Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Disclosure to a third party

Posted on July 30, 2014 by Jean Eaton in Blog

Patient Access to Health Records

Healthcare providers have a duty to assist the patient when the patient wants to access their own information or request that it be disclosed.

Can a patient authorize disclosure to third party?

Common requests for patient records include patients authorizing their own information to be sent to a third party. The third party – insurance agent, employer, government agency, etc – sometimes acts on behalf of the patient to request the patient’s records from their healthcare provider. The third party will often use their own forms. When the healthcare provider receives the request, they may have questions about the request.

If the custodian / physician has any questions or concerns about the request, they can (and should) get clarification before releasing the information.  You could:

a)  request the third party to provide clarification or provide a revised consent authorized by the patient or

b)  refuse the request and state the grounds (reminder – you need to state the legal authority not to process the request) or

c)  healthcare provider contact the patient directly to discuss the request to release records.  This is my personal favourite option. This meets the obligation of duty to assist, provides clarity for both the patient and the custodian about what information is (and is not) included in the response to the 3rd party.  You can have the patient book an appointment with the custodian to review the request and then update or provide a new consent to release.

Valid consent criteria

Valid consent criteria includes:

  1. Identify the individual (patient)
  2. Who has been authorized to disclose
  3. To whom
  4. Explicitly what information
  5. For what purpose
  6. Legal authority
  7. Patient acknowledgment
  8. Date, sign, valid until

‘Valid Until’

‘Valid Until’ is not a requirement under Health Information Act, however it is good practice.

The length of time ‘valid until’ is often discretionary to the custodian – often 30-90 days or whatever is reasonable to:

a) ensure that the patient authorizing the release can provide informed consent and

b) reasonable length of time to process the request (standard is 30 days turn-around to respond to a request)

A patient has the right to know how their health information is being collected, used, and disclosed. A patient has the right to access their own health information. A healthcare practice that demonstrates attention to detail, courtesy to the patient, and respect for confidentiality will also have good business practices and excellent customer service.

As a practice manager, clinic manager, healthcare provider or employee, it is your job to make sure that you know how to respond to access request, process the request, and provide good customer service. See our new series of articles, one article each week starting July 14, on the key steps in ‘Patient Access to Health Records.’

Additional resources:

Alberta Health and Wellness. HIA Guidelines and Practices Manual.

“Best of the Practice Management Nugget interviews’ will be posted next Thursday and will include the replay – and resources – for ‘Patient Access to their records’.  See informationmanagers.ca/pmn-events-live

 

Your comments and discussion are encouraged – join our new LinkedIn group, Practice Management Nuggets. When you are signed into LinkedIn, simply go to ‘interests’, ‘groups’, search for ‘Practice Management Nuggets’ and request to join.

Health Information Act, health records, patient access, patient rights, Practice Management Mentor, third party requestors, valid consent

Protected: Good news, Bad news. How to talk with the media: Replay

Posted on March 17, 2014 by Jean Eaton in Kindle bonus no membership, Practice Management Nugget Interview

This content is password protected. To view it please enter your password below:

Grant Ainsley, media training, Practice Management Mentor, Practice Management Nugget

About Jean L. Eaton

Posted on February 3, 2014 by Jean Eaton in Blog, Services, Training, Vendor

Do you collect personal health information?

If so, you know the importance of this sensitive information. Healthcare providers must ensure that every staff member understands their individual responsibility when it comes to handling personal information.

Jean L. Eaton gives you the skills and confidence to handle the elephant in the room!

Jean’s workshops, presentations, and books are ideal for staff members at all levels in any organization or clinic that collects, uses or discloses personally identifying information. This includes direct care providers such as physicians, allied health professionals, and associates, privacy officers, as well as other employees and support staff who are not directly involved in patient care.

About Practice Management Success

You have opened your first healthcare practice and are excited to greet your patients and help them live healthier, happier lives.

But now you realize that your healthcare training didn’t include all the business stuff you need now. Things like:

  • The right forms for your employees and patients
  • The right way to implement electronic medical records (EMR)
  • The right way to respond to access and release of information requests
  • What to consider before implementing new technology
  • And so much more!

Or, maybe, you have started your practice and are struggling with levelling-up your practice. You have hired a clinic manager to help you with the day-to-day management of your practice—but your employees aren’t confident to take action on their own, so you are still spending more time on the business of your practice.

You might already have a comprehensive privacy and security privacy and security manual—but haven’t read it lately or implemented it—and want to know where to begin.

