Do You Need to Build A Privacy Awareness Training Plan for Your Healthcare Practice?

Posted on April 22, 2021 by Meghan in Blog

Do You Need to Build a Privacy Awareness Training Plan in your Healthcare Practice?

A practical privacy awareness training plan will save time for clinic managers, and it will manage risks with employee compliance and buy-in.

Build a privacy awareness training plan! Privacy awareness training is more than a checklist when new employees are hired.

As an employer and health care provider, you are responsible to provide training to all your employees about privacy awareness.

Your privacy officer should have direct involvement in the planning and monitoring of the privacy awareness training. The privacy officer may also:

Facilitate training opportunities
Develop / contribute to policies and procedures
Monitor for compliance
Provide instructions
Implement specific projects

If you don’t provide the training – and if your employees don’t understand the policies – and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

Protect your organization and your patients. Equip your staff with the information they need to confidently and correctly handle personal health information. Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Privacy Awareness Training Plan Workshop

Learn effective approaches to design and deliver an effective privacy awareness training plan for your healthcare practice.

Real-life scenarios and privacy breach offences demonstrate what can go wrong – and what you should do instead
How to manage employees who may not ‘get it'

In this 60-minute webinar, you will outline a privacy awareness plan for your practice.

Privacy Awareness Program Components
Supporting Privacy Awareness Training Policies and Procedures
Privacy Awareness Training Strategy
Privacy Awareness Training Models
How Do You Create Privacy Awareness Training Content?
Privacy Education Objectives
Audiences For Privacy Awareness Training Evaluation Methods
Monitoring / Compliance
Documentation

Join us on Thursday, May 6

12:00pm Noon Mountain

Build a Privacy Awareness Training Plan for Your Healthcare Practice

Register for Your FREE LIVE* Workshop

*Even if you can't attend live, register now to get access to the limited time replay and resources!

Yes! I want to attend the workshop

This Workshop Includes:

Live on-line training
Q&A with Jean Eaton, Your Practical Privacy Coach when you join the webinar live
Access to the replay for a limited time
Learning Resources Guide

Yes! I want to attend the workshop

Did you enjoy reading this article? You may also be interested in:

Do You Want To Be A Confident Healthcare Privacy Officer?

Keeping Privacy Active in the Minds of Clinic Staff

5 Low Cost Steps You Can Take to Prevent Employee Snooping

3 Parts to Every Privacy Awareness Training Plan

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

healthcare, privacy awareness, privacy awareness training, privacy awareness training plan, privacy officer, privacy training

Keeping Privacy Active in the Minds of Clinic Staff

Posted on August 10, 2020 by Meghan in Blog

As an employer and health care provider, you are responsible to provide training to all of your employees about privacy awareness. If you don’t provide the training, if the employees don’t understand the policies and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

How do you keep privacy active in the minds of your clinic staff?

Below are a number of simple, low-cost tips that you can use right away to build privacy awareness training in your practice.

Start a privacy awareness training program

The super-easy way to start a simple privacy awareness training program in your organization is to start with your Health Information Privacy and Security Policies and Procedures Manual. Take one policy or procedure a week or month, circulate it for review, and then circulate a short follow-up quiz specific to your organization.

If you circulate the quiz by email, depending on which email service you use, you may be able to use the built-in poll feature. You send out the question and in the poll, your team replies with the best answer. That way, you also build in a way to document that people received and responded to your quiz.

Listen to podcasts or watch YouTube videos on privacy awareness during a team meeting

Practice Management Nuggets For Your Healthcare Practice is a regular interview series with practice managers, healthcare providers, or trusted vendors who support healthcare practices. Topics include things you need to know to help you start, grow, fix, or maintain your healthcare practice. The events will be short – about 30 minutes – with nuggets of information that you can use right away. You can listen to these interviews as a podcast or watch them on YouTube.

Recent training topics have included:

Take a Privacy Awareness Training course as a team

Regular privacy awareness training protects patients, employees, and your business.

Privacy Awareness in Healthcare Online Training and Privacy Awareness in Health Care Training – Dental Practices are online courses offered by Corridor Interactive.

In the course best fit for your practice, you and your staff will learn:

Understand patient and client privacy rights.
Respect personal health information and your obligations.
Confidently and correctly handle personal health information.
Use reasonable safeguards to protect personal health information (PHI).
Recognize and respond to a privacy breach
Support key policies, procedures and risk management programs in your healthcare practice.

