The Email You NEVER Want to Get: I Have Received a Complaint From a Patient

Posted on February 22, 2016 by Jean Eaton in Blog

“Alice, I have received a complaint from a patient that you may have committed a privacy breach,” said the clinic manager.

You told me what happened. You did not follow our clinic policies and procedures properly when you left messages for the patient about her follow-up healthcare appointments.

I want to work with you to review and improve our office procedures and training so that this does not happen again.

I also want you to take our privacy awareness training. We provide this training for all new employees during orientation. Sometimes we each need a refresher to remind us how we can maintain privacy, confidentiality, and security of our patients’ information each day.

Alice, you are a good employee I believe that you want to do your job better. Privacy of our patients' information is very important. Our policies and procedures help us to ensure that we are doing our jobs well. This is your warning; if this type of error happens again, I will need to take additional disciplinary steps.

If you have any questions, please talk to me, your supervisor or our Privacy Officer.”

Privacy breaches happen.

Healthcare providers are responsible to ensure that employees understand their roles and responsibilities. When a breach happens, we need to contain the breach, correct the problem, and prevent it from happening again.

[clickToTweet tweet=”Do you have an office policy about when and how you should leave telephone messages for patients?” quote=”Privacy awareness training will prevent breaches and may be used as part of the strategy to prevent recurrence.”]

Privacy awareness training happens throughout the year. Informal training that is timely – say, the news item of the latest privacy breach – are great opportunities to reinforce key messages. Use ‘what if that happened to us, what would we do?’ to discuss lessons learned and improve your current practices, if necessary.

Review near-miss privacy and security incidents in your practice. This is the ideal time to discuss and fix potential problems before they become breaches.

The Privacy Officer may create and deliver the training and will monitor, supervise, and support the training.

Use a variety of written and multi-media content like

posters,
newsletters,
videos,
infographics, and
lunch ‘n learn discussions

to reinforce key messages. People love games, challenges, and cyber competitions, too, as a way to create variety and interest in privacy and security.

Privacy awareness training alone won’t guarantee that mistakes or errors in judgement won’t happen, but the healthcare provider and employer are legally responsible to take reasonable steps prevent privacy and security breaches.

Do you have a privacy awareness training program for your healthcare practice?

Let us help you with privacy awareness training on-line and in-person.

discipline, health care, healthcare, healthcare provider, primary healthcare, privacy, privacy awareness, privacy breach, privacy breach sanctions, training

Can You be Charged Under the Health Information Act ?

Posted on December 2, 2015 by Jean Eaton in Blog

If you access personal health information without authorization, this is a privacy breach.

You can be charged with a fine under the HIA and can face penalties, fines, and sanctions from your professional association.

How frequently are people being charged under the Health Information Act in Alberta for improper access to health information?

“This year alone, there has been one conviction and two charges for improper access of health information. The office is also investigating more than a dozen cases, and they all have the potential to become offence investigations.” Medical record privacy breaches an ‘epidemic' in Alberta,' says commissioner CBC News Posted Oct 15, 2015.

An investigation by the Alberta Office of the Information and Privacy Commissioner (OIPC) has resulted in 26 charges being laid against an individual under the Health Information Act (HIA) as reported in a OIPC News Release December 1, 2015. An incident at the Alberta Children’s Hospital in Calgary was reported by Alberta Health Services to the OIPC. The OIPC conducted an investigation and upon completion of the investigation charges were laid against the individual who allegedly gained access to health information in contravention of HIA.

This is the sixth time charges have been laid under provisions of HIA. The maximum penalty for each offence is $50,000.

Who is a custodian?

The custodian (as defined by HIA a ‘custodian' includes physicians, pharmacists, dentists, chiropractors, optometrists, Alberta Health Services, Minister of Alberta Health and more). The custodian is responsible to take reasonable steps prevent privacy and security breaches including providing privacy awareness training.

Do you have a privacy awareness program?

Do you have a privacy awareness program in your practice that everyone must attend? This includes healthcare providers, students, residents, office staff and, yes, even the non-patient care employees like cooks, cleaners, and maintenance staff.

Have you seen this?

Do You Need Privacy Awareness Training for Your Healthcare Practice?

fines, Health Information Act, HIA, privacy awareness training, privacy breach

Privacy Challenge #15 Privacy Breach

Posted on October 29, 2015 by Meghan Davenport in 15 Day Privacy Challenge

Privacy Breach

Have you ever received a phone call from your bank telling you that your credit card information may have been compromised or stolen?

Be glad you did. While this kind of call may frighten you and create doubt and cause inconvenience, it is far better to be notified and to solve the problem than to let it persist. And if the bank catches the theft early and calls you to let you know how they have prevented it from happening again, you are likely to thank the bank for looking out for your best interests.

The same thing happens when you suspect that you have a privacy breach at work. You need to stop it, report it, inform the client, and let them know what you are doing to solve the problem. It is never an easy phone call to make, but most of the time the client appreciates your concern.

