Do you have Netcare?

Posted on September 22, 2014 by Jean Eaton in Blog

Netcare's PIA Process

When we provide our personal and sensitive information to a healthcare provider, we want assurances that the confidential information will be respected. We expect that our information will only be shared with people who need to know the information to provide health services to us. Alberta's Health Information Act requires healthcare providers (custodians) to put appropriate safeguards in place to protect the privacy, confidentiality, and security of health information.

Alberta Netcare, also known as the Alberta Electronic Health Record (EHR), is a network of information systems that allows authorized users to see prescriptions, lab results, diagnostic images (e.g. x-rays and ultrasounds) and hospital reports (e.g. hospital discharge summaries). Netcare is used throughout Alberta in hospitals run by Alberta Health Services and Covenant Health and in medical clinics and pharmacies. This is managed by Alberta Health, Government of Alberta. Alberta Health Services (regional health authority), community pharmacies, labs and diagnostic imaging centres and other agencies upload patient information to Netcare.

Netcare Portal PIA

Each custodian is required by Health Information Act to submit a Privacy Impact Assessment to the OIPC. Alberta Health submitted a Privacy Impact Assessment (H1124) in 2006 for Alberta Netcare Portal (ANP) and an updated Privacy Impact Assessment (H3879) in March 2013.

Healthcare providers (custodians) who request access to Alberta Netcare Portal (ANP) must submit a Privacy Impact Assessment to the OIPC that documents the healthcare providers’ computer systems integration with Alberta Netcare.

If you have a previous Privacy Impact Assessment that was accepted by the OIPC regarding your access to Alberta Netcare Portal and it is less than two years old, you can submit a Privacy Impact Assessment Addendum. If you have previously completed a Provincial Organization Readiness Assessement (pORA) you will need to review and update the pORA including completing “Section Two: Mandatory Security Requirements for S2S Sites” and return it to Alberta Health for review and approval.

If you have not yet submitted a Privacy Impact Assessment

You need to submit a PIA to the OIPC for acceptance. This must reference the ANP Privacy Impact Assessment (H3879). You must also complete and submit a pORA including “Section Two: Mandatory Security Requirements for S2S Sites”.

Questions to ask:

1) When was the last time we reviewed our PIA? (This should be reviewed annually.)

2) Do we have / do we want access to Alberta Netcare Portal (ANP)? If ‘yes’, then:

3) Was your Privacy Impact Assessment accepted more than two years ago (before August 2012)? If ‘yes’, then

Review and amend your PIA and submit to OIPC including reference to ANP Privacy Impact Assessment H3879 and
Review your pORA including “Section Two: Mandatory Security Requirements for S2S Sites”. You will likely need additional support from your computer network vendor and your EMR vendor.

4) If you are a Registered Nurse and work in occupational health, at a First Nations care centre, at a remote nursing station, for a federal jurisdiction or for an authorized homecare service or self employed, you may be eligible to apply for access to Netcare as a custodian. The above steps also applies to you.

Please share this information with colleagues and your computer network support, EMR vendor, and privacy officer in your organization.

PS

Not all healthcare providers are custodians as defined by Health Information Act. For more information, see our blog, HIA Amendments and Document Management Tip

For more information see:

Alberta OIPC. Bulletin Health Information Act Bulletin August 2014 Update.

Alberta Netcare, Your System Integration with Alberta Netcare.

CARNA Netcare Access to Registered Nurses as Custodians.

Need to do a Privacy Impact Assessment or a Privacy Impact Assessment amendment? We have a course for that!

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course

Alberta, E-course PIA; privacy impact assessment, HIA, Netcare, PIA, pORA, Practical Privacy Coach, privacy officer

Top ten privacy and security tips for business

Posted on September 11, 2014 by Jean Eaton in Blog

September is the new New Year. Sunny days and cool nights. New schools. New fashions. New energy to review your New Year's resolutions.

How are you doing on your Top Ten privacy and security New Year’s check list?

Don't worry–here are few reminders.

Change your passwords on your computers, perimeter security alarms, voice mail, debit and credit cards and other places.
Encrypt your data. Do you know who has the encryption key?
Back up your data. Keep separate from the source data – on a different device and stored in a different secure location.
Restore your data, know how this works. Try restoring a few different files. Open the files and make sure that you can read and print the files.
Review your policies and procedures.
Check your employee orientation files and make sure that they are up to date.
Find and make a written inventory of all your USB drives and external hard drives. Store them in one location so that you can quickly notice if one is missing.
Find and make a written inventory of all your office door keys. Make sure none are missing and securely store what you do not need.
Update your privacy awareness and security training – and made sure that everyone – including contractors and professional staff – receive the training.
Update your oaths of confidentiality and review your contracts with vendors and information managers and business associates.