Become a Practice Management Success member

Practice Management Success is an online community with tips, tools, and templates you can use right away to start, grow, fix, or maintain your healthcare practice. Membership is open to all healthcare practices of any size. Members have access to online resources and networking and support from other clinic managers, practice managers, and healthcare providers in independent community practices!

When you are a member of Practice Management Success, you also have access to the Q&A With Jean training library.Use these privacy awareness training videos where you can select the topics that are of interest to your practice. Each Q&A recording includes training (usually 10-30 minutes), and most have training notes or resources that you can download and use right away.

Members also have access to Policy and Procedure Orientation For Your Employees training videos.

Subscribe to Privacy Nuggets Newsletter

Privacy Nuggets are posted on the Information Managers blog and also sent to you by email when you subscribe to the Privacy Nuggets newsletter. These articles explore recent privacy breaches and provide a training tip on how to prevent a similar breach from happening in your practice and tips on how to respond to a similar privacy breach incident. You are welcome to share the articles and emails with your team and use this as a training tool, too!

CyberSecurity Awareness Month

The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.

The overarching theme for Cybersecurity Awareness Month 2020 is “Do Your Part. #BeCyberSmart.” The theme empowers individuals and organizations to own their role in protecting their part of cyberspace, with a particular emphasis on the key message for 2020: “If you connect it, protect it.” If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone.

Information Managers Ltd has been a Cyber Security Champion for many years – and now you can, too!

Cyber Security Awareness Month was launched by the National Cyber Security Alliance (NCSA) & the U.S. Department of Homeland Security in October 2004. This US organization sponsors a multi-media resource campaign each October.

Become a Champion

You can become a Champion, too – and get direct access to all the resources.

Demonstrate to team the importance of cyber security at work.
Share with your patients – by posters in your practice, blog posts, or your email newsletters – and demonstrate that your practice is cyber aware and you want to share tips with them.
If you have team members who work remotely, work from home, use their own mobile devices, or use the internet to connect with apps and resources – give them additional skills to do their work as safely as possible.
Help your team members better manage their own personal information in their personal lives – good habits that will help them at work, too!

Becoming a Champion is easy and does not require any financial support. Become a Champion here https://staysafeonline.org/ncsam/champions/.

Throughout October, NCSA will focus on the following areas in our promotions and outreach. Partners are welcome to follow along with NCSA but also encouraged to create their own areas of focus relevant to their organization:

There is a #BeCyberSmart theme for each week in October.

October 1 and 2: Official kick-off for the month

Week of October 5 (Week 1): If You Connect It, Protect It

Week of October 12 (Week 2): Securing Devices at Home and Work

Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare

Week of October 26 (Week 4): The Future of Connected Devices

Watch for resources from Information Managers during Cyber Security Month.

When we know better, we can do better…

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

#BeCyberSmart, cyber security, healthcare, privacy, privacy awareness in healthcare, privacy awareness training

3 Parts to Every Privacy Awareness Training Plan

Posted on June 15, 2020 by Jean Eaton in Blog, Clinic Manager / Privacy Officer, Employee, Established Practice, New Practice, Services

Reasonable Safeguards – the Myth

You may have heard the myth that the Health Information Act (HIA) is a big scary thing that will interrupt your routine, rob you of countless billable hours, impact all of your staff, turn your office inside out, and change the way that you run your entire business!

Myth Buster

The HIA provides structure and framework for reasonable safeguards that apply to any healthcare business.

One of the requirements of reasonable safeguards includes having a privacy awareness training plan.

Click the >> arrow to play the video

Privacy Awareness Training

Your Privacy Awareness Training Plan should include learning objectives throughout the year, including

Orientation – Standardized training curriculum provided to everyone in you healthcare practice at the time of employment. This is often included during a new employee’s orientation period.
Specific – Privacy training that is more detailed and specific to the roles and responsibilities of that individual’s job in your healthcare practice. There may also be specific training when new software, technology, or procedures are introduced anytime throughout the employment.
Reward – Keep privacy awareness top of mind all year long. Recognize and reward when individuals follow privacy principles that also add value to your client satisfaction or business efficiency.

It is reasonable to expect regular privacy awareness training, especially at orientation, and a formal review annually.

