Health Information Management (HIM) Professionals – what is their role?

Posted on March 19, 2018 by Jean Daffin in PMN Replay, Practice Management Nugget Interview

What can HIM professionals provide to your healthcare practice?

Lisa Proudfoot BRE CHIM
SAIT

Lisa Proudfoot, BRE, CHIM, an Instructor in the Health Information Management (HIM) Program at SAIT will help you understand the role of HIM professionals in clinic administration.

In this 30-minute Practice Management Nugget Lisa will give you practical information on:

What HIM professionals do
Why HIM professionals are essential to health services
What HIM students learn in the program
What are non-traditional opportunities for HIM grads and seasoned practitioners

Practice Management Nugget interview with Lisa will help with:

Information on practicum placements
What to expect when you hire a new grad
How HIM professionals can benefit your clinic administration

Join us for Practice Management Nugget interview

with Lisa Proudfoot, BRE, CHIM

Instructor HIM Program, SAIT

Recorded Live Thursday February 19, 2015

Replay Available During Health Information Management Professional Week 2018!

Celebrate Health Information Management Professional Week 2018!Click To Tweet

Resources

Learning Resource Guide – HIM Professionals

Health Information Management Program – SAIT HIM Practicum – SAIT

CHIMA – Canadian Health Information Management Association

Click the >> arrow to play the video.

#CHIMAHIPW2018, Health Information Managers, healthcare, HIM, Practical Privacy Coach, practice management, SAIT, training

Balancing Privacy and the Public Interest

Posted on January 30, 2018 by Jean Eaton in Blog

The 2018 Congress is your opportunity to explore leading issues at the crossroads of privacy, access, security, law and technology. Network with peers and colleagues from industry and government to explore this year’s theme — The Road Ahead — Balancing Privacy and the Public Interest. Get a clearer view of how privacy, access, security, compliance, law and technology intersect, and why that matters to you, your career, and your organization.

The PACC Congress takes a refreshingly pragmatic approach. We think it’s important to offer a truly varied assortment of perspectives and experiences — that offer practical guidance. Speakers from different locations, industries and organizations offer a range of views that are never the same-old, same-old.

The Congress is a unique professional development opportunity. Sessions are longer than at most conferences, and formal presentations are shorter — so that speakers have plenty of time to present their views, and delegates have time to ask questions and get real, unscripted answers. To accomplish that — and because the Congress is about quality, not quantity — registration is strictly limited.

Register now to get Early Bird Rates!

Learn, share and network at the 2018 National Privacy and Data Governance Congress.Click To Tweet

Topics Include:

The Virtual Fishbowl and the Future of Privacy – Will Artificial Intelligence, Automation, the Internet of Things and Block Chain Technologies Protect Privacy, or Destroy It?
Authentication & Beyond
Baked In – Not Sprinkled on Top: Practical Privacy Pointers
Privacy and Impact Assessment Fundamentals
Professional Development Workshop — Breach Response
GDRP
and more!

Click here to see the complete agenda

Continuing Professional Development Credits

The PACC is a membership association and credentialing body for anyone in the field of information access and privacy regardless of their career progression. The Congress has been approved for Continuing Professional Development credits applicable by the Law Society of Alberta, Law Society of Upper Canada, and the PACC Certification Board, and may qualify for CPD credits from other organizations as well.

Join industry experts, risk management professionals, thought leaders and regulatory authorities to explore critical connections between privacy, access, security and compliance. March 6-8, 2018 in Calgary, AB

Join speakers, delegates and thought leaders with shared interests in privacy, access and security. Colleagues from public and private institutions, federal, provincial and territorial governments, industry, academia and regulatory authorities will meet in a relaxed setting to enjoy workshop, breakout, keynote and plenary sessions.

Congress 2018 takes a refreshingly practical approach. Breakout sessions are longer than at most conferences, but formal presentations are shorter. Speakers offer practical examples and case studies.

