Positively Represent Your Healthcare Practice with a Dress Code Policy

Posted on May 20, 2021 by Meghan in Blog

Professional Appearance Positively Represents Your Healthcare Practice

Do you have a dress code policy in your healthcare practice? You might be in the front office or a healthcare provider. You might wear uniforms, lab coats, or business clothes. Regardless of your interaction with clients, customers, suppliers, contractors, or volunteers, the appearance of employees at your business supports your business image brand.

Patients and their families have reasonable expectations that their healthcare providers and employees at the clinic present themselves in a professional manner both in demeanor and appearance.

Why have a healthcare practice dress code policy?

Dress code policies, procedures and training will help to ensure a professional and consistent appearance of employees while also positively representing and supporting your business brand.

A policy provides guidance in making choices about clothing and appearance, for all staff.
The professional appearance of your staff supports the image and positive reputation of the clinic.
Use of uniforms and name badges creates a greater level of security and recognition for staff and patients.

What are some dress code guidelines?

General Guidelines:

If you do not have direct patient contact (i.e., billing clerk, consulting pharmacist, receptionist) wearing uniforms is optional. If you choose not to wear a uniform or lab coat, consider these guidelines when choosing clothes at the office:

Name Badges:

Help to identify you to our patients and clients.
Are provided by the clinic to each employee.
These are to be worn at all times.
If you are not wearing a name badge, you may be denied entry into restricted areas of the clinic.

Shoes:

Closed toes and closed heels or heel straps.
No high heels or built-up soles such that it could endanger yourself or patients.
Non-slip footwear.

Hair:

Clean and neatly groomed.
Long hair should be tied back during patient treatment or when operating machinery.

Clothing:

Clean, neat and in good repair and allows for full performance of all duties.
T-shirts and tank tops are not permitted. Polo shirts or styled cotton tops with pockets are acceptable. Discrete, non-inflammatory images and logos are permitted.
Sweatshirts are not suitable in direct patient care areas.
Tops need to be long enough and high enough to provide adequate coverage of abdomen, back and chest.
Fragrances should be avoided.
Jewelry, tattoos and body piercings must be discrete and provide no risk to the wearer or patient.

If you have direct patient contact (i.e., physicians, MOA, nursing, physiotherapist):

Clothing must meet infection control standards for the benefit of patients and to you and your family. The type of work that you do may require additional considerations.

No artificial nails are permitted.

In the interest of health and safety of our patients and our employees, no artificial fingernails are permitted. Artificial nails have been demonstrated to interfere with effective hand washing hygiene and has contributed to healthcare acquired infections.

When we know better, we do better

Download the Practice Management Success Tip, ‘Dress Code Policy'.

Discuss with your team the importance of professional attire and overall appearance.

The free Practice Management Success Tip, Dress Code Policy, will help you

Discuss with your team the importance of professional attire and overall appearance.
Review the professional work standards expected of each staff member, regardless of their role.
Guide discussions with your team, get their feedback and input, customize a procedure that you can use right away in your practice.

Show Me The Dress Code Policy

dress code, employee training, healthcare, medical, office dress code policy, policy template, Practice Management Success

How to Prepare Patient Records for a Court Order in Your Healthcare Practice

Posted on April 7, 2021 by Jean Eaton in Blog

How to Prepare Patient Records for a Court Order in Your Healthcare Practice

You are working at the reception desk of a healthcare practice. Suddenly, there is a police officer giving you a court order! Do you know how to prepare patient records for a court order?

Don’t Panic!

In this month’s Q&A with Jean, we discussed how to prepare patient records for a court order with confidence!

Now, just a reminder, I’m not a lawyer and I don’t play one on TV. These are my recommendations based on my experiences – as a director of health records in hospitals in Canada, as a court reporter, and as a mentor to clinic managers in independent healthcare practices – and this is not legal advice.

Follow These Steps

In this article, I am not discussing a situation which relates to a life-threatening situation that requires an immediate response. I am also not discussing when the order relates to the type or quality of healthcare provided to the patient or when the actions of the healthcare provider or clinic is being challenged or reviewed. These are topics for a different article.

Your reception staff should not accept the court order but, instead, immediately ask the officer to wait for a few minutes so that they can request their supervisor or privacy officer meet with them.

When the court order is an administrative request for information, the supervisor or privacy officer will accept the court order from the officer. Before the officer leaves, make sure that you read the court order carefully and ensure:

Who is named in the court order.
- This is often the clinic manager of the clinic. Your clinic should be specifically named or, perhaps, the name of your lead physician or healthcare provider.
Record the date and time that you received the order.
Clarify when the response is required.
Name and contact information.
- This could be of the officer that delivered the court order (if possible).
- At minimum, it should include the contact information of the court, for example, the court clerk’s office or the witness co-ordinator, or the sheriff’s office.
The province or jurisdiction of the court.
In general, this should be the same province where your clinic operates. If not, contact your lawyer for advice on how to respond.