As a privacy officer, clinic manager, or healthcare professional it is your responsibility to ensure that you protect the confidentiality and security of the private information that your patients, employees, or business associates give to you. Of course, you want to protect your personal and business information, too!

These top ten privacy and security to do items are commonly accepted business best practices are a good foundation to develop your practical privacy and security program.

healthcare, Practical Privacy Coach, privacy, privacy officer, security

Privacy Awareness and HIA for Primary Care Clinics

Posted on August 25, 2014 by Jean Eaton in Privacy, Confidentiality, and Security Series Webinar

Thank you for registering for the Information Managers' Privacy, Confidentiality, Security Series Webinar event: Privacy Awareness and HIA for Primary Care Clinics.

Recorded live on Tuesday, September 2, 2014

Resources: Privacy Awareness and HIA for Primary Care Clinics

Webinar Learning Guide

Alberta Netcare Rights

Subscribe to Privacy Nuggets

After the Event
Audio Only

Audio and Slides

healthcare, Practical Privacy Coach, privacy, privacy awareness

Privacy Breach Notification

Posted on June 9, 2014 by Jean Eaton in Blog

Privacy breach notification to a regulator may not be mandatory in the jurisdiction, industry and circumstances of a specific incident. Whether or not it is discretionary or mandatory to notify individuals, this is always a step that should be considered for each incident. No matter what type of industry that we work in, it is important to recognize a privacy breach and understand our roles and responsibilities to properly manage a privacy breach.

Generally, a privacy breach happens whenever there is a loss, unauthorized access to or disclosure of personally identifying information. There must be some harm – some damage or detriment or injury.

The harm must be “significant” – it must be important, meaningful, and with non-trivial consequences or effects. There must be a “real risk” of harm – does not require that harm will certainly result from the incident, but the likelihood that it will result must be more than mere speculation or conjecture. There must be a cause and effect relationship between the incident and the possible harm.

Privacy Breach Notification

Generally accepted privacy practices guide us to ensure that individuals are notified about the breach. If individuals are not aware of the incident, then they can’t take steps to protect themselves. The breach can get bigger, broader, and a greater degree of harm. We want to make sure that we are notifying all the individuals affected by the breach. Remember that the author of the information, not just the person that the information is about, may also need to be notified.

Alberta’s Health Information Act has had a lot of activity lately relating to requirements of notification in the event of a privacy (or security) breach.

Summary of changes to HIA breach notification

Here is a summary of Health Information Act breach notification that you need to know.

Bill 12: Statutes Amendment Act, 2014 was submitted to Legislative Assembly of Alberta. The First Reading occurred May 5, 2014 and received Royal Assent on May 14, 2014. Although all bills become law when they have received Royal Assent, they do not necessarily come into force at that time. A bill may specify that it comes into force on proclamation. Proclamations may be used if a bill is to come into effect at a date after Royal Assent or if different parts of a bill are to come into effect at different times. Bill 12, Health Information Act section, specifies that “This section comes into force on Proclamation.” It is not known when the statue will be proclaimed.

Give notice

When the statute is proclaimed, the current wording requires a custodian as soon as practicable to give notice of the breach. The notice must be given to (a) the Commissioner, (b) the Minister, and (c) the individual who is the subject of the individually identifying health information. Ms. Jill Clayton, Information and Privacy Commissioner, issued a news release on May 7, 2014. The news release provides background on the explanation of ‘real risk of significant harm’. Note: the Statute Amendment (which has not yet been proclaimed) includes only the wording of ‘risk of harm’. See the OIPC website for more information on the current Health Information Act notification process. Other tools that may be of assistance include our Document Management Tip: Privacy Breach Reporting Form. Note that this tool was developed before the May 2014 changes to the Health Information Act.

The details of the new HIA notification process is not yet determined. We can, however, anticipate the requirements of notification to the OIPC by looking at the notification requirements of similar legislation, Personal Information Protection Act. See OIPC website for more information.

Stay tuned as we update our tools and resources as additional information becomes available.

