Privacy Principles Applies After Death

Posted on August 5, 2019 by Jean Eaton in Blog

Are your staff looking at medical records when they shouldn’t be?

Many people have the mistaken impression they can look at a patient's medical records as long as they don’t tell anyone else.

You can’t.

We see over and over again in ‘snooping’ cases where seasoned and new healthcare providers and support team members don’t realize that looking at patient’s health information without a need to know that information to provide a health service right away is wrong.

Kate Dewhirst summarized this as

Privacy = don’t look
Confidentiality = don’t tell

We still need privacy awareness training – even those experienced healthcare providers who push back and say that they have been in the business for years still often have more to learn.

Yes, we still need privacy awareness trainingClick to Tweet

In this post I am sharing an example of the Ontario’s Information Privacy Commissioner (IPC) complaint investigation from the family of a deceased individual. Whether you have a new practice, or an existing practice, we have a number of services and resources designed to help you manage your practice in a way that not only meets legal requirements, but is streamlined and efficient, and keep your information secure.

What Happened

In 2014, a physician acting in his role as a coroner, accessed the deceased’s health record. Shortly thereafter, the family alleged that the physician, who was also a family member of the deceased, continued to access the deceased’s personal health information (PHI) contrary to Ontario’s Personal Health Information Protection Act (PHIPA).

The family submitted a complaint to the hospital. Initially, the hospital's response did not satisfy the family. The family filed a complaint to the Information and Privacy Commissioner (IPC) of Ontario.

The IPC started a complaint investigation.

Privacy Breach Investigation

Privacy Complaint Investigation

Under PHIPA, the hospital is a health information custodian and the physician is an agent of the hospital.

During the IPC investigation, the physician confirmed he “accessed the health information in response to his concern about the individual’s well-being.”

“I know now that proceeding in this way was misguided and wrong.” He would never disclose the information to anyone; that would be a violation of patient privacy and a breach of doctor – patient confidentiality.

The physician acknowledged he did not fully appreciate the related but distinct concepts of patient privacy, the circle of care, and the ‘need to know’ principle.

Confidentiality rights arise out the special relationship between the client and the health professional or provider.

In contrast, privacy rights are the general rights of all persons to limit the access to their PHI. Individuals have the right to privacy, even after death.

Individuals have the right to #privacy, even after death. Click to Tweet

4 Step Response Plan

The hospital received a complaint from the family, which triggers the first step to spot and stop the breach.

Secondly, the hospital did an initial investigation to evaluate the risks of the incident. Later, after the IPC initiated their complaint investigation, the hospital re-visited the internal investigation and completed a comprehensive review and used audit log reporting tools to assist them.

Eventually, the hospital took the third step and notified the individuals’ family of the privacy breach. However, the notification was not timely. A more comprehensive response to the families’ complaint, followed by a notice to the family may have provided a better response.

Preventing a similar breach is the fourth step.

Since this incident, the hospital has:

installed a new auditing program that considerably enhances its ability to detect unauthorized access.
updated its Privacy and Confidentiality Policy, which applies to all agents of the hospital.
developed a yearly electronic privacy training program for all staff, volunteers and learners and will require all credentialed physicians to complete this training as part of the annual reappointment process.
strengthened the privacy warning on its electronic system, which warns users that unauthorized use of personal health information may result in disciplinary action.

Privacy Breach Physician Sanctions

The hospital’s Medical Advisory Committee recommended to the Board of Directors that the physician’s privileges be suspended for three months, that the hospital conduct enhanced monitoring of the physician’s access to the electronic medical record for three years, and that, on his return to practice, the physician be required to present at Grand Rounds on the topic of privacy.

The IPC concluded that the disciplinary consequences for the physician were sufficient in the circumstances.

Privacy Breach Nuggets You Need to Know

Privacy breaches are in the news every day. The more you know how breaches can affect you allows you to be more proactive to prevent privacy breach pain.

Privacy awareness education is more than just having policies and procedures. Demonstrating good practices, regular discussion about examples, and even gamification helps to ensure that all members of your healthcare team understand their roles and responsibilities.