Review Your Policies and Procedures

This is not a routine request from a patient to access their health records or a request to disclose their records to a third party like a lawyer or insurance company. In those routine requests, patients are generally required to provide a written, signed consent before you can disclose their records.

When you receive a court order or subpoena to produce patient records at a court or other legal proceeding, you are not required to get a signed consent from the patient.

Each healthcare practice should have detailed policies and procedures on how to prepare patient records for a court order. Review these now.

If you don’t have up-to-date policies and procedures, see the Practice Management Success Tip, How to Prepare Patient Records for a Court Order.

Validate the Court Order

Read the court order carefully. In particular,

Phone the contact number on the court order.
Confirm the date, time, and location that you are required to appear.

Locate the Patient Record

Find the patient information maintained in an electronic database, electronic medical record (EMR) and/or paper records. Remember to look for both active and inactive patient records as needed by the court order.

Read the patient record carefully, line by line, to ensure that the record is complete. For example, make sure that all lab reports, prescriptions, consultation notes, etc. are included in the record.

Secure the record to prevent snooping or modification to the record. Also ensure that the record is available for continuing care and treatment of the patient, if needed.

In an electronic record, prepare an audit log of all the transactions on that patients’ chart.

Ensure there is no duplicate or second chart for the patient that may have been created in error. Search by alternate names, spellings, date of birth, etc.

Ensure that each custodian included in the patients’ care and your healthcare practice’s privacy officer is informed of the court order to produce the record. The custodian should be provided an opportunity to review their clinic notes. Remind the custodian that they cannot further disclose the patient's record.

Prepare the Patient Record

Review the court order and identify exactly what information is requested. It might be for specific dates or a condition or treatment.

Keep complete and detailed notes about how you prepared your response to the court order. You will bring your notes with you to court to assist you in your testimony about how your clinic creates and maintains patient records and what you did to respond to the court order. After your court appearance, you will maintain your notes as part of the business records for the clinic.

Collect the information and record each of your steps and your results, including the records that you searched for as well as those that you did not find any results for.

If you maintain your patient records in an electronic medical record (EMR) or digital practice management software, print out a hard copy of all the information that responds to the information that is requested.

Sever (also known as redact or black-line) any information that is not appropriate to include in the disclosure. Cross-reference each redacted entry to the legal authority not to include the information in the disclosure.

If you are using an EMR, organize the paper print-out in a format that makes sense. This might be in chronological date order, or by grouping like records (clinic notes, lab results, etc.) together.

Create a ‘Table of Contents’ of the information in the patient record. This will help you in your testimony to quickly find requested information, and to help the court to locate information in the records that you have prepared.

At the same time, handwrite in ink at the bottom of each page the sequential page number in the package. Update the table of contents with the page numbers.

Stamp ‘COPY’ on each page.

When the package is complete, make a photocopy (or two) of the entire package. The ‘original’ paper copy will be maintained at the clinic. Bring the original and the copy to court and ask the court to accept your copy. Return the original package to the clinic and securely maintain this as part of the business records of the clinic until the court file is complete.

When You Attend At Court

As the clinic manager, your role at the court is to tell the court how patient information is collected and maintained in your healthcare practice. Your job is not to interpret the content of the clinic notes.

A few days prior to the court date indicated on the court order, phone the clerk’s office or witness support office to confirm the date, time, and location of the proceedings and if you are still required to attend.

On the day of the proceedings, report to the clerk of the court.

Bring with you the court order, your photo ID, the patient record, and your notes. Bring a good book to read in case you have a long wait.

You will be advised (again) if you are required that day. If you are not required, the clerk will make a notation on your court order to appear that you attended and that you have been dismissed. Keep this in your business records with the patient record.

If your testimony and the patient records are required, you will be called as a witness during the court proceeding.

You will be asked to swear or affirm an oath to speak honestly during your testimony.

Typical questions that you should be prepared to answer include:

Your name.
Your role at the clinic, how long you have been in that role, your routine tasks and responsibilities at the clinic.
Describe how patient records are maintained. Be prepared to explain your EMR or computer patient management system (if you have one).
Bring your notes about the steps that took to prepare for the court order. You may ask permission of the court to refer to your notes that you created when preparing to respond to the court order during your testimony, if necessary.
Explain that the patient records are kept electronically and that you have prepared a paper print-out of those notes.
Be prepared to explain how you know that the records are complete, not missing any details, etc.
If the court asks you to enter the records into evidence, explain that you have an ‘original’ and a ‘copy’ and ask the court to accept the ‘copy’ into evidence.