Practical Privacy Coach, privacy breach notification

2014 Saskatchewan Connections Conference

Posted on April 16, 2014 by Jean Eaton in Blog

Jean will be presenting at the 2014 Saskatchewan Connections Conference on Wednesday June 4, 2014 at the beautiful Delta Regina. Saskatchewan's Access, Privacy, Security & Records Management Forum

1B: Managing a Privacy Breach: 3 Mistakes in Managing a Privacy Breach

Welcome video from Jean

Dealing with a privacy breach in your clinic can be stressful and confusing. What should you do? Who should you contact? In this presentation, learn the 3 common mistakes made when managing a privacy breach. Learn from someone else's mistakes!

In a fun and informative format Jean will present key principles to manage a privacy breach – and 10 key steps to prevent a privacy breach! Discussion will include proactive privacy and privacy by design principles to keep your practice breach free.

Agenda    Register at Verney Conferences

Let your colleagues know that you plan to attend this event! Follow Twitter @SK_Connections

Practical Privacy Coach, privacy breach

Mandatory privacy breach reporting proposed for HIA

Posted on March 3, 2014 by Jean Eaton in Blog

Information and Privacy Commissioner Jill Clayton has written to the Minister of Health to formally request the Government of Alberta consider amending Alberta’s Health Information Act (HIA) to include mandatory breach reporting and notification provisions.

In the letter, items for consideration in an amendment to the legislation include who should be notified about a breach, what the triggers are for notification, what should be reported and in what time frame, and whether there should be penalties, sanctions or other consequences for failing to notify. A copy of Commissioner Clayton’s letter has been posted to the Office of the Information and Privacy Commissioner’s website at www.oipc.ab.ca.

There are several current legislation that requires mandatory privacy breach reporting including PIPA in Alberta. We have best practices to follow when we have a privacy breach involving health care. (See our Document Management Tip: Privacy Breach Reporting Form as a sample tool to follow).

In healthcare, we strive to pay attention to details to provide the best care and treatment for our patients and respect the privacy of their personal information. However, we are human and errors do happen. How ‘small' or ‘big' does a privacy breach need to be require notification to a regulator? What might be the implications to a business if they must report each privacy breach? Are there other alternatives to mandatory breach reporting that we should consider?

Send me a comment by email and we'll compile the list and add to a future article.

Related Articles:

When is a privacy breach a privacy breach?

Webinar March 25, 2014 – 3 Mistakes in managing a privacy breach

Alberta, healthcare, Practical Privacy Coach, privacy breach reporting

About Jean L. Eaton

Posted on February 3, 2014 by Jean Eaton in Blog, Services, Training, Vendor

Do you collect personal health information?

If so, you know the importance of this sensitive information. Healthcare providers must ensure that every staff member understands their individual responsibility when it comes to handling personal information.

Jean L. Eaton gives you the skills and confidence to handle the elephant in the room!

Jean’s workshops, presentations, and books are ideal for staff members at all levels in any organization or clinic that collects, uses or discloses personally identifying information. This includes direct care providers such as physicians, allied health professionals, and associates, privacy officers, as well as other employees and support staff who are not directly involved in patient care.

About Practice Management Success

You have opened your first healthcare practice and are excited to greet your patients and help them live healthier, happier lives.

But now you realize that your healthcare training didn’t include all the business stuff you need now. Things like:

The right forms for your employees and patients

The right way to implement electronic medical records (EMR)

The right way to respond to access and release of information requests

What to consider before implementing new technology

And so much more!

Or, maybe, you have started your practice and are struggling with levelling-up your practice. You have hired a clinic manager to help you with the day-to-day management of your practice—but your employees aren’t confident to take action on their own, so you are still spending more time on the business of your practice.

You might already have a comprehensive privacy and security privacy and security manual—but haven’t read it lately or implemented it—and want to know where to begin.

Maybe you are struggling with:

Training your team

Taking privacy actions

Running the business

It breaks my heart when I see health care providers who eagerly open their first practice but don’t know how to train their front office staff. I see clinic managers struggling to fight fires while answering the phone, placing patients in rooms, and managing staff, and they don’t get around to bringing their privacy management program to life.

In fact, you may find that your office practices are getting sloppy and you don’t follow your own policies and procedures.

Implementing privacy compliance takes time!

I’m Jean L. Eaton, your Practical Privacy Coach and Practice Management Mentor. I help healthcare providers and clinic managers implement privacy best practices, like pulling together the right forms and paperwork to use with their employees and patients and implementing privacy best practices.