If you need to start or update your privacy awareness training program, check out the on-line education Privacy Awareness in Healthcare: Essentials.

If you need to start or update your privacy breach management program, check out the 4 Step Response Plan; Prevent Privacy Breach Plan.

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

Click Here To Register for the FREE Training Video "Can You Spot the Privacy Breach?"

References and Resources

Dewhirst, Kate. After Death: Who Can Access The Records Of A Patient After Death? May 7, 2019. https://katedewhirst.com/blog/2019/05/07/after-death-who-can-access-the-records-of-a-patient-after-death/

Ontario Information and Privacy Commissioner IPC Investigation Report PHIPA DECISION 74 HC15-4 Sault Area Hospital August 10, 2018.

#PrivacyBreachNugget, 4 Step Response Plan, clinic, complaint investigation, death, deceased, healthcare, IPC, medical, Ontario, PHIPA, privacy, privacy after death, privacy awareness training, privacy breach, privacy breach nugget, privacy principles

3 Parts to Every Privacy Awareness Training Plan

Posted on March 20, 2018 by Jean Eaton in Blog

Reasonable Safeguards – the Myth

You may have heard the myth that the Health Information Act (HIA) is a big scary thing that will interrupt your routine, rob you of countless billable hours, impact all of your staff, turn your office inside out, and change the way that you run your entire business!

Myth Buster

The HIA provides structure and framework for reasonable safeguards that apply to any healthcare business.

One of the requirements of reasonable safeguards includes having a privacy awareness training plan.

Privacy Awareness Training

Your Privacy Awareness Training Plan should include learning objectives throughout the year, including

Orientation – Standardized training curriculum provided to everyone in you healthcare practice at the time of employment. This is often included during a new employee’s orientation period.
Specific – Privacy training that is more detailed and specific to the roles and responsibilities of that individual’s job in your healthcare practice. There may also be specific training when new software, technology, or procedures are introduced anytime throughout the employment.
Reward – Keep privacy awareness top of mind all year long. Recognize and reward when individuals follow privacy principles that also add value to your client satisfaction or business efficiency.

It is reasonable to expect regular privacy awareness training, especially at orientation, and a formal review annually.

What a Privacy Awareness Training Plan Can Do For You

When you implement regular privacy awareness training, you will see:

Privacy and security expectations clearly communicated among your team.
Team members demonstrate their commitment to privacy, confidentiality, security of personal health information.
Efficient practices that protect the privacy and save you time and money
Team members confidently and correctly handle personal health information using reasonable safeguards

Are You a Myth-Buster?

You can be a myth-buster, too, and implement privacy awareness training in your healthcare practice.

You can easily implement reasonable safeguards and meet HIA requirements to ensure privacy, confidentiality, and security of health information that saves you time, frustration and money.

If you need a little help, I have written a practical privacy awareness training course designed for the community health care practice. This is ideal for orientation of new employees and a refresher for the rest of us.

Privacy Awareness in Healthcare: Essentials

Understand basic health care privacy principles and how to handle personal information, use safeguards, and recognize and report a privacy breach. Ideal for Alberta- and Ontario-based health care professionals and staff, direct care providers, or anyone working with a health care or social services organization.

Privacy Awareness in Healthcare: Essentials

Grab your on-line course from Information Managers and Corridor Interactive for just $25 per person now!

Click Here to Grab Your On-Line Privacy Awareness Course Now!

Alberta, Health Information Act, Ontario, privacy awareness training, reasonable safeguards

Why You Need Privacy Awareness Training

Posted on May 15, 2017 by Jean Eaton in Blog

There are many examples of privacy breaches internal to healthcare organizations–Snooping. Hacking. Unsecure emails with patient information. Faxes sent to the wrong person. Patient records found in garbage cans. Ransomware. Mobile devices without encryption being lost or stolen.

Privacy legislation, professional standards and best practices require healthcare professionals and their employees and business associates to protect against reasonably anticipated threats to the security and confidentiality of health information.

Privacy in healthcare is important.