When You Return to the Clinic

Complete your notes by documenting your day at the court. Write a short summary of your day including:

Did you give a copy of the patient records to the court? To whom?
Remember to add this notation to the patients’ record that you disclosed this information according to the court order.
Any follow-up required for this disclosure?
Review your procedures. Anything that you would edit or provide additional instructions that will help you to be better prepared for next time you receive a court order?
Submit a copy of your out of pocket expenses (parking receipts, meals, etc.) for re-imbursement by your employer, if applicable.

What You Should Do Now

Review your policies and procedures now to ensure that it includes how to respond to a court order.
Train your reception staff on what to do if they receive a court order.
Train your privacy officer and clinic manager on how to prepare a patient record for a court order.

Depending on where you work, you may receive a court order regularly or it might be a once-in-a-career experience. When you have policies and procedures and a little bit of training to assist you, you can respond to a court order calmly and confidently.

If you are a member of Practice Management Success, login and access the ’Procedure: Preparing Patient Records for a Court Order’ template and the replay of the tutorial video.

Download Practice Management Success Tip - Preparing Patient Records for a Court Order Now!

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

court order patient records, health care, health records, healthcare, medical, Practice Management Success, subpoena to produce patient records, template procedure

Do You Use Employee Privacy and Security Policy and Procedure Checklist Templates?

Posted on December 21, 2020 by Jean Eaton in Blog

Why Do You Need Policy and Procedure Checklists for Onboarding and Exiting Employees?

There is much excitement when we welcome a new hire to our team and there are many administrative tasks that need to take place to get this individual up and running. An employee policy and procedure checklist will help!

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed to protect patient privacy as required by our professional colleges and privacy legislation. Otherwise, you face all sorts of risks, including privacy breaches and other legal problems.

To ensure that onboarding a new employee is a smooth transition, it is imperative to follow a practical checklist procedure to make sure no important steps are missed. There are also many other managerial benefits to adopting this high-quality process:

Better job performance and satisfaction
Greater commitment to protecting privacy in the organization
Reduced stress and better staff retention

Employee Privacy and Security Policy and Procedure Checklist

Policies and procedures are reasonable safeguards to protect the personal and health information entrusted to us. But polices and good intentions alone are not enough; we also need to take action to ensure our policies are understood and are being followed by all our employees.

Training new and existing staff on privacy and security best practices is instrumental in making your healthcare practice a success and maintaining its fine reputation. Following a systematic approach to welcoming a new employee, transitioning an existing employee into a new position, or offboarding an employee who is exiting will guarantee that valuable privacy and security training and accesses are completed.

Read this Privacy Breach Nugget that explains what can happen if you don’t have these good practices in place. Do You Know Where Your Policies And Procedures Are?

New Employee Orientation / Onboarding

New employees are a welcome addition to any team and there is a vast amount of training that needs to take place from general procedures on how to handle phone calls to signing confidentiality oaths to becoming familiar with all policies and procedures, in addition to learning the everyday job duties for their own position.

Since privacy is good for business, we do not want to miss any important opportunities to train our new staff on privacy and security best practices. Using the Employee Privacy and Security Checklist will help facilitate training discussions and document the authorized accesses of each employee.

Existing Employees / Annual Review

The checklist will also act as a tool for each employee at their performance review. Provide positive feedback and observations of an employee’s successes in protecting personal information. Discuss opportunities for improvement, too. This is also a good time to review an employee’s current authorized role-based accesses and determine if any changes are needed to match the employee’s current job duties.

Ensure that the employee still has ‘tokens’ that they were given at the time of their hire, like identity badge, keys to the clinic or Alberta Netcare RSA fob.

Privacy and security best practices dictate that confidentiality oaths should be signed on an annual basis and annual privacy awareness and security refresher training should also be provided to all employees. In the event of a privacy incident or breach, it is imperative that a healthcare practice can prove by their documentation that regular privacy and security training is provided to their staff.

Transferring / Exiting Employees

When an employee transitions into a new role or is terminated, review and update the privacy and security checklist to ensure that access and permissions are appropriately modified or terminated.

Custodian Responsibility

Custodians have an obligation to ensure reasonable safeguards to protect the privacy and security of health information. This includes having appropriate policies and procedures in place, as well as demonstrating and documenting that you have implemented your plans. This is a requirement of professional college standards of practice and privacy legislation like the Health Information Act (HIA).

See the article Do You Know Where Your Policies And Procedures Are? to learn what can happen to you if you don’t have your employee training process well documented

The Employee Privacy and Security Checklist will make it easy for you to ensure your new hires, existing employees, and transferring or exiting employees are privacy and security compliant.