What a Privacy Awareness Training Plan Can Do For You

When you implement regular privacy awareness training, you will see:

Privacy and security expectations clearly communicated among your team.
Team members demonstrate their commitment to privacy, confidentiality, security of personal health information.
Efficient practices that protect the privacy and save you time and money
Team members confidently and correctly handle personal health information using reasonable safeguards

Are You a Myth-Buster?

You can be a myth-buster, too, and implement privacy awareness training in your healthcare practice.

You can easily implement reasonable safeguards and meet HIA requirements to ensure privacy, confidentiality, and security of health information that saves you time, frustration and money.

If you need a little help, I have written a practical privacy awareness training course designed for the community health care practice. This is ideal for orientation of new employees and a refresher for the rest of us.

Privacy Awareness in Healthcare: Essentials

Understand basic health care privacy principles and how to handle personal information, use safeguards, and recognize and report a privacy breach.

Ideal for community-based health care professionals and staff, direct care providers, or anyone working with a health care, dental, or social services organization.

An effective privacy compliance program promotes organizational adherence to the Health Information Act (HIA), Personal Information Protection Act (PIPA) Alberta, Personal Health Information Protection Act (PHIPA) Ontario and the Personal Information Protection of Electronic Documents Act (PIPEDA) requirements. A compliance program is your first line of defense to promote the prevention of criminal conduct, and enforce government rules and regulations, while providing quality care to patients. All three training products help protect practices against privacy and security breaches, improper payments, fraud and abuse, and other potential liability areas through education.

Canadian Health Care Privacy Training Solutions

Corridor’s online training makes it easy for health care organizations to comply with provincial and federal legislation that mandates regular privacy training for all health care providers, staff, and vendors.

Select the training that best fits your needs:

NEW! Privacy Awareness in Healthcare Training: Dental Practices – Alberta

Dentists and dental practices in Alberta are required to have an ongoing privacy program to ensure the protection of private records and patient information. The appropriate collection, use, and disclosure of personal information is critical to maintaining privacy for patients that choose to trust in your practice. Accomplishing this important goal demands an up-to-date training strategy.

Privacy Awareness in Health Care Training – Canada

Includes detailed resources for each province and territory with key terminology and links to applicable privacy legislation. Resources are provided for our ten provinces: Alberta, British Columbia, Manitoba, New Brunswick, Newfoundland & Labrador, Nova Scotia, Ontario, Prince Edward Island, Quebec, Saskatchewan, and three territories: Northwest Territories, Nunavut and Yukon. This new product is ideal for both organizations and vendors who provide health care services or have health care clients in more than one province.

Privacy Awareness in Health Care Training – Alberta

Includes the mandatory privacy breach notification amendments to the Health Information Act (HIA).

Privacy Awareness in Health Care Training – Ontario

Specifically covers all legislation and rules specific to the province of Ontario including the Personal Health Information Protection Act (PHIPA).

Refresher: Privacy Awareness in Health Care – Alberta

A quiz-based review of Corridor’s full Privacy Awareness course. The Refresher starts with an initial quiz to assess knowledge on the topics and information covered in the full course. Based on the quiz results, one or more of eight Refresher topic quizzes must be completed, each focusing on a specific subject area. The Refresher also includes access to the original course content.

Privacy Awareness in Healthcare: Essentials

Grab your on-line course from Information Managers and Corridor Interactive

for just $30 per individual 3 month subscription now!

Click Here to Grab Your On-Line Privacy Awareness Course Now!

Alberta, Canada, Corridor Interactive, dental, Health Information Act, Ontario, Personal Health Information Protection Act (PHIPA), PHIPA, PIPEDA, privacy awareness training, reasonable safeguards

Privacy Principles Applies After Death

Posted on August 5, 2019 by Jean Eaton in Blog

Are your staff looking at medical records when they shouldn’t be?

Many people have the mistaken impression they can look at a patient's medical records as long as they don’t tell anyone else.

You can’t.

We see over and over again in ‘snooping’ cases where seasoned and new healthcare providers and support team members don’t realize that looking at patient’s health information without a need to know that information to provide a health service right away is wrong.

Kate Dewhirst summarized this as

Privacy = don’t look
Confidentiality = don’t tell

We still need privacy awareness training – even those experienced healthcare providers who push back and say that they have been in the business for years still often have more to learn.