Whether it’s improving privacy workflow, understanding the impact of breaches, working with privacy legislation, or mentoring privacy practices among staff, I make privacy in healthcare simple and straightforward.

I have found that when healthcare providers and clinic managers have a practice management mentor to help them stay on track,

your privacy management program operates smoothly every month

you avoid nasty privacy and security incidents

your business operates more efficiently

When you focus on proper privacy and security practices, compliance falls into place. Compliance is there to prove your privacy and security program. It’s not just a bunch of paperwork.

Follow the ABC Clinic’s practice management adventures with all the books in the Practice Management Success Tips Series here.

Vol. 1 Tips to Prevent Employee Snooping – A Key Component of Your Privacy Practice Management Program

A Hands-On Guide to Protect Your Healthcare Practice from Privacy Breaches

Preview:

As Linda drove to the ABC Family Practice Clinic where she worked, she listened to the local news on the radio.

“In the most recent conviction under the health privacy legislation, a clerk formerly employed by a local community medical office was fined yesterday for snooping in patient records when she didn’t need to know the information to do her job. The court fined the clerk $3,000 and gave her a sentence of one-year’s probation, including no access to health information for one year.”

Yikes! thought Linda. I wonder if any of our patients were affected by this snooping incident? I wonder if the clerk is anyone I know?

The news anchor continued, “In Ontario, the Information and Privacy Commissioner of Ontario revealed that unauthorized access to personal health information — or snooping — by health care workers accounted for over 20 per cent of self-reported health privacy breaches in 2020.”

Snooping incidents are on the rise and can cost you time, money, heartache, and headache in your practice.

It’s pains me to know that this form of privacy breach is entirely preventable.

We know that human curiosity, interpersonal conflicts, shaming or bullying or financial gains are common motivators for snooping. We seem to be hard-wired to want to peek into someone else’s personal and private information. But snooping violates trust between our patients and the healthcare providers and the people who work for them.

We want our patients to trust us. We need the patients to share their personal information with us so that we can provide the health services to them. When healthcare providers and employees snoop in our patient’s information we destroy that trust with the patient. When one of our team members is snooping, it harms the effectiveness of our teams and damages morale in the clinic.

Looking at someone’s personal information without having an authorized purpose to access that information to do your job is known as ‘snooping’.

Even when you are “just looking” at personal information but don’t share that information with anyone else, this is still a breach of confidentiality. It is illegal. It is a privacy breach. It is snooping.

Author Jean L. Eaton uses real-world privacy breaches from practices large and small and reported in the news to illustrate how employee snooping in patient records affects patients, employees, and the practice in which they work.

By reading Tips to Prevent Employee Snooping-–A Key Component of Your Privacy Practice Management Program, you can avoid snooping privacy breaches in your healthcare practice.

This Practice Management Success Tip Will Help You

Take 5 practical steps to prevent employee snooping.

Provide clarity about what we consider a privacy breach.

Contribute to the health information privacy compliance in your healthcare practice.

BONUS Includes a ‘Say NO to Snooping’ poster that you can download and print in your practice. Privacy officers can use this as part of their privacy practice management training.

This book is the first in the all-new Privacy Management Success Tips series to help clinic managers, practice managers, privacy officers, healthcare providers, and owners implement practical privacy management in your business.

Available for purchase May 3, 2022

Click Here to Find Your Favourite E-Book Seller

Vol 2 Sanctions, Discipline, and Whistleblower Policies and Procedures!

Be sure to return here for the rest of the story in the next Practice Management Success Tip–Sanctions, Discipline, and Whistleblower Policies and Procedures!

Coming in November 2022!

Want to know when the next book comes out?

Click the button below to sign up to our email list – make sure you're always among the first to know when the next Practice Management Success Tip is available!

Follow Practice Management Success Tips!

Speaker, Workshop Facilitator, Podcast Guest

Real-World Privacy Practices for Healthcare Professionals and Businesses

Is patient information privacy an important issue for your listeners? Jean L. Eaton is a leading expert in information privacy management in healthcare settings, and is ready to help your audience improve their privacy practices, no matter what their role or healthcare setting may be.

I have a lot to share, and I make myself as available as possible! Whether it’s improving privacy workflow, understanding the impact of breaches, working with the Health Information Act (HIA) and other health privacy legislation, or coaching practice managers to improve privacy practices among staff, Jean makes privacy in healthcare simple and straightforward.

Your audience cares about privacy – bring in Jean to help them today!