Download the FREE Report - Employee Privacy and Security Policy and Procedure Checklist Template

Your practice also needs to have policies and procedures that set out how you ensure the privacy, confidentiality, and security of the health information you collect, use, and disclose. Don't know which policies and procedures you need? Download the Privacy and Security Policies and Procedures Checklist below!

Show Me the Policy and Procedure Checklist!

Practice Management Success

If you are a member of Practice Management Success, login and access the webinar replay, and the policy, procedure, and checklist template.

Not a member? Join today!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies And Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

When we know better, we can do better…

Jean L. Eaton is constructively obsessive about privacy, confidentiality, and security expecially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

checklist, clinic, health care, healthcare, medical, policy, Practice Management Success, privacy, procedure, template

The Top 3 Agreements Your Healthcare Practice MUST Have (and Why)

Posted on November 29, 2018 by Jean Eaton in Blog

In order to provide services, healthcare practices must collect pertinent information from patients. This data gathering often includes many sources of information, across different types of technology, among multiple vendors. Good business practices and health records management is supported by three agreements your healthcare must have: information manager agreement (IMA), information sharing agreement (ISA), and successor custodian agreement.

For instance, when a patient attends a clinic, their details are nearly always entered into a computer software program to maintain demographic information, manage patient appointments, and to process payments. Often, health service providers (including physicians, pharmacists, chiropractors, dentists, psychiatrists and more) record their patients’ notes into an electronic medical record (EMR).

Patient information is shared between providers where required. For example, when the patient visits a diagnostic lab for testing, results are often transmitted electronically to the ordering physician’s fax machine or to the EMR.

Custodians including physicians, pharmacists, chiropractors, dentists, and psychiatrists, as defined by the Alberta’s Health Information Act (HIA), must follow HIA legislation when they collect, use, and disclose health information.

Often, custodians are also the owners of independent healthcare practices. However, an owner of a healthcare practice is not the custodian if they are not also an active member of a regulated health profession named as custodians in the HIA.

1. Information Manager Agreement

The HIA allows custodians to contract with other health service providers and vendors for the purposes of providing information management or information technology services, so patients can receive health services, and make payments. This often requires the custodian to share patient information with a vendor (or give them access to) so the vendor can process, store, or provide information as needed.

The custodian selects one or more business to provide the services, equipment, or software to assist in the management of health information. For example: EMR provider, contracted transcriptionist, billing agent, remote backup service, etc. These businesses are known in the HIA as information managers.

Before sharing health information with someone else, the custodian must ensure that the partners and vendors have reasonable safeguards in place to protect sensitive health information. The custodians must ensure that there is a written agreement between the custodian and the information manager. These agreements are known as “Information Manager Agreements.” This requirement is stated in the HIA section 66(2).

The Information Manager Agreement (IMA) is one of three crucial agreements a healthcare practice must have in place.

If You Don’t Have an IMA

If you are a custodian who uses vendors as part of your business and you do not have an IMA with that vendor…

You are in breach of the HIA.
You may incur fines under the HIA.
You may face sanctions and disciplinary actions from your professional regulatory college.
Almost certainly, you will encounter conflicts, poor communication, between yourself and the vendor(s) and the other participating custodians in your practice.
You may lose control of the health information as reported in the Investigation Report H2013-IR-01from the Alberta Office of the Information and Privacy Commissioner (OIPC).

In a press release from the Alberta OIPC in 2013, Information and Privacy Commissioner Jill Clayton noted that:

“The HIA allows custodians to disclose health information to IT service providers, such as EMR vendors, under an appropriate Information Manager Agreement. When custodians do not sign these agreements, they may find themselves in the unfortunate position of losing control over the health information they need to provide health services.”

Investigation Report H2013-IR-01 (https://www.oipc.ab.ca/news-and-events/news-releases/2013/investigation-report-h2013-ir-01.aspx)

Who Must Create the Information Manager Agreement?

The custodian is responsible to ensure that there is an appropriate IMA created and signed.

The information manager can assist the custodian by preparing templates of the IMA including specific details of the services that they will provide and the safeguards that the vendor will implement to protect personal health information.

Key Points About IMAs

A few important notes about IMAs.

IMA must be signed by the custodian.
Agreements signed by individuals who are not custodians are not valid under the HIA.
Custodians are required under the HIA to have an IMA with the vendor before disclosing health information. If there is no agreement in place, the custodian is in breach of the HIA.
Custodians are responsible for the health information that they collect, use, and disclose. Therefore, the custodian is responsible for the IMA and to ensure that the health information will be handled confidently and securely.