A Privacy Breach Affects the Individual, the Business, and the Healthcare Industry

After a privacy breach, the individual may now be at a real risk of significant harm (ROSH) from identity theft, stalking, loss of employment, and financial loss if the information is used for fraud.

The individual affected by the privacy breach may be embarrassed, inconvenienced, or angry.

Of importance in healthcare is the risk of medical identity theft where the breached information is used to fraudulently access healthcare services. Because of this, inaccurate information added to the owner’s healthcare records which can cause errors or delays in receiving necessary care and treatment.

Without privacy awareness training

Privacy breaches are expensive –bad publicity, loss of business, loss of goodwill, fines, penalties, and sanctions. Ontario PHIPA legislation, for example, has recently doubled its fines. Personal Health Information Protection Act (PHIPA) including Bill 119, the Health Information Protection Act (HIPA) – Amendments to the Personal Health Information Protection Act (PHIPA) which was proclaimed in 2016. With the introduction of Bill 119, the fines for offences have doubled from $50,000 to $100,000 for individuals and $250,000 to $500,000 for organizations.

Privacy breaches affect all healthcare businesses. The healthcare system is a highly integrated information sharing system designed to provide timely and accurate care and treatment to patients, and to receive financial compensation for those services. A weakness or problem at one business may have down-stream implications to other businesses. When one business has a privacy or security breach, there is a risk that the public (including patients and clients) may think that all healthcare businesses have the same problems.

Privacy Awareness Week #PAW2017

Privacy Awareness Week (May 15-21) is a global effort coordinated by members of the Asia Pacific Privacy Authorities (APPA) to promote awareness of privacy issues and the importance of the protection of personal information. Each year various members of APPA and other supporters across the world develop resources and communications materials to support their activities during Privacy Awareness Week.

Pause for Privacy #PAW2017

Why Invest in Training?

New technology, regulatory and legislative changes, and new office procedures are common triggers to provide training in any business. Your employees need to learn these skills so that they can be efficient at their jobs. When you provide training, you give employees the tools that they need to succeed and contribute to an efficient practice.

As an employer and healthcare provider, you are responsible to provide training to all your employees about privacy awareness.

There are many examples of privacy breaches that dispel the myth that someone who has worked in healthcare for a long time, or has had advanced university training and professional ethics automatically understand how to properly manage personal health information. We know that errors in judgment and malicious intent can occur at every level of a healthcare organization. A common, comprehensive privacy awareness training provides a foundation for everyone in the organization to confidently and properly handle personal health information. A documented program will help to mitigate the risks to an organization when an individual jeopardizes personal health information even after receiving privacy awareness training.

[clickToTweet tweet=”Myth: Experienced healthcare workers automatically understand how to properly manage personal health information #PHI” quote=”Myth: Experienced healthcare workers automatically understand how to properly manage personal health information.”]

What is the Best Way to Provide Training?

The best privacy awareness training program includes a mix of formal, planned training programs and episodic, just in time, targeted education opportunities. Consider a privacy awareness training program strategy that includes:

Privacy awareness foundation – in-person or on-line for everyone in your practice including new employees, healthcare professionals, support team, vendors and business associates.
Specific training – when there is new or changes in software, equipment, procedures or practices, employee promotion or change in roles.
General reminders throughout the year in fun and multi-media formats; quizzes, posters, articles, training tips at staff meetings, frequently asked questions (FAQ), etc.
Demonstrate good privacy and security practices and behaviours throughout the year.
Recognize when individuals demonstrate following privacy principles that also add value to your patient satisfaction or business efficiency.

Benefits of Privacy Awareness Training

Privacy awareness training is needed in your healthcare practice to

Understand patient and client privacy rights.
Respect personal health information and your obligations.
Confidently and correctly handle personal health information.
Use reasonable safeguards to protect personal health information (PHI).
Recognize and respond to a privacy breach
Support key policies, procedures and risk management programs in your healthcare practice.

Benefits of Privacy Awareness Training

Regular privacy awareness training is considered a common reasonable safeguard to protect patient information and the reputation of the healthcare providers.

Many privacy breaches are avoidable. Privacy awareness training can help prevent privacy breaches or help employees to spot and stop the breach quickly.