Here are a few presentation topics for your consideration.

Choose from these two popular workshops, or request a customized presentation.

"

The Power of 3

Privacy Awareness in Your Health Care Practice

Privacy Awareness Training

Improve your patient satisfaction and prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor.

This is a critical workshop for everyone in the health care industry. Jean will engage your people in a fun and practical way to teach the key principles of privacy awareness. Through the use of every day scenarios and group discussion, new and experienced healthcare providers and support staff will learn the essentials of privacy, confidentiality, and security.

Learning Objectives:

Patient and client rights with respect to their personal information.

Key components of privacy legislation.

Safeguards that protect personal health information.

Privacy principles.

Recognize and report a privacy breach.

"

4 Step Response Plan

Prevent Privacy Breach Pain

4 Step Response Plan

Privacy incidents happen! 60% of small and medium business owners go out of business within 6 months after a privacy and security breach. Patients, clients, employees and business partners trust you to keep their private and sensitive information confidential and secure. Properly managing a privacy breach is critical to the continued success of your business. With Jean’s expert guidance, you will learn the critical skills of planning for and responding to privacy incidents, handling them with confidence while mitigating the risks.

Based on her new book, Prevent Privacy Breach Pain, Jean will guide you through the practical “4 Step Response Plan” to help you develop a privacy breach management response plan for your organization.

Learning Objectives:

Contain the breach.

Evaluate the risks.

Notify affected individuals and other stakeholders.

Prevent the breach from happening again.

When you know better, you can do better.
Jean L. Eaton
Your Practical Privacy Coach and Practice Management Mentor



Your Practical Privacy Coach

Jean is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal information, particularly in primary health care settings.

Jean has customized and delivered privacy training programs for privacy officers, records management professionals, implementation teams, and healthcare providers across Canada and the US.

You will learn how to use practical pro-active privacy in your practice. Privacy Education program that is actually fun and . . . practical!

Jean has helped hundreds of physicians, chiropractors, pharmacists, and other healthcare providers and privacy officers develop and improve their Privacy Education programs.

You know your practice better than anybody else. If you had the right tips, tools, templates, training and Your Practical Privacy Coach to help you, you can develop a practical Privacy Education program for your office, improve patient satisfaction, meet legislated and college requirements, and prevent big fines (or worse!).



Your Practice Management Mentor

Practice managers working in healthcare want to provide good services and have a profitable business. They have a sense of what they need to do to get there – but often need help with networking and resources. Jean shares templates, user guides, real-life examples, networking, practical resources and mentoring. We give you the confidence to take care of the elephant in the room!

Jean Eaton has worked in health records and primary care organizations for over twenty years, and is an experienced leader in health information management.

She understands that practice managers working in healthcare want to provide quality services and have a profitable business… and is committed to helping practices with the networking and resources to get where they want to be.



jean[at]informationmanagers.ca



(780) 237 - 7605



Book Jean for your next event and see the difference that privacy awareness can make!

Contact Jean to provide workshops and key-note address at your next event!

Available in person and techno-magically using webinars and live streaming.

Your Workshop Package can include:

A 60-90 second promotional video encouraging early registration with key sponsor mention.

A 30-minute preview marketing webinar on a related topic to pitch early registration with key sponsor billing.

Advance interviews of organization members to customize the workshop.

A special sponsor ‘lunch & learn’ seminar event.

Download Jean's Speaker One-Sheet

You may have seen Jean here . . .

2022 May, Ontario Society of Chiropodists, Annual Conference, “Top 3 Mistakes in Managing a Privacy Breach”.

2022 March, ‘How To Use Table-Top Privacy Breach Fire Drills to Protect Your Practice’, Health Information Management Association Australia (HIMAA).

2020 November 13, Canadian Federation of Podiatric Medicine Conference, ‘Practical Patient Records Management and Privacy Tips'.

2020, October 21, Canada's Second Virtual Health Privacy Summit, ‘Practical Telehealth Privacy Tips'.

