Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

OIPC Annual Report

Posted on December 27, 2020 by Meghan in Blog

Alberta Office of the Information Privacy Commissioner Annual Report

Recently, the Alberta Office of the Information Privacy Commissioner (OIPC) released their Annual Report 2019/2020.

The report is from April 2019 to March 2020. This is the first full year of mandatory privacy breach reporting requirements in Alberta.

Because of the volume of the privacy breaches, the OIPC have now chosen to triage privacy breach reports. They are fast tracking any of those breaches where individuals have not yet been notified about that privacy breach or where there is a potential offense is suspected.

If you've submitted a privacy breach report to the commissioner's office and haven't heard from them yet, it may be because it's gone through this triage process and, if you have completed an internal investigation and notified affected individuals, your breach report has not been flagged as a high priority.

OIPC Report

OIPC Investigations

The OIPC conducted investigations regarding offences under the Health Information Act (HIA), usually privacy beaches. In that time period, they forwarded 18 cases to the Special Prosecutions Branch of Alberta Justice for further investigation. 

Privacy Breach Trends

There were some interesting privacy breach trends that were reported by the commissioner's office that were reported to them under the PIPA legislation, the Personal Information Protection Act. Of the cases that were reported to them, a hundred of them were all electronic systems compromises. So they have lost some security in the computer network system of some kind, either that was in their direct control or by a third party vendor.

Human error is still a large source of privacy breaches. This can include both misdirected communications, such as miss-sent snail mail, email, or faxes; and unauthorized disclosure, such as when health providers discuss health information with other providers not involved in the patient care.

There were also 20 incidences of theft that they noted in this report and it included rogue employees.

Snooping continues to be an issue, although the report did not provide numbers to go with that.

Ransomware is also a serious issue, one that the commissioner office predicts to continue, particularly in clinics who have a lack of technical security controls on their computer systems.

Social engineering, which is tricking someone into divulging information based on false pretenses and assumptions, is a significant danger in the healthcare industry.

 

Social Engineering Example

Somebody posed as a pharmacist and wrote emails to pharmacies in order to get information about a particular patient. The email reads like the patient traveled from one location to another location and the fraudulent pharmacist is asking their buddy pharmacists at the other location to provide some information. 

This social engineering campaign was considered a significant threat and the college of pharmacists actually released an advisory to pharmacies to warn them of this social engineering attack.

This is a good word of caution for all of us is to not make assumptions just because somebody's email signature line says a pharmacist or other healthcare provider. We still need to make sure that we have verified the identity of that individual and not rely on that email signature alone.

You can download the report from the OIPC website. It provides a variety of other statistics and examples about investigations reports and privacy breach trends that may be of interest to you.

Download the OIPC Annual Report Here

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

4 Step Response Plan – Prevent Privacy Breach Pain On-line Webinar

5 Low Cost Steps You Can Take Now To Prevent Employee Snooping In Healthcare And Prevent Privacy Breach Pain

Snooping Conviction Earns 3 Years' Probation

Keeping Privacy Active in the Minds of Clinic Staff

3 Parts To Every Privacy Awareness Training Plan

What Healthcare Providers Need to Know About Computer Security and Standards

Health Information Act, medical clinic, OIPC, privacy and security, privacy breach

New Health Information Policy and Procedure Manuals!

Posted on November 23, 2020 by Meghan in Blog

Written Health Information Policies and Procedures

Most healthcare practices have good systems in place to properly collect, use, and disclose health information – but most practices don’t have these in writing!

Patients have the right to access their personal health information but yet frequently complain about long wait times and uncooperative front office staff when trying to request their personal information.

New staff members are hired and don’t receive clear written instructions on how to perform routine health information management tasks.

Why do these same problems repeatedly appear in practice audits and privacy complaints?

The most common reason that I see is incomplete, outdated or missing written policies and procedures! It doesn’t have to be this way.

I have seen how privacy compliance and patient satisfaction improves when practices have access to written templates. But templates and checklists alone are not enough!

You know your practice better than anyone else. When you customize standard policies and procedures to best reflect your practice, you develop strategies for your daily tasks.

And, when your team receives short on-demand video tutorials about the purpose of the policies and procedures and how it impacts patient care, the staff better understand and more consistently follow the policies and procedures.

That’s why I’ve developed the Health Information Privacy and Security Policies and Procedures Manual with templates and training to help you with your health information practice management and practice management. These policies and procedures have been implemented in hundreds of practices across Alberta and Canada.

I have consulted with medical, pharmacy, chiropractic, nursing, and nurse practitioners to create practical policies and procedures for them. Now, I’ve used these best practices as templates that you can use right away!

Now For Chiropractic and Nursing, Too!

Your healthcare practice needs a Health Information Policy and Procedure Manual. Written policies and procedures assist you to correctly, efficiently, and confidently collect, use, access, and disclose health information so that you can meet your accreditation, privacy impact assessment, and regulatory compliance requirements.

  • Starting with a template saves you time and money
  • Be privacy and security compliant
  • No special software to buy or learn
  • Use your existing MS Word and MS Excel office productivity software
  • One-time fee
  • On-line support
  • Available now!
Health Information Policy and Procedure Manual

Click the >> arrow to watch a short demo of the robust manual you can create quicker than you thought possible!

Different Policy and Procedure versions available for your specific type of healthcare practice

Medical Doctor

Medical Practice

Dental Practice

Dental Practice

Chiropractor

NEW!

Chiropractic Practice

Nurse Practitioner

NEW!

Nurse Practitioner Practice

Registered Nurse

NEW!

Registered Nurse Practice

Health Information Policy and Procedure Manuals ready for you now!

Step 1: Complete the questionnaire and download the templates

Step 2: Easily generate draft 24+ policies and 28+ procedures and forms using MS Word

Step 3: Edit the documents

Step 4: Video coaching and best practices for the policies and procedures and implementation tips

Step 5: Customize for your healthcare practice

Step 6: Video orientation for your employees

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them.

Show me the Policy and Procedure Templates!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies and Procedures Are? 

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

Do You Use Employee Privacy and Security Policy and Procedure Checklist Templates?

chiropractors, dentist, health information, Health Information Act, healthcare, medical clinic, Nurse Practitioners, Policies and procedures, policy, privacy and security, Privacy Impact Assessment, procedure, Registered Nurses, template

What’s On Your Privacy & Security List for 2014?

Posted on January 6, 2014 by Jean Eaton in Blog, Past Events

Time to update your Privacy Management Program plan for 2014!

Complimentary Bonus Webinar

Clinic Manager’s Privacy & Security Top 10 List

Includes: Email security, mobile devices, managing vendor agreements, privacy breaches, privacy officer role and responsibility training and more!

Ideal for clinic manager, practice manager, privacy officer in any healthcare setting – a check list of key tasks important to your Privacy Management Program. Resources and links for additional information.

Tuesday January 14th, 2014
12:00 pm—1:00 pm MST

Register Here

* indicates required



I would also like to be contacted about:

Webinar 2014 Jan 14 at 12 noon MST

Email Format


best practice, clinic manager, Health Information Act, healthcare, practice manager, privacy, privacy and security, privacy by design, privacy management program, training

What is the elephant in the room?

The Elephant in the Room Find out here...

 

Privacy Policy

 

Well it happened! We recently had a privacy breach. It was an ‘oops’ but never the less a privacy breach. I had started the 4 Step Response Plan - Prevent Privacy Breach Pain but thought I had time to go through it. Unfortunately not. Your course has been a godsend with all the information and forms that I need to work through this privacy breach and notifying process.

- Nancy D.

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2023 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}