Initiatives like Privacy Awareness Week also provide additional tips, templates, tools, and training from supporters of this event. You can follow Privacy Awareness Week on Twitter using the hashtag #PAW2017 and #PrivacyAware.

In conjunction with Privacy Awareness Week, Information Managers www.InformationManagers.ca and Corridor Interactive www.CorridorInteractive.com have announced the release of the newest addition of the “Privacy Awareness in Healthcare: Essentials” series with a focus on Ontario’s Personal Health Information Protection Act (PHIPA) legislation. The first on-line privacy awareness training in this series released in 2016 focused on Alberta’s Health Information Act. Many other provinces have health information legislation as well, and while some of the key terms differ from province to province, this privacy awareness training is applicable to any organization that collects, uses, and discloses personally identifying information.

More information can be found here https://InformationManagers.ca/Privacy-Awareness-Corridor/.

#PAW2017, #PrivacyAware, Corridor Interactive, Health Information Act, healthcare, medical, Personal Health Information Protection Act (PHIPA), Privacy Awareness in Healthcare: Essentials, privacy awareness training, privacy awareness training in healthcare, Privacy Awareness Week

Say ‘No’ to Snooping!

Posted on May 7, 2016 by Jean Eaton in Archive

We don't need more cases of people snooping into patient health records.

We do need employers to implement clear privacy policies, privacy awareness training program, implement monitoring and sanctions when employees or contractors break policies and laws.

Employers who don't do this are breaking the law, violating their professional regulations standards, and opening up the doors for the employers to be fined and even jail time.

What are you doing to improve your policies and training?

If you need help, contact me. I will help you to sort out all the good things in your practice, point out where you can improve, and might be able to help you with the heavy lifting to get there. I'll help you to look after the elephant in the room.

Take steps today to make sure your healthcare practice isn't a victim of snooping.

health care, healthcare, privacy, privacy awareness training, privacy breach, privacy laws, snooping

Privacy, Confidentiality and Security Workshops Coming to Parksville

Posted on April 28, 2016 by Jean Eaton in Archive

60% of small and medium business owners go out of business within 6 months after a privacy and security breach. (Experian)

81% of hospitals and health insurance companies have suffered a data breach (KPMG)

125% increase in data breaches caused by criminals (now outnumber accidental breaches!) (Ponemon)

Don't let this happen to you!

The single biggest privacy and security risk to a healthcare practice is lack of privacy and security awareness training.

Privacy Awareness Training will help to improve your patient satisfaction and prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor.

Healthcare providers must ensure that every staff member understands their individual responsibility when it comes to handling personal information – there is no room for uncertainty.

Privacy Confidentiality Security Workshops for Your Healthcare Practice

Privacy Confidentiality and Security Workshops for Your Healthcare Practice

Are you a healthcare custodian, practice manager, clinic manager, or privacy officer?

Do your staff know about their responsibilities under the e-Health (Personal Health Information Access and Protection of Privacy) Act?

As a custodian, you must ensure all staff members receive privacy awareness training. This course will help you be compliant with privacy legislation and meet your professional college standards of practice.

Protect your organization and your patients. Give your staff with the information they need to confidently and correctly handle personal health information.

These practical workshops will give you templates, user guides, real-life examples, and practical resources.

You will learn how to use practical pro-active privacy in your practice. Privacy management program that is actually fun and . . . practical!

Part A – Privacy Awareness Privacy, Confidentiality & Security Principles

Monday September 12 2016 9-12 am
A workshop for everyone in the health care industry to acquaint themselves with the e-Health (Personal Health Information Access and Protection of Privacy) Act. In a fun and informative format Jean will present key principles and every day scenarios to demonstrate the importance of privacy, confidentiality, and security. An essential introduction for new healthcare providers and support staff, as well as an excellent refresher for everyone else.

Learning Objectives:

Patient and client rights with respect to their personal information.
Review of the key components of e-Health (Personal Health Information Access and Protection of Privacy) Act.
Safeguards that protect personal health information.
Privacy principles that support provincial and federal privacy legislation and guidelines.
How to answer questions from patients about how their personal health information is collected, used and disclosed, and protected.
How to recognize and report a privacy breach.