2020 October, Contributing Author, “Managing Health Information Privacy During the COVID-19 Pandemic: Considerations and Perspectives from Around the Globe.” International Federation of Health Information Management Association (IFHIMA), www.ifhima.org

2020, August to December, CHIMA's Emerging Privacy Management Practices in Health Care 5-part series

2020, June 16, Rafiki Technologies' EVOLUTION SERIES Part 3, Your Guide to Privacy & Security Measures for the Health Care Industry

2020 June 5, Canada's First Virtual Health Privacy Summit, ‘Practical Privacy Tips‘.

2020 Jan 22, Data Security and Privacy 2020 Virtual Summit, “Privacy of Health Information, an IFHIMA Global Perspective”, BrightTalks

2019 November, Confident Women Leaders with Kathy Archer, '10 Key Steps To Prevent A Privacy Breach'

2019 September, In the Pink Seat with Dr. Angela Mulrooney, ‘Privacy Protection'

2019, Meeting Leadership Podcast with Gordon Sheppard, ‘Why Leaders Should Understand Privacy'

2019, Meeting Leadership Podcast with Gordon Sheppard, ‘What Leaders Need To Know To Start A Privacy Program'

2016 May 10, 2016 Saskatchewan Connections, Regina, SK. “4 Step Response Plan to Manage a Privacy Breach”

2016 March 30, National Privacy & Data Governance Congress, PACC, Calgary. “4 Step Response to a Privacy Breach”

2015 November, American Health Information Management Association (AHIMA), Webinar “3 Mistakes in Managing a Privacy Breach”

2015 June Chiro Secure, Webinar, “Email with Patients – What Are the Risks?”

2014 April 15 Edmonton Chapter – Alberta Association of Clinic Managers (AACM) Luncheon, Edmonton, Alberta “Privacy can be fun!”

2014 June 11-12 Health Information Management Association of Alberta (HIMAA) Conference, Edmonton, Alberta “Privacy Breach Management”

2014 November 14 PIPA Connections Conference, Calgary, “How to easily develop your own in-house privacy & security education program”

2014 September 24-26 Ontario Medical Group Management Association (OMGMA) 46th Annual Conference, Gravenhurst, ON. “Engaging Patients in an Electronic World”

2014 September 16-19  Alberta Association of Clinic Managers (AACM) Annual General Meeting, Canmore, AB.

2014 June 4 Saskatchewan Connections Conference, “3 Mistakes in Managing a Privacy Breach”

2014 May 9                 Canadian Counselling and Psychotherapy Association Conference, Victoria, BC.  “Managing a Privacy Breach – 3 Mistakes in Managing a Privacy Breach”

2014                Practice Management Nuggets’© webinar series. Weekly interviews with practice managers, healthcare providers, or trusted vendors who support healthcare practices.

2013 April 26              Alberta School Councils’ of Alberta Conference, Edmonton, AB.  “Privacy Risks and Kids”

2013 October 26         Literacy and Learning Day Conference, Edmonton, AB.  “Privacy Risks for Kids.  Is Your Child at Risk?”

2009 June                   Canadian Health Information Management Association / Saskatchewan Health Information Management Association Conference “Privacy Impact Assessments and the Health Information Management Professional – Leveraging What You Already Know”

2011 May                    Canadian Health Information Management Association, “Proactive Approach to Privacy, Confidentiality, and Security”, CHIMA CPE Webinar.

2009 – 2014     Private healthcare practices, in-services including “Health Information Act Lunch N Learn”, “Privacy Awareness In-Service”, “ROI (Release of Information) 101”, “Practical Privacy”

2009 – 2015 Information Managers Webinars, in-person workshops throughout Alberta including

“Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course”

“Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments”

“Prevent Big Fines (or Worse!) for your Healthcare Practice; Learn How to Plan a Privacy Impact Assessment”

“9 Steps to Hire (and Keep) Employees in Your Healthcare Practice”

“Privacy, Confidentiality, and Security for Medical Offices”

“How to complete a Privacy Impact Assessment”

“Developing Policies and Procedures for Medical Offices”

“Managing a Privacy Breach – 3 Mistakes in Managing a Privacy Breach

“Email and Patients – What do I need to know?”

“Clinic Managers Top 10 Data Privacy To Do List”

author, healthcare, Practical Privacy Coach, Practice Management Mentor, speaker

«‹5 6 7

Search the site
What is the elephant in the room?
Find out here...

Privacy Policy

“This was my first ever time I had to work on a PIA and I was a little nervous about doing it efficiently - but you really made it as simple and straight forward as possible. Thank you for being available for my questions when I had them. I would easily recommend Privacy Impact Assessments to Protect Your Practice course for anyone to do their own PIA's! Thank you so much!”
- Karen Sarabura, Clinic Manager and Privacy Officer, CGA Medical Imaging, Alberta
Register for Free On-line Privacy Breach Awareness Training!