Who should attend the National Privacy and Data Governance Congress?

privacy officer
security officer
access and disclosure administrators
compliance officer
FOIP Co-ordinators
human resources manager
insurance agents
healthcare administrators, health information management
medical ethicists and genetics

You will be directed to the PACC website to register.

The Congress Agenda is now available here.

#PACCongress, compliance officer, FOIP Co-ordinator, National Privacy And Data Governance Congress, Practical Privacy Coach, Privacy and Access Council of Canada, privacy officer, security officer

10 Key Steps To Prevent a Privacy Breach

Posted on January 6, 2018 by Jean Eaton in Uncategorized

Protect your business from errors, omissions, or attacks that could result in complaints, fines and even jail time!

Stop taking privacy for granted and start thinking how you can improve privacy for your business. It doesn't take a lot of effort to improve privacy in a big way.

Discover the top 10 key steps that you can make right away to prevent a privacy breach.

10 Key Steps To Prevent a Privacy Breach

Get instant access here

You will also benefit from the occasional Privacy Nugget tips by email of similar privacy resources and articles that you can use right away!

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

Document Management Tip, Practical Privacy Coach, prevent a privacy breach

Should You Change Your Passwords?

Posted on October 26, 2017 by Jean Eaton in Blog

Passwords are everywhere! It is the minimum security safeguard for all our devices – from our computers to ATM banking, to voice mail to security alarms.

But how secure are your passwords?

Passwords that are easy to ‘hack' or guess are opportunities for attackers to access personal or sensitive information or install malware (malicious software).

We are plagued by the necessity to remember a multitude of passwords. Some websites have basic complexity requirements and others do not. Some require you to change your password on a regular basis. We need different passwords for banking, social media, shopping, and just about anything online.

Keeping track of all these passwords can be a nightmare and the worst thing you can do is make them all the same.

One solution is to use a password manager. A password manager is a locally installed software applications that you can have on your computer and your mobile devices. It assists you to create and retrieve complex passwords on demand for all of your on-line (and off-line) user accounts from your Fracebook to your bank accounts.

There are a number of password managers that help store all of your accounts such as Dashlane, LastPass, 1Password, KeePass, RoboForm, Keeper Password, Sticky Password, and True Key.

Your password manager account is controlled by a single strong master password to unlock your “vault” of individual account passwords.

What is the best password manager?

David Papp, Your Tech Expert, knows that technology is the key to getting business done!

Join us for the Free 15 Day Privacy Challenge for David's recommendations on the best password manager system AND a free tutorial from My NAMS!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware #15DayPrivacyChallenge

#15DayPrivacyChallenge, #CyberAware, David Papp, My NAMS, password managers, passwords, Practical Privacy Coach

What is an Information Manager Agreement (IMA)?

Posted on October 25, 2017 by Jean Eaton in Blog

Having a clear agreement of how patient records will be maintained to ensure privacy, security, and confidentiality in a paper based patient record or in a shared EMR database is the objective of an Information Manager Agreement. This may also be called a Data Sharing Agreement, Information Sharing Agreement, or Business Associate Agreement.

Prenuptial Agreement

In a group healthcare practice, have a clear understanding in writing that sets out how patient records will be collected, used, and disclosed during the group practice is critical to the security of the patient information, health service provider information, and good will between members of the group practice. Think of this as the ‘prenuptial' agreement in your business relationship.

Who is an Information Manager?

In Alberta, the Health Information Act (HIA) defines an information manager. Generally, it is a special kind of an affiliate, usually a business or a vendor, who provides a service that does some specific task (authorized by the custodian) with health information. This could be a billing agent, accredited billing submitter, outsourced transcriptionist, EMR vendor or other service provider.

If you are using an EMR vendor, the named individuals on the IMA are the only persons that the software vendor can receive instructions on how to manage the records in the database. Often, this is the physician lead and business owner.

Sometimes, the custodian is also the information manager. For example, a physician (custodian) and business owner may assume the responsibility of ensuring the security of all the patient records authored by other custodians in the group practice. The physician / custodian / business owner / information manager must follow all the rules of the IMA and HIA.