Sample scenarios and group discussions.

Part A – Privacy Awareness Privacy, Confidentiality & Security Principles

Monday September 12, 2016 6 -9 pm

Can't attend the workshops during the day? This great workshop is offered in the evening!

Part B – Engaging Patients in an Electronic World

Monday September 12, 2016 1-4 pm

Email? Patient portals? Social media? On-line marketing?

How does a healthcare practice decide which approach will best meet your business objectives and improve patient satisfaction? Jean Eaton, Your Practice Management Mentor, will help you make informed choices for your practice.

Practical decision making approach to help you clarify your ideal patient and business objectives. We will explore automated tools to engage your patients and introduce a format to assess privacy and security risks and benefits so that you can make an informed choice about which approach is best for your business.

Learning Objectives:

Describe your ideal patient.
Clarify your business objectives.
Explore your technical options.
Assess privacy, confidentiality and security risks.

Sample scenarios and group discussions.

Part C – 4 Step Response Plan to Manage a Privacy Breach

Tuesday September 13, 2016 9-12 am

Properly managing a privacy breach is a critical to the continued success of your business. This workshop begins with an introduction, ‘Can You Spot the Privacy Breach?'.

Next, Jean will guide you through the practical “4 Step Response to a Privacy Breach” (c) plan to help you develop a privacy breach management response plan for your organization.

Learning Objectives:

Contain the breach.
Evaluate the risks.
Notify affected individuals and other stakeholders.
Prevent the breach from happening again.

Sample scenarios and group discussions.

Do you collect personal health information?

This training program is ideal for staff members at all levels in any organization or clinic that collects, uses or discloses personally identifying information. This includes direct care providers such as physicians, allied health professionals and associates, privacy officers, as well as other employees and support staff who are not directly involved in patient care. Also appropriate for businesses who must meet Personal Information Protection Act / Freedom of Information and Protection of Privacy Act requirements.

This is for you if you are a healthcare provider, practice manager, or vendor that supports a healthcare provider in a group or solo practice with direct patient care including:

Physician
Pharmacist
Registered nurse
Optometrist or optician
Chiropractor
Physiotherapist
Midwife
Podiatrist
Dentist, dental hygienist or denturist
Audiologist
Mental health practicitioner
Laboratory, x-ray, and imaging technician
Paramedic

Presenter

Jean L. Eaton, B.Admin, CHIM, CC

“When you know better, you can do better.”

Jean L. Eaton, Your Practical Privacy Coach and Practice Management Mentor

Information Managers Ltd.

Jean is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal information, particularly in primary health care settings.

Healthcare providers and practice managers working in healthcare want to provide quality services and have a profitable business. They have a sense of what they need to do to get there – but sometimes need the confidence and the details and the resources to help them.

Our workshops are ideal for clinic managers, administration leaders, release of information clerks, health provider team leads, EMR access authorizers, system administrations and privacy officers in physician offices, laboratories, clinics, pharmacy, physiotherapy, dental, and other health care centres.

Jean is committed to helping practices by using tips, tools, templates and training to help healthcare practices get where they want to be.

Jean Eaton has worked in health records and primary care organizations for over twenty years, and is an experienced leader in health information management. Jean has helped hundreds of physicians, chiropractors, pharmacists, and other healthcare providers and privacy officers develop and improve their privacy management programs.

You know your practice better than anybody else. If you had the right tips, tools, templates and training and Your Practical Privacy Coach and Practice Management Mentor to help you, you can develop efficient and practical privacy management program for your office, improve patient satisfaction, meet legislated and college requirements, and prevent big fines (or worse!).

Location

All workshops are held at the Parksville Community Conference Centre, just a few blocks away from the beach. This former school has been redesigned and redeveloped with all the amenities, spacious rooms, and large windows for day lighting.

Worried about parking? Don’t! There’s lots of free parking available both on site and directly across the street.

This event is brought to you by Precision Event Design.

Yes! I want to attend!