  • Maybe you are struggling with:
  • Training your team
  • Taking privacy actions
  • Running the business

It breaks my heart when I see health care providers who eagerly open their first practice but don’t know how to train their front office staff. I see clinic managers struggling to fight fires while answering the phone, placing patients in rooms, and managing staff, and they don’t get around to bringing their privacy management program to life. 

In fact, you may find that your office practices are getting sloppy and you don’t follow your own policies and procedures.

Implementing privacy compliance takes time!

I’m Jean L. Eaton, your Practical Privacy Coach and Practice Management Mentor. I help healthcare providers and clinic managers implement privacy best practices, like pulling together the right forms and paperwork to use with their employees and patients and implementing privacy best practices.

Whether it’s improving privacy workflow, understanding the impact of breaches, working with privacy legislation, or mentoring privacy practices among staff, I make privacy in healthcare simple and straightforward. 

I have found that when healthcare providers and clinic managers have a practice management mentor to help them stay on track, 

  • your privacy management program operates smoothly every month 
  • you avoid nasty privacy and security incidents
  • your business operates more efficiently

When you focus on proper privacy and security practices, compliance falls into place. Compliance is there to prove your privacy and security program. It’s not just a bunch of paperwork.

Follow the ABC Clinic’s practice management adventures with all the books in the Practice Management Success Tips Series here.

Practice Management Success - tips to prevent employee snooping book cover

Vol. 1  Tips to Prevent Employee Snooping – A Key Component of Your Privacy Practice Management Program

A Hands-On Guide to Protect Your Healthcare Practice from Privacy Breaches

Preview:

As Linda drove to the ABC Family Practice Clinic where she worked, she listened to the local news on the radio.

“In the most recent conviction under the health privacy legislation, a clerk formerly employed by a local community medical office was fined yesterday for snooping in patient records when she didn’t need to know the information to do her job. The court fined the clerk $3,000 and gave her a sentence of one-year’s probation, including no access to health information for one year.”

Yikes! thought Linda. I wonder if any of our patients were affected by this snooping incident? I wonder if the clerk is anyone I know?

The news anchor continued, “In Ontario, the Information and Privacy Commissioner of Ontario revealed that unauthorized access to personal health information — or snooping — by health care workers accounted for over 20 per cent of self-reported health privacy breaches in 2020.”

Snooping incidents are on the rise and can cost you time, money, heartache, and headache in your practice.

It’s pains me to know that this form of privacy breach is entirely preventable.

We know that human curiosity, interpersonal conflicts, shaming or bullying or financial gains are common motivators for snooping. We seem to be hard-wired to want to peek into someone else’s personal and private information. But snooping violates trust between our patients and the healthcare providers and the people who work for them.

We want our patients to trust us. We need the patients to share their personal information with us so that we can provide the health services to them. When healthcare providers and employees snoop in our patient’s information we destroy that trust with the patient. When one of our team members is snooping, it harms the effectiveness of our teams and damages morale in the clinic.

Looking at someone’s personal information without having an authorized purpose to access that information to do your job is known as ‘snooping’.

Even when you are “just looking” at personal information but don’t share that information with anyone else, this is still a breach of confidentiality. It is illegal. It is a privacy breach. It is snooping.

Author Jean L. Eaton uses real-world privacy breaches from practices large and small and reported in the news to illustrate how employee snooping in patient records affects patients, employees, and the practice in which they work.

By reading Tips to Prevent Employee Snooping-–A Key Component of Your Privacy Practice Management Program, you can avoid snooping privacy breaches in your healthcare practice.

This Practice Management Success Tip Will Help You

  • Take 5 practical steps to prevent employee snooping.
  • Provide clarity about what we consider a privacy breach.
  • Contribute to the health information privacy compliance in your healthcare practice.

BONUS Includes a ‘Say NO to Snooping’ poster that you can download and print in your practice. Privacy officers can use this as part of their privacy practice management training.

This book is the first in the all-new Privacy Management Success Tips series to help clinic managers, practice managers, privacy officers, healthcare providers, and owners implement practical privacy management in your business.

Available for purchase May 3, 2022 

Click Here to Find Your Favourite E-Book Seller

Vol 2  Sanctions, Discipline, and Whistleblower Policies and Procedures!

Be sure to return here for the rest of the story in the next Practice Management Success Tip–Sanctions, Discipline, and Whistleblower Policies and Procedures!

Coming in November 2022!

Want to know when the next book comes out?

Click the button below to sign up to our email list – make sure you're always among the first to know when the next Practice Management Success Tip is available!

Follow Practice Management Success Tips!