Key Points IMA

The custodian can select the best vendor and information manager for the job. The vendor who understands the requirements of the HIA and who can demonstrate that they have implemented the appropriate reasonable safeguards and can assist the custodian to develop an appropriate IMA is, in my opinion, demonstrating a significant competitive advantage.

All healthcare providers in a community practice should spend time when creating their business to establish good business practices, including developing written contracts and agreements to improve the efficiency of the business and to make things happen in the way that they are planned.

Here is a common example

Dr. Alice and Dr. Mark created a welcoming family medical practice in a new sub-division of their city. They each worked hard to attract new patients, hire and train staff, and develop a profitable business.

In the last few years, Alice and Mark had differences of opinion on how to grow their business. In the end, Alice decided that this type of practice wasn’t for her. She decided to leave and join a larger practice in a neighbouring subdivision. Alice wanted to take her patient’s records with her to her new practice and continue to see her patients at the new location.

Mark, who had signed the IMA with the EMR vendor, did not agree to Alice’s request to transfer her patient records to her new group practice.

Alice and Mark argued and eventually involved a professional mediator to help them resolve their business conflict. Hurt feelings between the providers and staff, costly delays in their business and expenses could have been avoided if Alice and Mark had established clear expectations in the event of the termination of their business partnership when they started their group practice. An IMA between custodians in a group practice is a recommended best practice.

When You Have Multiple Custodians in Your Healthcare Practice

When the practice has multiple providers, the owner and custodian frequently assumes responsibility for maintaining the contracts and IMAs with the vendors. Each of the participating healthcare providers may delegate the responsibility of maintaining the vendor arrangements to the custodian owner. This can be achieved with an IMA between the owner / custodian and each participating custodian.

Custodian Owner IMA

Each healthcare provider custodian is considered the custodian of the health information that they collect. The custodians can jointly agree to all use the same EMR. This provides continuity of care for the patients and economy of scale for the participants of the practice.

When the owner/custodian signs the agreement with the EMR, they become the signatory custodian. The EMR vendor takes their instructions from the signatory custodian.

The owner / custodian is now an information manager for all the participating custodians. but does not become a custodian of the health information provided to them in their roles as an information manager.

For example,

Dr. Bill opened his medical practice, ABC Clinic. Later, additional physicians were recruited to work at ABC Clinic. The physicians are each custodians as defined by the HIA.

Dr. Bill assumes the responsibility for the operations of the clinic including the computer network and the contract with the EMR vendor. Dr. Bill is the information manager for the patient records at the clinic.

Each physician signs an IMA with Dr. Bill and agree that he will continue to manage the patient records on their behalf. Dr. Bill is operating as an information manager.

In his role of the information manager, Dr. Bill must follow the instructions from each physician, the custodian, as it relates to the management of their patients’ records.

2. Information Sharing Agreement (ISA)

When you have more than one physician in your practice, you need an agreement about how you will decide to manage the personal health information in your practice.

An Information Sharing Agreement (ISA) focuses on the internal decision making about all things related to personal health information whereas, an IMA is an agreement with a single vendor about the services that the vendor provides.

ISA IMA

An ISA may include things related to the services that a vendor provides but is not limited to just vendor services.

It also includes decisions about the process to ensure appropriate role based access to personal health information in the EMR, computer network, and paper formats; the regular review of health information privacy and security policies and procedures, ensuring privacy and security awareness training, the regular review of administrative, technical, and physical safeguards in the practice, and so on.

In larger organizations or when several smaller organizations participate in an information sharing initiative, a Data Management Committee may provide oversight and facilitate this process.

An ISA is a requirement of the College of Physicians and Surgeons of Alberta.

Identifying a successor custodian is also a requirement of the College of Physicians and Surgeons (CPSA).

3. Successor Custodianship Agreement

As a business owner, you need to plan a successor to the business. This might be an interim or short-term decision to ensure continuity during an absence or future retirement planning or unexpected illness or death.

In healthcare, physicians and custodians have the added responsibility as the ‘gatekeeper’ for patient records. In the event of a sudden inability to meet these responsibilities, physicians need to identify a successor custodian to ensure appropriate and continued access by patients to their health information for their continuing care and treatment and to ensure that the continuing confidentiality, security, and access to patient records continue to be fulfilled.

Have you identified a successor custodian? Each of the physicians in your group practice should also identify their own successor custodian.

This is a CPSA requirement and should also be included in the Privacy Impact Assessment if you have this information available. See CPSA, Patient Record Retention, s.5:

A regulated member acting as a custodian must designate a successor custodian to ensure the retention and accessibility of patient records in the event the regulated member is unable to continue as custodian. (Reference: Health Information Act Section 35(1)(q)

If you are a chiropractor, the Alberta College and Association of Chiropractors (ACAC) further requires its members to name a chiropractor as the successor custodian to maintain the status of ‘chiropractic’ records. (See the ACAC’s Standards of Practice s5.3 Custodianship of Health Records.)