Pricing

Full Event Pass

You get:

9 hours practical workshop instruction
Part A – Privacy Awareness Privacy, Confidentiality & Security Principles
Monday September 12, 2016 9-12 am

Part B – Engaging Patients in an Electronic World

Monday September 12, 2016 1-4 pm

Part C – 4 Step Response Plan to Manage a Privacy Breach

Tuesday September 13, 2016 9-12 am

Written materials that you can download with tips, tools, templates that you can use right away!
Breakfast, lunch, and morning and afternoon snacks will all be catered in by Eat Fresh Urban Market in Parksville.
Beautiful meeting space at the Parksville Community and Conference Centre.
Networking opportunity.

I want to know more about Parksville Registration

Individual Registration

Full workshop: $397.00 CDN + $47.64 (GST/PST) = $444.64 CDN.

Register 4 Attendees For The Price Of 3 For The Full Workshop When You Register Before August 15th – GREAT For Two Or More Smaller Offices. You Share The Cost Of 3 And Send One For FREE! To take advantage of the Register 4 for 3, simply register 3 people and bring the confirmations with you along with the 4th person.

Evening workshop only: 125.00 CDN + $15.00 (GST/PST) = $140 CDN.

Early registration before August 15, 2016, will save you $25.00 – you pay $100 + $12 (GST/PST) = $112 CDN

Yes! I want to attend!

Part A – Privacy Awareness Privacy, Confidentiality & Security Principles

Monday September 12, 2016 6:30-9:30 pm

Can't attend the workshops during the day? This great workshop is offered in the evening!

You get:

3 hours practical workshop instruction.
Written materials that you can download with tips, tools, templates that you can use right away!
Light refreshment.
Beautiful meeting space at the Parksville Community and Conference Centre.
Networking opportunity.

Registration price for Monday evening session only: $125.00 CDN + $15.00 (GST/PST) = $140 CDN.

Yes! I want to attend!

BONUS Register before August 15 and receive a valuable free gift from Jean L. Eaton.

Register for the Workshop before August 15 and email me with the receipt confirmation number. I will give you membership access to:

Hiring Templates Employees Resource Package

Employees are central to your healthcare practice
Hiring the right employee will make your healthcare practice:

Productive and provide good services to your patients and clients
Positive place to work and to receive care
Promote your business

A good hiring plan will help you:

Recruit, interview and hire with confidence
Develop great first impressions to attract the ideal candidate to your practice
Keep employees engaged
Improve patient satisfaction

Here’s what is in this early registration BONUS – Yours FREE for early registration!

E-book (pdf), “9 Steps to Hiring Employees for your Healthcare Practice”

Webinar re-play, “9 Steps to Hire (and Keep) Employees in Your Healthcare Practice”

Access to MS Word Templates that you can use to quickly customize documents for your practice
- Job Description Templates – Clinic Manager, MOA, Receptionist, Interpreter, Privacy Officer
- Job Posting Templates – Clinic Manager, MOA
- Application Form Templates
- Interview Question Templates
- Introduction Package for New Applicants
- Short-List Candidates Templates – Candidate Evaluation Form, Reference Check Form, Candidates Ranking Form
- Letter of Offer Template
- Orientation – Employee Information Form, Orientation Checklist
- Performance Review Template – Performance Appraisal Form

Access to Practice Management Nuggets Interview replays with guest experts

Cancellation / refund / payment policy

Cancellations will be accepted up to 2 week prior to the event with a 10% administration fee only.
Cancellations less than one week prior to the event will incur a 50% administration charge.

“No shows” will be totally non-refundable. If you can not attend we encourage you to have someone else who will benefit from the course attend in your place, and give us notice by email.
Should the event be cancelled less than two weeks prior to the event date by Precision Event Design, attendees will have the option to reschedule for a future event (we can not guarantee when the same workshop will be offered again), or be refunded in full.

Payment options

PayPal OR Credit Card on-line – you don't need a PayPal account to pay by credit card.
Cheque – Payments may also be accepted in person with a company cheque.
In Person – Cash payments will be accepted on-site registrations.