Not every healthcare practice has an information manager. Some group practices have many information mangers providing different services. There are many details and options to consider. The discussion–and then putting it in writing–is the key to positive business relationship and secure records management.

Avoid surprises – and nasty exits

Some tips to prevent surprises:

Take a pro-active privacy role and inform patients how their information will be protected during the routine practice operations and when healthcare providers are added to – or leave – the practice.
Decide how you are going to decide about the on-going operational changes to how the software will be used in your practice.
Identify in the EMR software who is the primary (or default) healthcare provider for each patient. Talk with your software vendor how best to record this.

It’s never too late to start! If you missed creating an Information Management Agreement or Data Sharing Agreement in your group practice, do it now!

See the Digital Resources for samples that you can use.

Clinic on the Infographic to download

Download our Infographic, “What is an IMA?”

Watch the Video

business arrangement agreement, data sharing agreement, Health Information Act, HIA, IMA, information manager agreement, information sharing agreement, PIA, Practical Privacy Coach, Privacy Impact Assessment

Email Phishing

Posted on October 25, 2017 by Jean Eaton in Blog

Don't get caught on the phish-hook!

Did you know – 1 in 95 emails sent to small and medium sized businesses (SMB) include malware that can include ransomware or other malicious attacks. (source: Symantec)

There are many creative ‘cyber bad guys' who love to trick you into providing your personal information. You need to educate yourself about the kind of scams out there, and take heed to prevent a cyber attack.

Employees are still widely considered to be the weakest link in any security infrastructure,so it’s no surprise that phishing remains so popular and effective. The fact is, good phishing email looks just like regular messages from people we know and care about, and to make matters worse, it can also be difficult to detect.

When it comes to phishing, prevention is the best defense. Investing in employee education and training now can save you a great deal of time and effort further down the line.

Let's look at the most common kinds of cyber assaults:

Spam email includes large amounts of unsolicited emails that can annoy you, cause you to waste time, and slow down your internet communications.
Phishing emails look like they come from a real company you know and trust. The sole purpose of a phishing email scam is to trick you to go to a fake website that looks real, and enter personal information that gives the attacker access to your data.
Spear-phishing is a targeted attack. It looks real because the perpetrators use accurate-sounding information to trick you into providing more of your personal data. The attack may be launched when you open the email or attachment (it looked real, right?), or when you followed an external link. The attackers use malware-compromised systems or credentials to steal data and sell it on the black market.
Ransomware is a cyber attack that often uses phishing to access your network. This attack relies on users to make mistakes even if your network has antivirus software installed. The attackers encrypt your computer network (and any backup devices connected to your network) that prevents you from opening any of your computer data. The attackers hold your data ransom until you pay their hostage demands.

Many businesses admit to being attacked. It only takes one person in an organization to open an attack email, and everyone is impacted – possibly by a data breach, definitely by the time and money it takes to contain and report the attack.

It is essential to train your employees to help them identify an attack and prevent a breach.

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#15DayPrivacyChallenge, #CyberAware, cyber secruity, email phishing, Practical Privacy Coach

Top Tips to Improve Your Computer Security

Posted on October 24, 2017 by Jean Eaton in Blog

Think about a medieval castle. A moat surrounds high walls, protected by soldiers behind battlements. There is likely a drawbridge and a portcullis, and slitted windows for archers. These layers of defences keep the castle safer than if the inhabitants rely on only one strategy for defence.

Your computer is no different.

A password-protected computer, for example, may be compromised if you share the password. But if your data is also encrypted, a potential breach can be averted. Like a moat and a portcullis, layers of protection help to make your computer defenses stronger.