A chiropractor, as a custodian of health records, is responsible for the care and control of the health records in their practices as required by the Health Information Act of Alberta. A custodian of active chiropractic files must be under the custody or control of an active, registered member of the ACAC.

Note that under the Health Information Act, a chiropractor may disclose files to another custodian who is not a chiropractor, and only a chiropractor may have custody or control of chiropractic files. Chiropractic files disclosed to a non-chiropractor should no longer be considered chiropractic files.

A custodian must implement technical and physical safeguards to protect the confidentiality of the information and privacy of individuals as well as protections against reasonably anticipated threats to the security or integrity of the information. A custodian must also defend against unauthorized uses, disclosures or modifications of the information. Safeguards must be periodically assessed and documented in policies and procedures.

If you are working in an owner/custodian scenario discussed above, clearly identifying a successor custodian becomes imperative. An unplanned absence of the owner / custodian can seriously jeopardize the business and the continuing care and treatment of patients.

The custodian can, but is not required to, name another custodian in the same practice to be their successor. Whatever your decision, ensure that this is well documented and easily accessible to the other custodians and key decision makers in your organization in the event of an emergency.

The best time to create IMA, ISA, and Successor Custodianship Agreements is when you start your healthcare business.

The second best time in now.

What are you waiting for?

If you need assistance, contact Jean L. Eaton, Your Practical Privacy Coach and Practice Management Mentor with Information Managers. I’m here to help you with your Practice Management Success.

Download the FREE Report - Top 3 Agreements Your Healthcare Practice MUST Have

If you are a member of Practice Management Success, login here to access the Top 3 Agreements.

When we know better, we can do better…

Jean L. Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

chiropractors, dentists, health care, Health Information Act, healthcare, HIA, IMA, information management agreement, information manager agreement, information sharing agreement, ISA, medical, physicians, Practice Management Success, successor custodian

New Mandatory Privacy Breach Notification Form

Posted on September 13, 2018 by Jean Eaton in Blog

AS of August 31, 2018, the new Alberta regulations regarding mandatory privacy breach notification requirements are in force.

The Alberta Minister of Health (MOH) and the Office of the Information and Privacy Commissioner (OIPC) have published the mandatory notification forms for you to submit your privacy breach notifications.

You can download the forms here:

Notification to Alberta’s Minister of Health: http://www.health.alberta.ca/about/Health-Information-Act.html

Notification to the OIPC: https://www.oipc.ab.ca/forms.aspx

You Will Be FINED $50,000 if You Don't Do This!

If you don’t have an active privacy breach management program and are not compliant with mandatory privacy breach notification, you may be fined up to $50,000.

I recommend that you also use an internal privacy breach reporting form to document your investigation and reporting. The form will help you to navigate the privacy breach management process and record information for your internal use. You can then copy and paste the necessary information to the mandatory notification forms.

If you are a member of Practice Management Success, login and access the Procedure Privacy Breach Management Template including the Privacy Breach Report Form.

Not a member of Practice Management Success, yet?

What are you waiting for?

Get Your Practice Management Success membership

If you are a member of the 4 Step Response Plan, login and access my video and review of how to use the MOH and the OIPC forms.

What You Should Do Now

Update your current privacy breach reporting policies and procedures with the new requirements for mandatory privacy breach notification.
Include copies of these new forms in your procedures so that you can easily access them when needed.
Ensure that your custodians are aware of the new mandatory privacy beach notification regulations. You can share the e-book, Understanding Privacy Breach Notification, to assist you.

Additional Resources

Alberta Health has also added a new chapter, Duty to Notify, to their HIA Guidelines Manual. You can download this chapter here. This provides additional examples of privacy breaches and appropriate responses including comments from OIPC investigations.

When we know better, we can do better…

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

Alberta, Canada, health care, healthcare, mandatory breach notification, mandatory privacy breach notification, medical, Practice Management Success

Can You Use Text Messaging With Patients?

Posted on September 6, 2018 by Jean Eaton in Blog

Have you ever said…

“If only I had someone to ask!”

Each month, we discuss your questions about practice management, human resources issues, clinic management best practices, procedures, resources, practical privacy tips, and more in Practice Management Success membership.

In this Q&A, we're talking about:

Can you use text messaging with patients?

The short answer is, ‘Yes’.

The longer answer is ‘Yes, but . . . make sure that you are really clear about why you want to use text messaging, carefully plan the implementation and monitor its use.’

What is the Purpose for Texting?

Clinics are feeling pressured to provide texting as a communication option to their patients.