Yes! I want to attend!

e-Health (Personal Health Information Access and Protection of Privacy) Act., health care, healthcare, privacy awareness training, privacy breach management response plan, privacy management program, security awareness

Can You be Charged Under the Health Information Act ?

Posted on December 2, 2015 by Jean Eaton in Blog

If you access personal health information without authorization, this is a privacy breach.

You can be charged with a fine under the HIA and can face penalties, fines, and sanctions from your professional association.

How frequently are people being charged under the Health Information Act in Alberta for improper access to health information?

“This year alone, there has been one conviction and two charges for improper access of health information. The office is also investigating more than a dozen cases, and they all have the potential to become offence investigations.” Medical record privacy breaches an ‘epidemic' in Alberta,' says commissioner CBC News Posted Oct 15, 2015.

An investigation by the Alberta Office of the Information and Privacy Commissioner (OIPC) has resulted in 26 charges being laid against an individual under the Health Information Act (HIA) as reported in a OIPC News Release December 1, 2015. An incident at the Alberta Children’s Hospital in Calgary was reported by Alberta Health Services to the OIPC. The OIPC conducted an investigation and upon completion of the investigation charges were laid against the individual who allegedly gained access to health information in contravention of HIA.

This is the sixth time charges have been laid under provisions of HIA. The maximum penalty for each offence is $50,000.

Who is a custodian?

The custodian (as defined by HIA a ‘custodian' includes physicians, pharmacists, dentists, chiropractors, optometrists, Alberta Health Services, Minister of Alberta Health and more). The custodian is responsible to take reasonable steps prevent privacy and security breaches including providing privacy awareness training.

Do you have a privacy awareness program?

Do you have a privacy awareness program in your practice that everyone must attend? This includes healthcare providers, students, residents, office staff and, yes, even the non-patient care employees like cooks, cleaners, and maintenance staff.

Have you seen this?

Do You Need Privacy Awareness Training for Your Healthcare Practice?

fines, Health Information Act, HIA, privacy awareness training, privacy breach

Do You Need Privacy Awareness Training for Your Healthcare Practice?

Posted on October 29, 2015 by Jean Eaton in PMN Replay, PMN Stitcher, Practice Management Nugget Interview

Join us for the free webinar,

Privacy Awareness in Healthcare: Essentials

Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Give your staff the knowledge and tools they need to apply policy in their day-to-day work AND prevent a privacy breach with privacy awareness training.

Privacy awareness training is easy with interactive online learning experiences that are more effective than conventional training.

Make online training available to all your new and current employees quickly and efficiently.

Heather Mooney will demonstrate the online training platform.

In this FREE 30-minute Practice Management Nugget Webinar Heather and Jean will answer your questions about online privacy awareness training program so that you can decide if this is the right choice for your healthcare practice.

Heather Mooney, VP Business Development, Corridor Interactive

Heather is the sales and marketing strategist with experience in channel and account management; responsible for driving the sales and marketing program.

Privacy Awareness in Healthcare: Essentials Individual and group training licenses with Corridor Interactive available here.

Try out a Trial Membership to Information Managers Network to access more great interviews webinar replays and resources.

Trial Membership Information Managers Network

Information Managers Network Login

Subscribe to our YouTube Channel
Practice Management Nuggets are now also available as podcasts! Find us on Stitcher Radio and iTunes!

Practice Management Nugget Webinar

Privacy Awareness in Healthcare: Essentials

hosted by Jean Eaton of Information Managers Ltd.

Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Corridor Interactive, health care, healthcare, Heather Mooney, Practical Privacy Coach, Practice Management Mentor, privacy awareness training

Privacy Challenge #11 Privacy Awareness Training

Posted on October 25, 2015 by Jean Eaton in Archive

Privacy Awareness Training

80% of all privacy breaches are internal to the organization. It is the healthcare provider and employer’s responsibility to ensure that everyone in the organization knows the best practices to handle personal information. Healthcare providers must provide privacy and security awareness training to each employee and contracted vendors in a healthcare practice. This includes healthcare providers and professional staff as well as volunteers.