Yes, we still need privacy awareness training Click to Tweet

In this post I am sharing an example of the Ontario’s Information Privacy Commissioner (IPC) complaint investigation from the family of a deceased individual. Whether you have a new practice, or an existing practice, we have a number of services and resources designed to help you manage your practice in a way that not only meets legal requirements, but is streamlined and efficient, and keep your information secure.

What Happened

In 2014, a physician acting in his role as a coroner, accessed the deceased’s health record. Shortly thereafter, the family alleged that the physician, who was also a family member of the deceased, continued to access the deceased’s personal health information (PHI) contrary to Ontario’s Personal Health Information Protection Act (PHIPA).

The family submitted a complaint to the hospital. Initially, the hospital's response did not satisfy the family. The family filed a complaint to the Information and Privacy Commissioner (IPC) of Ontario.

The IPC started a complaint investigation.

Privacy Breach Investigation

Privacy Complaint Investigation

Under PHIPA, the hospital is a health information custodian and the physician is an agent of the hospital.

During the IPC investigation, the physician confirmed he “accessed the health information in response to his concern about the individual’s well-being.”

“I know now that proceeding in this way was misguided and wrong.” He would never disclose the information to anyone; that would be a violation of patient privacy and a breach of doctor – patient confidentiality.

The physician acknowledged he did not fully appreciate the related but distinct concepts of patient privacy, the circle of care, and the ‘need to know’ principle.

Confidentiality rights arise out the special relationship between the client and the health professional or provider.

In contrast, privacy rights are the general rights of all persons to limit the access to their PHI. Individuals have the right to privacy, even after death.

Individuals have the right to #privacy, even after death. Click to Tweet

4 Step Response Plan

The hospital received a complaint from the family, which triggers the first step to spot and stop the breach.

Secondly, the hospital did an initial investigation to evaluate the risks of the incident. Later, after the IPC initiated their complaint investigation, the hospital re-visited the internal investigation and completed a comprehensive review and used audit log reporting tools to assist them.

Eventually, the hospital took the third step and notified the individuals’ family of the privacy breach. However, the notification was not timely. A more comprehensive response to the families’ complaint, followed by a notice to the family may have provided a better response.

Preventing a similar breach is the fourth step.

Since this incident, the hospital has:

installed a new auditing program that considerably enhances its ability to detect unauthorized access.
updated its Privacy and Confidentiality Policy, which applies to all agents of the hospital.
developed a yearly electronic privacy training program for all staff, volunteers and learners and will require all credentialed physicians to complete this training as part of the annual reappointment process.
strengthened the privacy warning on its electronic system, which warns users that unauthorized use of personal health information may result in disciplinary action.

Privacy Breach Physician Sanctions

The hospital’s Medical Advisory Committee recommended to the Board of Directors that the physician’s privileges be suspended for three months, that the hospital conduct enhanced monitoring of the physician’s access to the electronic medical record for three years, and that, on his return to practice, the physician be required to present at Grand Rounds on the topic of privacy.

The IPC concluded that the disciplinary consequences for the physician were sufficient in the circumstances.

Privacy Breach Nuggets You Need to Know

Privacy breaches are in the news every day. The more you know how breaches can affect you allows you to be more proactive to prevent privacy breach pain.

Privacy awareness education is more than just having policies and procedures. Demonstrating good practices, regular discussion about examples, and even gamification helps to ensure that all members of your healthcare team understand their roles and responsibilities.

If you need to start or update your privacy awareness training program, check out the on-line education Privacy Awareness in Healthcare: Essentials.

If you need to start or update your privacy breach management program, check out the 4 Step Response Plan; Prevent Privacy Breach Plan.

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

Click Here To Register for the FREE Training Video "Can You Spot the Privacy Breach?"

References and Resources

Dewhirst, Kate. After Death: Who Can Access The Records Of A Patient After Death? May 7, 2019. https://katedewhirst.com/blog/2019/05/07/after-death-who-can-access-the-records-of-a-patient-after-death/

Ontario Information and Privacy Commissioner IPC Investigation Report PHIPA DECISION 74 HC15-4 Sault Area Hospital August 10, 2018.

#PrivacyBreachNugget, 4 Step Response Plan, clinic, complaint investigation, death, deceased, healthcare, IPC, medical, Ontario, PHIPA, privacy, privacy after death, privacy awareness training, privacy breach, privacy breach nugget, privacy principles

Why You Need Privacy Awareness Training

Posted on May 15, 2017 by Jean Eaton in Blog

There are many examples of privacy breaches internal to healthcare organizations–Snooping. Hacking. Unsecure emails with patient information. Faxes sent to the wrong person. Patient records found in garbage cans. Ransomware. Mobile devices without encryption being lost or stolen.