It is important to be clear about why you want to use texting.

Texting from the Patient to the Clinic

What is the primary purpose for patients to text the clinic? It may be because they are in a remote community and texting is the only way to keep in touch with their healthcare provider. You might choose to accept text messages for appointment requests or continuing care and treatment.

Texting is generally not a secure communication method. It is difficult to confirm the identity of both the sender and receiver which can result in both communication and medical error.

It is difficult to communicate clearly using text short form and emoji!

What Are the Risks?

As the custodian, you need to weigh the risks of using texting vs not using texting. For example, if your work includes assisting people who are in crisis or are otherwise at risk, you may decide that the risk to the patient who has access to their healthcare provider using unsecured text messaging is less of a risk than the patient who experiences a critical incident and does not have other access to their healthcare provider.

You must decide what are the acceptable risks and appropriate use of text messaging.

I find that creating scenarios is a good way to do help you set up your boundaries. In what situations is using text messaging OK? In what scenarios is it not appropriate to use text messaging? Are there alternative technologies that can better, and more securely, meet these needs?

Record your reasons about what you will – and what you won’t – accept in your text messaging solution as part of your project documentation and implementation training.

text messaging risks

Workflow When You Receive Text Messages from the Patient

Consider how you will document the communication from your patient into the patient’s health record.

Is the device to receive the text message registered with the clinic?
Who will receive the text message from the patient?
How will you transpose that meaningful communication with the patient to the patients’ health record?

Be guided by the discussions in your team and with your patients to develop your policies and risk mitigation plans.

Texting From the Clinic to the Patient

Is your goal of a text solution to automate a workflow like routine appointment reminders? Or, perhaps, some episodic messaging like offering follow up appointments to discuss test results?

Authorization

Remember that the custodian (physician, pharmacist, dentist, dental hygienist, chiropractor, and more) assumes the risk of using unsecure technology. You can’t transfer the risk to the patient. However, you can mitigate the risk of error and unauthorized use of the health information by creating rules for use and ensuring that the patient understands:

how the technology is used,
your offer to use the technology in your healthcare practice,
the risks to the patient’s privacy and security of their personal information,
the patients’ role to prevent misuse of their personal health information, and
an agreement to follow the rules about the technology solution.

If you are a member of Practice Management Success, click here to access the sample authorization agreement.

Mitigation strategies

Alternate Technology Solutions

There are some third party vendors that can help you with routine text messaging with your patients. Wherever possible, use two factor authentication. For example, you might have a system where the patient must enter a PIN number before they can read the entire message from the clinic.

There are trusted technology solutions that you can use for text messaging. Many EMR providers now allow the clinic to text message your patients right from the EMR or patients can access the EMR using a patient portal. This is, by far, the most efficient workflow. It is usually the most secure technology and integrates the communication into the patients’ health record without copying and pasting, uploading, or re-typing into the patient record.

Microquest’s Healthquest EMR, for example, offers integrated appointment reminders via email, text, or voice messaging. Clinics can also allow patients to book their own appointments online with an online calendar integrated to the clinic’s Healthquest EMR.

Alternate third party texting solutions from trusted vendors that we have interviewed on our podcast, Practice Management Nuggets for Your Healthcare Practice, include Bleen and ezReferral.

Bleen is a third party patient appointment management application that allows patients to register with your clinic to receive appointment reminders by text message or phone call. The system also provides a self-help solution to patients to schedule their own appointment with their healthcare providers.

Clients with Bleen have seen dramatic changes in their patient management resources – reducing 40% to 60% of phone calls and 75% of no shows.

Click here to listen to the Practice Management Nuggets interview with Chris Narine and Robert Cove of Bleen.

ezReferral provides a third party referral management application that improves communication between the patient and the referring and consulting providers. The system saves an average of 60 minutes of staff time for each referral and improves the patients’ access to health care in a timely, efficient manner. It also includes a built-in secure fax solution.

This solution is ideal for healthcare practices with referrals within the medical community and even better when you are working with multidisciplinary referral teams. ezReferral works well for both paper based and electronic medical record based practices.

Click here to listen to the Practice Management Nuggets interview with Dr. Denis Vincent of ezReferral.

Privacy Impact Assessment

Before you implement a text solution to your practice you need to update your privacy impact assessment (PIA) or prepare a new, project based PIA. This doesn't have to be a big undertaking but it is really important that you take the time to design and document your application and implementation.

Privacy Impact Assessment

If you need some help with your PIA, I encourage you to take a look at our on-line e-course, Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments.

Efficient work flow, clear procedures, and rules of use authorization with your patients improves the likelihood that text messages will be used the way that you intended. However, these practices does not make the technology breach-proof. Carefully consider the merits of text messaging and how you can mitigate the risks before implementing text messaging in your healthcare practice.