Here are some hints to ensure your computer system is well-defended:

Purchase business-grade computers. Manufacturers embed additional security features into commercial-grade equipment.
If you use multiple operating systems, like Apple mobile devices and Windows-based desktop computers, you need to address another layer of security. Good policies and default settings for one system may not apply to the other. Here is an article about the importance of layers of safeguards when using multiple systems.
Create unique user accounts. Make it easy for multiple users to switch users on the same computer instead of sharing passwords.
Users should have access to data on a ‘need to know' basis. If your computer network uses shared access to files, decide who needs access (and who does not) to each type of file. For example, everyone should have access to the policy and procedure manuals and forms, but only a few people need access to payroll information.
Set permission levels for folders with sensitive information.
Review and update the security settings on your wireless router – and change the WiFi password.

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away! Hurry – registration closes soon!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#CyberAware, computer security, Practical Privacy Coach

Do You Have a Website for Your Business or Club?

Posted on October 23, 2017 by Jean Eaton in Blog

If you manage a website for your business or club, you need to ward off hackers with an airtight security system on your website.

From our sponsor, MyNAMS , check out Hacker Attacker with Regina Smola – How to protect your website before and after you have been hacked.

Understand the layers of security needed on your website to protect yourself and your customers.

If you have an online business or a bricks-and-mortar business with a website or social media, these tools will quickly get you from start to smooth sailing.

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away! Hurry – registration closes soon!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#CyberAware, 15 Day Privacy Challenge, computer security, Hacker Attacker, MyNams, Practical Privacy Coach

Secure Computer Backup

Posted on October 22, 2017 by Jean Eaton in Blog

You know that Joni Mitchell song, Big Yellow Taxi? “Don't it always seem to go that you don't know what you've got 'til it's gone.”

This couldn't be more true than when your computer crashes. It's a terrible feeling when your software or hardware suddenly doesn't work, or you can't find an important file you know you had last month. This experience can be a speed bump on your busy day, or a nightmare that takes you days and weeks, and a lot of money, to recover.

Good business practices include having regular backup of your key documents, bookkeeping, website, emails, and databases including your Electronic Medical Record (EMR). If your information is personal or sensitive – to you, your client, or your business – the backup should also be encrypted.

Your backup plan should include a backup of your information in a separate location than the source documents. In case of a catastrophic failure – including bad weather, fire, theft – you can access your key information assets quickly. You could manage the backup yourself or outsource it to a remote backup provider.

Where is your encryption key?

Your encrypted backup files need a ‘key' or algorithm to de-encrypt the files so that you can read and access the information. Have you kept a copy of the encryption key in the same place as your source documents? Or have you kept the key in a separate location – away from the source documents and away from the backup files? Have you recorded in your disaster plan how to retrieve the key?

Where is your Encryption Key? Information Managers

Cybersecurity is for all businesses – even if you are not using social medial or have a website! Many small business think that they are too small to be attacked – not true! Not reviewing your security practices and keeping up to date can leave your small business vulnerable to attacks.

Remember to change your clocks for daylight savings time – and get into the habit to review your backup. Check to make sure that it includes all the information that it should and that you can restore the backup to a clean machine.

What will you do to improve your computer backup plan?

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#15DayPrivacyChallenge, #CyberAware, #NCSAM, computer backup, Practical Privacy Coach, privacy

Email Confidentiality Notice

Posted on October 16, 2017 by Jean Eaton in Blog

October is CyberSecurity Privacy Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #1

Take a quick look at your email address book: how many Jennifers and Toms do you see? Even uncommon names can show up more than once, and it’s easy to send an email to the wrong person by mistake.

Mistakes happen. But from a privacy perspective, it’s important that our email recipients know what we want them to do should we make an error of this sort. So it’s vital to include some guidelines in the form of a confidentiality notice.

Consider the following elements of a well-crafted confidentiality notice:

State your email privacy policy.
Encourage the recipient to inform you should an error occur.
Thank them for letting you know about any mistakes.
State that you believe their privacy is important, and that you will take every step necessary to correct the error to prevent it from happening again.

Does your email signature block and fax cover sheet include these points?

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware.

#15DayPrivacyChallenge, #CyberAware, e-mail confidentiality statement, Practical Privacy Coach, privacy

1 2 3 ›»