Anne Genge is a pioneer in protecting health data and those who use it. She is a Certified Information Privacy Professional with a specialization in dentistry. Anne also holds certifications for HIPAA, Credit Card Security, Internet, and Network Security. Ransomware and data theft have changed the face of dentistry in the past decade meaning dentists need a new toolkit for protecting their practices.

With over 20 years of experience, Anne knows the challenges healthcare providers face with technology. She and her team at Alexio Corporation work with dental and medical professionals to minimize data risk and maximize patient care. As healthcare grows increasingly dependent on the digital environment, cyber-security becomes increasingly more difficult. Protection of patient data is not only law, it’s imperative for business success and reputation. Anne simplifies cyber-security for dentists and other healthcare providers and gives ‘real world’ strategies to protect patient information and the practice business.

Be sure to tune in to my interview with Anne Genge,

Ransomware – 6 Deadly Mistakes Made By Dentists (And Their IT) | Episode #082

Listen To The Podcast Here
#PracticeManagementNugget, Alexio, Anne Genge, dentists, healthcare, podcast, ransomware, security risk assessment

How To Capture Patient Satisfaction With CareSay

Posted on July 2, 2019 by Jean Eaton in Blog

‘This call may be recorded to ensure quality control.’

We’ve all heard the recorded message when we call our bank or service provider .

But, is this the best way to capture patient satisfaction with their healthcare visit experience?

Are you looking for options to capture patient satisfaction with their interactions with your office staff during phone calls and their entire visit?

There are other options that require less technology, easier to implement, respects privacy, provides a more meaning constructive, helpful, feedback for your clinic team and engages your patients to improve their satisfaction.

I reached out to Brian Lee from Custom Learning Systems about his suggestions on how to explore patient satisfaction.

Brian Lee is my guest expert on Practice Management Nuggets Podcast for Your Healthcare Practice. Brian Lee is one of North America’s leading experts in the field of World-Class patient experience, staff engagement and culture change.

In this 16 minute episode, Brian Lee, shares options for the healthcare provider and business owner to easily capture and measure the patient's experience and give them an opportunity for feedback so that you can improve patient satisfaction and patient care in your healthcare practice.

 

Brian Shares His Key Tips Including

  • Options to create a patient experience survey (including CGCAPS).
  • New tools that empowers the patient to provide clinics with feedback about their experience.
New tools empowers the patient to provide clinics with feedback about their experience. Click to Tweet

My Favorite Takeaways From The Podcast

  1. Ensure that we do constructive, positive education with our caregivers.
  2. Measure the patient's experience.
  3. Empower the patient to provide the clinic and the caregivers with feedback.

Be sure to tune in to my interview with Brian Lee on How To Capture Patient Satisfaction With CareSay | Episode #077

Then, click here to get the free CareSay Review app: the unique new app to help you Connecting service providers and patients in a whole new way!

If you are a member of Practice Management Success, login here and view the webinar replay.

#digitalhealth, #PatientCenteredClinic, #PatientEngagement, #PracticeManagementNuggets, Brian Lee, CareSay, CGCAP, clinic, Everyone's a Caregiver, healthcare, medical, patient centered clinic, patient satisfaction, podcast, review
1234

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"The 15 Day Privacy Challenge has made me aware of the policies that my facility needs to update/create!"

- Rachel Worthing, CHIM, Ontario Shores Centre for Mental Health Sciences

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}