Tell me more about PIA's

Download the FREE Report - Can You Use Text Messaging with Patients?

If you are a member of Practice Management Success, login and access the webinar replay, and the patient authorization form template.

When we know better, we can do better…

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

health care, healthcare, medical texting, Practice Management Success, Text messaging with patients, texting patients, texting with patients

How Do You Celebrate Your Receptionist?

Posted on May 7, 2018 by Jean Eaton in Blog

National Receptionists’ Day is celebrated annually on the second Wednesday of May. It is celebrated by organizations around the world, including the U.S., Canada, the U.K., Australia and New Zealand. National Receptionists’ Day was first celebrated in 1991 as a special day to recognize and appreciate the many contributions receptionists make to an organization.

The purpose of National Receptionists’ Day (Wednesday, May 9, 2018) is to:

Foster recognition of the importance of the receptionists role. They are usually the first person a customer or client meets when they visit a company.
Promote pride and professionalism amongst receptionists for the important role they play within an organisation.
Give receptionists an opportunity to share stories and link up with other colleagues.

The importance of the role played by receptionists is often overlooked. Instead, follow the advice from Nelson Scott, SEA Consulting:

“Take time on National Receptionists Day to let these “Managers of First Impressions” know how much you depend on them. Your organization's receptionist is often the first person that clients meet when visiting your office or calling it on the telephone.”

Display This Poster In Your Practice

Display a poster in your clinic to let your patients know how much you appreciate your receptionists.

Here's a poster that you can download and use right away!

Share in Social Media

Here's another great – and easy! – way to create engaging content for your social media accounts and team building, too.

Create one – or more – social media posts recognizing the value that your receptionists bring to your team and patient care celebrating the receptionists that you have in your clinic.

What To Do Next

Invite your staff to participate. Send an email, memo, or poster asking them to share what your Receptionist means to them.
Create a social media post message. Here is a sample:

National Receptionists’ Day is May 9th! At ABC Clinic, we recognize and appreciate all of the amazing contributions our Receptionist makes. Thank you (NAME)!

National Receptionists’ Day is May 9th! What are you doing to celebrate your “Manager of First Impressions”? #NationalReceptionistsDay

Add an image.
Pin your post to the top of your Facebook timeline.
Create additional posts to highlight each staff members' thoughts on your Receptionist. Share photos of your Receptionist being celebrated.

Download the Receptionist Images Templates

Would you like more tips like this?

Members of Practice Management Success Membership enjoy access to Tips, tools, templates and training to help you start, grow, fix, or maintain your healthcare practice!

Membership is open to all healthcare practices of any size – physicians, optometrists, audiologists, dentists, chiropractors, physiotherapists, nurse practitioners, and more!

Member access to online resources when you need it along with networking and support from other clinic managers, practice managers, and healthcare providers in independent community practices – just like you!

Learn More About Practice Management Success

celebrate receptionist day, clinic management, facebook, healthcare, manager of first impressions, practice management, Practice Management Success, receptionist day, social media images, templates

How Do You Declare as an Affiliate?

Posted on March 20, 2018 by Jean Eaton in Blog

Have you ever said,

“If only I had someone to ask . . . !”

In this Q&A, we're talking about:

Q1: When you have multiple custodians in your practice, when and how does a custodian declare themselves as an affiliate?

Q2: What is the importance of the audit log in your EMR?

Q3: Do you have a privacy officer? Roles and Responsibilities of a Privacy Officer.

Q4: When a new physician / custodian joins your practice what forms do they need to complete?

Q5: How to report a patient demographic error in Netcare.

If you are a member of Practice Management Success, login and join me now on the webinar. The replay will be available in your membership area.

Not a member of Practice Management Success, yet?

What are you waiting for?

Get Your Practice Management Success membership

When might a custodian want to declare as an affiliate?

Individual custodians working for Alberta Health Services or other large health authorities
Team or group practice where there is a lead custodian.
Short–term contract relationship where the custodian joins a practice, for example, maternity leave coverage, or rural or contract practice
Custodian prefers an ‘employee’ relationship, for example,
- registered nurse working in a physician group practice,
- dental hygienist working in a dental practice

When a custodian is not working in the capacity of a custodian, or wishes to work as an affiliate AND there is another custodian who will assume the responsibility of a custodian, then the custodian can declare themselves as an affiliate to that named custodian.

I prefer to include the declaration as part of the Oath of Confidentiality process. You could choose to do this as a separate process –just make sure to document the declaration and keep it in your clinic business files!

affiliate, custodian, declare as an affiliate, Health Information Act, Practice Management Success