Speaker, Workshop Facilitator, Podcast Guest

Real-World Privacy Practices for Healthcare Professionals and Businesses

Is patient information privacy an important issue for your listeners? Jean L. Eaton is a leading expert in information privacy management in healthcare settings, and is ready to help your audience improve their privacy practices, no matter what their role or healthcare setting may be.

I have a lot to share, and I make myself as available as possible! Whether it’s improving privacy workflow, understanding the impact of breaches, working with the Health Information Act (HIA) and other health privacy legislation, or coaching practice managers to improve privacy practices among staff, Jean makes privacy in healthcare simple and straightforward.

Your audience cares about privacy – bring in Jean to help them today!

Here are a few presentation topics for your consideration.

Choose from these two popular workshops, or request a customized presentation.

"

The Power of 3

Privacy Awareness in Your Health Care Practice

Privacy Awareness Training

Improve your patient satisfaction and prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor.

This is a critical workshop for everyone in the health care industry. Jean will engage your people in a fun and practical way to teach the key principles of privacy awareness. Through the use of every day scenarios and group discussion, new and experienced healthcare providers and support staff will learn the essentials of privacy, confidentiality, and security.

Learning Objectives:

  • Patient and client rights with respect to their personal information.
  • Key components of privacy legislation.
  • Safeguards that protect personal health information.
  • Privacy principles.
  • Recognize and report a privacy breach.
"

4 Step Response Plan

Prevent Privacy Breach Pain

4 Step Response Plan

Privacy incidents happen! 60% of small and medium business owners go out of business within 6 months after a privacy and security breach. Patients, clients, employees and business partners trust you to keep their private and sensitive information confidential and secure. Properly managing a privacy breach is critical to the continued success of your business. With Jean’s expert guidance, you will learn the critical skills of planning for and responding to privacy incidents, handling them with confidence while mitigating the risks.

Based on her new book, Prevent Privacy Breach Pain, Jean will guide you through the practical “4 Step Response Plan” to help you develop a privacy breach management response plan for your organization.

Learning Objectives:

  • Contain the breach.
  • Evaluate the risks.
  • Notify affected individuals and other stakeholders.
  • Prevent the breach from happening again.

When you know better, you can do better.

Jean L. Eaton

Your Practical Privacy Coach and Practice Management Mentor



Your Practical Privacy Coach

Jean is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal information, particularly in primary health care settings.

Jean has customized and delivered privacy training programs for privacy officers, records management professionals, implementation teams, and healthcare providers across Canada and the US.

You will learn how to use practical pro-active privacy in your practice.  Privacy Education program that is actually fun and . . .  practical!

Jean has helped hundreds of physicians, chiropractors, pharmacists, and other healthcare providers and privacy officers develop and improve their Privacy Education programs.

You know your practice better than anybody else. If you had the right tips, tools, templates, training and Your Practical Privacy Coach to help you, you can develop a practical Privacy Education program for your office, improve patient satisfaction, meet legislated and college requirements, and prevent big fines (or worse!).



Your Practice Management Mentor

Practice managers working in healthcare want to provide good services and have a profitable business. They have a sense of what they need to do to get there – but often need help with networking and resources. Jean shares templates, user guides, real-life examples, networking, practical resources and mentoring. We give you the confidence to take care of the elephant in the room!

Jean Eaton has worked in health records and primary care organizations for over twenty years, and is an experienced leader in health information management.

She understands that practice managers working in healthcare want to provide quality services and have a profitable business… and is committed to helping practices with the networking and resources to get where they want to be.



jean[at]informationmanagers.ca



(780) 237 - 7605



Book Jean for your next event and see the difference that privacy awareness can make!

Contact Jean to provide workshops and key-note address at your next event!

Available in person and techno-magically using webinars and live streaming.
 

Your Workshop Package can include:

  • A 60-90 second promotional video encouraging early registration with key sponsor mention.
  • A 30-minute preview marketing webinar on a related topic to pitch early registration with key sponsor billing.
  • Advance interviews of organization members to customize the workshop.
  • A special sponsor ‘lunch & learn’ seminar event.
Download Jean's Speaker One-Sheet

You may have seen Jean here . . .

2022 May, Ontario Society of Chiropodists, Annual Conference, “Top 3 Mistakes in Managing a Privacy Breach”.

2022 March, ‘How To Use Table-Top Privacy Breach Fire Drills to Protect Your Practice’, Health Information Management Association Australia (HIMAA).

2020 November 13, Canadian Federation of Podiatric Medicine Conference, ‘Practical Patient Records Management and Privacy Tips'.

2020, October 21, Canada's Second Virtual Health Privacy Summit, ‘Practical Telehealth Privacy Tips'.