Privacy legislation, professional standards and best practices require healthcare professionals and their employees and business associates to protect against reasonably anticipated threats to the security and confidentiality of health information.

Privacy in healthcare is important.

A Privacy Breach Affects the Individual, the Business, and the Healthcare Industry

After a privacy breach, the individual may now be at a real risk of significant harm (ROSH) from identity theft, stalking, loss of employment, and financial loss if the information is used for fraud.

The individual affected by the privacy breach may be embarrassed, inconvenienced, or angry.

Of importance in healthcare is the risk of medical identity theft where the breached information is used to fraudulently access healthcare services. Because of this, inaccurate information added to the owner’s healthcare records which can cause errors or delays in receiving necessary care and treatment.

Without privacy awareness training

Privacy breaches are expensive –bad publicity, loss of business, loss of goodwill, fines, penalties, and sanctions. Ontario PHIPA legislation, for example, has recently doubled its fines. Personal Health Information Protection Act (PHIPA) including Bill 119, the Health Information Protection Act (HIPA) – Amendments to the Personal Health Information Protection Act (PHIPA) which was proclaimed in 2016. With the introduction of Bill 119, the fines for offences have doubled from $50,000 to $100,000 for individuals and $250,000 to $500,000 for organizations.

Privacy breaches affect all healthcare businesses. The healthcare system is a highly integrated information sharing system designed to provide timely and accurate care and treatment to patients, and to receive financial compensation for those services. A weakness or problem at one business may have down-stream implications to other businesses. When one business has a privacy or security breach, there is a risk that the public (including patients and clients) may think that all healthcare businesses have the same problems.

Privacy Awareness Week #PAW2017

Privacy Awareness Week (May 15-21) is a global effort coordinated by members of the Asia Pacific Privacy Authorities (APPA) to promote awareness of privacy issues and the importance of the protection of personal information. Each year various members of APPA and other supporters across the world develop resources and communications materials to support their activities during Privacy Awareness Week.

Pause for Privacy #PAW2017

Why Invest in Training?

New technology, regulatory and legislative changes, and new office procedures are common triggers to provide training in any business. Your employees need to learn these skills so that they can be efficient at their jobs. When you provide training, you give employees the tools that they need to succeed and contribute to an efficient practice.

As an employer and healthcare provider, you are responsible to provide training to all your employees about privacy awareness.

There are many examples of privacy breaches that dispel the myth that someone who has worked in healthcare for a long time, or has had advanced university training and professional ethics automatically understand how to properly manage personal health information. We know that errors in judgment and malicious intent can occur at every level of a healthcare organization. A common, comprehensive privacy awareness training provides a foundation for everyone in the organization to confidently and properly handle personal health information. A documented program will help to mitigate the risks to an organization when an individual jeopardizes personal health information even after receiving privacy awareness training.

[clickToTweet tweet=”Myth: Experienced healthcare workers automatically understand how to properly manage personal health information #PHI” quote=”Myth: Experienced healthcare workers automatically understand how to properly manage personal health information.”]

What is the Best Way to Provide Training?

The best privacy awareness training program includes a mix of formal, planned training programs and episodic, just in time, targeted education opportunities. Consider a privacy awareness training program strategy that includes:

Privacy awareness foundation – in-person or on-line for everyone in your practice including new employees, healthcare professionals, support team, vendors and business associates.
Specific training – when there is new or changes in software, equipment, procedures or practices, employee promotion or change in roles.
General reminders throughout the year in fun and multi-media formats; quizzes, posters, articles, training tips at staff meetings, frequently asked questions (FAQ), etc.
Demonstrate good privacy and security practices and behaviours throughout the year.
Recognize when individuals demonstrate following privacy principles that also add value to your patient satisfaction or business efficiency.

Benefits of Privacy Awareness Training

Privacy awareness training is needed in your healthcare practice to

Understand patient and client privacy rights.
Respect personal health information and your obligations.
Confidently and correctly handle personal health information.
Use reasonable safeguards to protect personal health information (PHI).
Recognize and respond to a privacy breach
Support key policies, procedures and risk management programs in your healthcare practice.