Employers and healthcare providers must be able to document that training is provided to the employee and that the employee understood the key concepts of the content provided in the training.

A formal employee orientation process will help a new employee to succeed by:

Reducing the anxiety of the new recruit
Introducing the organization's mission and work
Explaining the organization's culture, including the values, behaviours, formal and informal practices, etc. including expectations of privacy and security of personal information. Set clear expectations of employee’s job performance and day-to-day activities.
Introduce new employee to colleagues, including managers or supervisors
Creating mentors and job ‘buddies' to help ease the new employee into the organization's culture

Privacy awareness training is an essential part of your employee orientation program.

Training alone won’t guarantee that mistakes or errors in judgement won’t happen, but the healthcare provider and employer are legally responsible to take reasonable steps prevent privacy and security breaches.

Privacy awareness training happens throughout the year. Informal training that is timely – say, the news item of the latest privacy breach – are great opportunities to reinforce key messages. Use ‘what if that happened to us, what would we do?’ to discuss lessons learned and improve your current practices, if necessary. Review near-miss privacy and security incidents in your practice. These are great opportunities to discuss and fix potential problems before they become breaches.

The Privacy Officer may create and deliver the training and will monitor, supervise, and support the training.

Use a variety of written and multi-media content like posters, newsletters, videos, infographics, and lunch ‘n learn discussions to reinforce key messages. People love games, challenges, and cyber competitions, too, as a way to create variety and interest in privacy and security.

Resources:

I am delighted to share with you a new course, Privacy Awareness in Healthcare: Essentials, training provided by Corridor Interactive. I have the great pleasure to work with Corridor Interactive to develop the course content. Privacy Awareness in Healthcare: Essentials provides a privacy awareness training program available on demand. Individuals can register for the course and have access to a 3-month subscription. Employers can also purchase training for groups of employees; employees can access the internet based training at a time and location convenient to them. Employers can monitor the employee’s training progress and receive a report of employee’s satisfactory completion of on-line quizzes.

The Health Information Act Guidelines and Practices Manual from AHW provides an administrative checklist of custodian's responsibilities, including training requirements. This is a good outline for your privacy management program and employee orientation even if you don't need to follow the HIA. See Appendix 3 & 4.

Also see the Employee Orientation Checklist from the HRC Council: Getting the Right People.

Make use of networking within your organization and with associations, or organizations of similar or complementary services. Some vendors facilitate user groups. The Alberta Association of Clinic Managers and the Medical Group Management Association of Canada offer networking for Clinic Managers. Privacy Officers can find resources and networking at Privacy and Access Council of Canada.

Today's Challenge:

To Do:

Do you know who the Privacy Officer is in your business?
Do you have an employee orientation checklist? When was it last updated?
How can the orientation process be improved?
Ask new employees for their feedback on their orientation.

Share Privacy Challenge #11!

Email a Friend.

Tweet your Followers.

#15DayPrivacyChallenge, #CyberAware, employee orientation, Practical Privacy Coach, privacy awareness training

Privacy Awareness and HIA for Primary Care Clinics: Replay

Posted on March 2, 2014 by Meghan Davenport in Members Only, Privacy, Confidentiality, and Security Series Webinar

Thank you for registering for the Information Managers'
Privacy, Confidentiality and Security Series event:
Privacy Awareness and HIA for Primary Care Clinics.

This webinar was recorded onTuesday, March 18th at 12:00pm MST.

This webinar is an important hour and a half long privacy in-service. In a fun and informative format, Jean will present key principles and every day scenarios to demonstrate the importance of privacy, confidentiality, and security.

An essential introduction for new patient care providers and support staff, as well as an excellent refresher for everyone else. Privacy training for your organization.

Includes – privacy principles, important 2010 and 2013 amendments to the Health Information Act, new Alberta Health Act, safeguards, privacy breaches.

Resources:

Alberta Netcare Rights Subscribe to Privacy Nuggets Learning Resource Guide

Live Event:

(if you are unable to view the slides below, please click here. If you have any other technical issues, send us an email)
Audio Only

Slide Replay

privacy awareness training