2020 October, Contributing Author, “Managing Health Information Privacy During the COVID-19 Pandemic: Considerations and Perspectives from Around the Globe.” International Federation of Health Information Management Association (IFHIMA), www.ifhima.org

2020, August to December, CHIMA's Emerging Privacy Management Practices in Health Care 5-part series

2020, June 16, Rafiki Technologies' EVOLUTION SERIES Part 3, Your Guide to Privacy & Security Measures for the Health Care Industry

2020 June 5, Canada's First Virtual Health Privacy Summit, ‘Practical Privacy Tips‘.

2020 Jan 22, Data Security and Privacy 2020 Virtual Summit, “Privacy of Health Information, an IFHIMA Global Perspective”, BrightTalks

2019 November, Confident Women Leaders with Kathy Archer, '10 Key Steps To Prevent A Privacy Breach'

2019 September, In the Pink Seat with Dr. Angela Mulrooney, ‘Privacy Protection'

2019, Meeting Leadership Podcast with Gordon Sheppard, ‘Why Leaders Should Understand Privacy'

2019, Meeting Leadership Podcast with Gordon Sheppard, ‘What Leaders Need To Know To Start A Privacy Program'

2016 May 10, 2016 Saskatchewan Connections, Regina, SK. “4 Step Response Plan to Manage a Privacy Breach”

2016 March 30, National Privacy & Data Governance Congress, PACC, Calgary. “4 Step Response to a Privacy Breach”

2015 November, American Health Information Management Association (AHIMA), Webinar “3 Mistakes in Managing a Privacy Breach”

2015 June  Chiro Secure, Webinar, “Email with Patients – What Are the Risks?”

2014 April 15 Edmonton Chapter – Alberta Association of Clinic Managers (AACM) Luncheon, Edmonton, Alberta “Privacy can be fun!”

2014 June 11-12 Health Information Management Association of Alberta (HIMAA) Conference, Edmonton, Alberta “Privacy Breach Management”

2014 November 14  PIPA Connections Conference, Calgary, “How to easily develop your own in-house privacy & security education program”

2014 September 24-26 Ontario Medical Group Management Association (OMGMA) 46th Annual Conference, Gravenhurst, ON. “Engaging Patients in an Electronic World”

2014 September 16-19  Alberta Association of Clinic Managers (AACM) Annual General Meeting, Canmore, AB.

2014 June 4  Saskatchewan Connections Conference, “3 Mistakes in Managing a Privacy Breach”

2014 May 9                 Canadian Counselling and Psychotherapy Association Conference, Victoria, BC.  “Managing a Privacy Breach – 3 Mistakes in Managing a Privacy Breach”

2014                Practice Management Nuggets’© webinar series. Weekly interviews with practice managers, healthcare providers, or trusted vendors who support healthcare practices.

2013 April 26              Alberta School Councils’ of Alberta Conference, Edmonton, AB.  “Privacy Risks and Kids”

2013 October 26         Literacy and Learning Day Conference, Edmonton, AB.  “Privacy Risks for Kids.  Is Your Child at Risk?”

2009 June                   Canadian Health Information Management Association / Saskatchewan Health Information Management Association Conference “Privacy Impact Assessments and the Health Information Management Professional – Leveraging What You Already Know”

2011 May                    Canadian Health Information Management Association, “Proactive Approach to Privacy, Confidentiality, and Security”, CHIMA CPE Webinar.

2009 – 2014     Private healthcare practices, in-services including “Health Information Act Lunch N Learn”, “Privacy Awareness In-Service”, “ROI (Release of Information) 101”, “Practical Privacy”

2009 – 2015    Information Managers Webinars, in-person workshops throughout Alberta including

“Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course”

“Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments”

“Prevent Big Fines (or Worse!) for your Healthcare Practice; Learn How to Plan a Privacy Impact Assessment”

“9 Steps to Hire (and Keep) Employees in Your Healthcare Practice”

“Privacy, Confidentiality, and Security for Medical Offices”

“How to complete a Privacy Impact Assessment”

“Developing Policies and Procedures for Medical Offices”

“Managing a Privacy Breach – 3 Mistakes in Managing a Privacy Breach

“Email and Patients – What do I need to know?”

“Clinic Managers Top 10 Data Privacy To Do List”

author, healthcare, Practical Privacy Coach, Practice Management Mentor, speaker
12345

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

Thank you so much for the webinar [on Privacy Breach]. It was very informative and thought provoking.

- Sheryl McCormick, Executive Director, Cold Lake Primary Care Network

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

0 shares
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}