Benefits of Privacy Awareness Training

Regular privacy awareness training is considered a common reasonable safeguard to protect patient information and the reputation of the healthcare providers.

Many privacy breaches are avoidable. Privacy awareness training can help prevent privacy breaches or help employees to spot and stop the breach quickly.

Initiatives like Privacy Awareness Week also provide additional tips, templates, tools, and training from supporters of this event. You can follow Privacy Awareness Week on Twitter using the hashtag #PAW2017 and #PrivacyAware.

In conjunction with Privacy Awareness Week, Information Managers www.InformationManagers.ca and Corridor Interactive www.CorridorInteractive.com have announced the release of the newest addition of the “Privacy Awareness in Healthcare: Essentials” series with a focus on Ontario’s Personal Health Information Protection Act (PHIPA) legislation. The first on-line privacy awareness training in this series released in 2016 focused on Alberta’s Health Information Act. Many other provinces have health information legislation as well, and while some of the key terms differ from province to province, this privacy awareness training is applicable to any organization that collects, uses, and discloses personally identifying information.

More information can be found here https://InformationManagers.ca/Privacy-Awareness-Corridor/.

#PAW2017, #PrivacyAware, Corridor Interactive, Health Information Act, healthcare, medical, Personal Health Information Protection Act (PHIPA), Privacy Awareness in Healthcare: Essentials, privacy awareness training, privacy awareness training in healthcare, Privacy Awareness Week

Say ‘No’ to Snooping!

Posted on May 7, 2016 by Jean Eaton in Archive

We don't need more cases of people snooping into patient health records.

We do need employers to implement clear privacy policies, privacy awareness training program, implement monitoring and sanctions when employees or contractors break policies and laws.

Employers who don't do this are breaking the law, violating their professional regulations standards, and opening up the doors for the employers to be fined and even jail time.

What are you doing to improve your policies and training?

If you need help, contact me. I will help you to sort out all the good things in your practice, point out where you can improve, and might be able to help you with the heavy lifting to get there. I'll help you to look after the elephant in the room.

Take steps today to make sure your healthcare practice isn't a victim of snooping.

health care, healthcare, privacy, privacy awareness training, privacy breach, privacy laws, snooping

Can You be Charged Under the Health Information Act ?

Posted on December 2, 2015 by Jean Eaton in Blog

If you access personal health information without authorization, this is a privacy breach.

You can be charged with a fine under the HIA and can face penalties, fines, and sanctions from your professional association.

How frequently are people being charged under the Health Information Act in Alberta for improper access to health information?

“This year alone, there has been one conviction and two charges for improper access of health information. The office is also investigating more than a dozen cases, and they all have the potential to become offence investigations.” Medical record privacy breaches an ‘epidemic' in Alberta,' says commissioner CBC News Posted Oct 15, 2015.

An investigation by the Alberta Office of the Information and Privacy Commissioner (OIPC) has resulted in 26 charges being laid against an individual under the Health Information Act (HIA) as reported in a OIPC News Release December 1, 2015. An incident at the Alberta Children’s Hospital in Calgary was reported by Alberta Health Services to the OIPC. The OIPC conducted an investigation and upon completion of the investigation charges were laid against the individual who allegedly gained access to health information in contravention of HIA.

This is the sixth time charges have been laid under provisions of HIA. The maximum penalty for each offence is $50,000.

Who is a custodian?

The custodian (as defined by HIA a ‘custodian' includes physicians, pharmacists, dentists, chiropractors, optometrists, Alberta Health Services, Minister of Alberta Health and more). The custodian is responsible to take reasonable steps prevent privacy and security breaches including providing privacy awareness training.

Do you have a privacy awareness program?

Do you have a privacy awareness program in your practice that everyone must attend? This includes healthcare providers, students, residents, office staff and, yes, even the non-patient care employees like cooks, cleaners, and maintenance staff.

Have you seen this?

Do You Need Privacy Awareness Training for Your Healthcare Practice?

fines, Health Information Act, HIA, privacy awareness training, privacy breach

Do You Need Privacy Awareness Training for Your Healthcare Practice?

Posted on October 29, 2015 by Jean Eaton in PMN Replay, PMN Stitcher, Practice Management Nugget Interview

Join us for the free webinar,

Privacy Awareness in Healthcare: Essentials

Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Give your staff the knowledge and tools they need to apply policy in their day-to-day work AND prevent a privacy breach with privacy awareness training.

Privacy awareness training is easy with interactive online learning experiences that are more effective than conventional training.

Make online training available to all your new and current employees quickly and efficiently.

Heather Mooney will demonstrate the online training platform.

In this FREE 30-minute Practice Management Nugget Webinar Heather and Jean will answer your questions about online privacy awareness training program so that you can decide if this is the right choice for your healthcare practice.

Heather Mooney, VP Business Development, Corridor Interactive

Heather is the sales and marketing strategist with experience in channel and account management; responsible for driving the sales and marketing program.

Privacy Awareness in Healthcare: Essentials Individual and group training licenses with Corridor Interactive available here.

Try out a Trial Membership to Information Managers Network to access more great interviews webinar replays and resources.

Trial Membership Information Managers Network

Information Managers Network Login

Subscribe to our YouTube Channel
Practice Management Nuggets are now also available as podcasts! Find us on Stitcher Radio and iTunes!

Practice Management Nugget Webinar

Privacy Awareness in Healthcare: Essentials

hosted by Jean Eaton of Information Managers Ltd.

Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Corridor Interactive, health care, healthcare, Heather Mooney, Practical Privacy Coach, Practice Management Mentor, privacy awareness training

Privacy Challenge #11 Privacy Awareness Training

Posted on October 25, 2015 by Jean Eaton in Archive

Privacy Awareness Training

80% of all privacy breaches are internal to the organization. It is the healthcare provider and employer’s responsibility to ensure that everyone in the organization knows the best practices to handle personal information. Healthcare providers must provide privacy and security awareness training to each employee and contracted vendors in a healthcare practice. This includes healthcare providers and professional staff as well as volunteers.

Employers and healthcare providers must be able to document that training is provided to the employee and that the employee understood the key concepts of the content provided in the training.

A formal employee orientation process will help a new employee to succeed by:

Reducing the anxiety of the new recruit
Introducing the organization's mission and work
Explaining the organization's culture, including the values, behaviours, formal and informal practices, etc. including expectations of privacy and security of personal information. Set clear expectations of employee’s job performance and day-to-day activities.
Introduce new employee to colleagues, including managers or supervisors
Creating mentors and job ‘buddies' to help ease the new employee into the organization's culture

Privacy awareness training is an essential part of your employee orientation program.

Training alone won’t guarantee that mistakes or errors in judgement won’t happen, but the healthcare provider and employer are legally responsible to take reasonable steps prevent privacy and security breaches.

Privacy awareness training happens throughout the year. Informal training that is timely – say, the news item of the latest privacy breach – are great opportunities to reinforce key messages. Use ‘what if that happened to us, what would we do?’ to discuss lessons learned and improve your current practices, if necessary. Review near-miss privacy and security incidents in your practice. These are great opportunities to discuss and fix potential problems before they become breaches.

The Privacy Officer may create and deliver the training and will monitor, supervise, and support the training.

Use a variety of written and multi-media content like posters, newsletters, videos, infographics, and lunch ‘n learn discussions to reinforce key messages. People love games, challenges, and cyber competitions, too, as a way to create variety and interest in privacy and security.

Resources:

I am delighted to share with you a new course, Privacy Awareness in Healthcare: Essentials, training provided by Corridor Interactive. I have the great pleasure to work with Corridor Interactive to develop the course content. Privacy Awareness in Healthcare: Essentials provides a privacy awareness training program available on demand. Individuals can register for the course and have access to a 3-month subscription. Employers can also purchase training for groups of employees; employees can access the internet based training at a time and location convenient to them. Employers can monitor the employee’s training progress and receive a report of employee’s satisfactory completion of on-line quizzes.

The Health Information Act Guidelines and Practices Manual from AHW provides an administrative checklist of custodian's responsibilities, including training requirements. This is a good outline for your privacy management program and employee orientation even if you don't need to follow the HIA. See Appendix 3 & 4.

Also see the Employee Orientation Checklist from the HRC Council: Getting the Right People.

Make use of networking within your organization and with associations, or organizations of similar or complementary services. Some vendors facilitate user groups. The Alberta Association of Clinic Managers and the Medical Group Management Association of Canada offer networking for Clinic Managers. Privacy Officers can find resources and networking at Privacy and Access Council of Canada.