Privacy Breach – 3 Mistakes in Managing a Privacy Breach

Posted on October 28, 2014 by Meghan Davenport in Past Events

Privacy, Confidentiality, Security for Medical Offices©

Privacy Breach – 3 Mistakes in Managing a Privacy Breach

Privacy is a huge issue for the public right now, and as more businesses, health care practices, and even your grocery store collect more information about you, the risks of having that information stolen, misused, or compromised, are huge.

Having a privacy breach can cost you time, money, and trust of your patients.

Attend this webinar, 3 Mistakes in Managing a Privacy Breach, to help you understand the three common mistakes in managing a privacy breach, and ensure that you and your staff take the right steps to contain, manage, and prevent privacy breaches.

Pssst – if you are a member, click this link for an EXCLUSIVE coupon. Not a member? Become one!

This webinar will teach you:

how to identify a privacy breach
how to notify a privacy breach
how to communicate about a privacy breach

Register for the Webinar!

Privacy Breach – 3 Mistakes in Managing a Privacy Breach

Tuesday, November 4th, 2014 10-11 am MST

Live webinar with Jean Eaton, the Practical Privacy Coach and Practice Management Mentor.

Discussion, resources, and template procedures that you can use right away!

You don’t have to attend LIVE, but you will miss the Q&A! Replays available. Register now!

The Privacy, Confidentiality and Security Series include topics such as privacy awareness, privacy breaches, and email with patients. Seminars last from an hour to an hour and a half, and cover important information for new patient care providers and support staff, as well as practice managers, healthcare providers, or trusted vendors who support healthcare practices. Privacy, Confidentiality and Security© series is hosted by Jean Eaton (the Practice Management Mentor) of Information Managers Ltd.

healthcare, Practical Privacy Coach, privacy breach, privacy breach management

Privacy Breach – 3 Mistakes in Managing a Privacy Breach – Live

Posted on October 28, 2014 by Meghan Davenport in Privacy, Confidentiality, and Security Series Webinar

Thank you for registering for the Information Managers' Privacy, Confidentiality, Security Series event: Privacy Breach – 3 Mistakes in Managing a Privacy Breach.

Please return to this page on Monday, November 4rd at 10 am MST to attend the live event. (Not in MST? Click here to find your timezone)

Countdown:

Replay and Resources: Privacy Breach – 3 Mistakes in Managing a Privacy Breach

Resources and links for additional information.

Date & Time Live: Tuesday, November 4, 2014 10-11 am MST (not in MST? Click here to find your timezone)

After this webinar, you'll understand the three common mistakes in managing a privacy breach, and ensure that you and your staff take the right steps to contain, manage, and ultimately prevent future privacy breaches.

This webinar will teach you:

how to identify your privacy breach
who to inform of your privacy breach
how to handle questions and concerns from your patients

Resources:

Webinar Learning Guide

BONUS! Privacy Breach Awareness Video

Subscribe to Privacy Nuggets

Live Event:

(if you are unable to view the slides below, please click here. If you have any other technical issues, send us an email)

healthcare, Practical Privacy Coach, privacy breach, privacy breach management

Privacy Breach – 3 Mistakes in Managing a Privacy Breach

Posted on June 3, 2014 by Meghan Davenport in Blog, Privacy, Confidentiality, and Security Series Webinar

Privacy, Confidentiality, Security for Medical Offices©

Privacy Breach – 3 Mistakes in Managing a Privacy Breach

Privacy is a huge issue for the public right now, and as more businesses, health care practices, and even your grocery store collect more information about you, the risks of having that information stolen, misused, or compromised, are huge.

Having a privacy breach can cost you time, money, and trust of your patients.

Attend this webinar, 3 Mistakes in Managing a Privacy Breach, to help you understand the three common mistakes in managing a privacy breach, and ensure that you and your staff take the right steps to contain, manage, and prevent privacy breaches.

Pssst – if you are a member, click this link for an EXCLUSIVE coupon. Not a member? Become one!

This webinar will teach you:

how to identify a privacy breach
how to notify a privacy breach
how to communicate about a privacy breach

Register for the Webinar!

Privacy Breach – 3 Mistakes in Managing a Privacy Breach

Tuesday July 29th, 2014 12:00pm – 1:00pm MST

Live webinar with Jean Eaton, the Practical Privacy Coach and Practice Management Mentor.

Discussion, resources, and template procedures that you can use right away!

Replay will be available for 1 week. Register today!

The Privacy, Confidentiality and Security Series include topics such as privacy awareness, privacy breaches, and email with patients. Seminars last from an hour to an hour and a half, and cover important information for new patient care providers and support staff, as well as practice managers, healthcare providers, or trusted vendors who support healthcare practices. Privacy, Confidentiality and Security© series is hosted by Jean Eaton (the Practice Management Mentor) of Information Managers Ltd.

practice management, privacy breach, template

2014 Saskatchewan Connections Conference

Posted on April 16, 2014 by Jean Eaton in Blog

Jean will be presenting at the 2014 Saskatchewan Connections Conference on Wednesday June 4, 2014 at the beautiful Delta Regina. Saskatchewan's Access, Privacy, Security & Records Management Forum

1B: Managing a Privacy Breach: 3 Mistakes in Managing a Privacy Breach

Welcome video from Jean

Dealing with a privacy breach in your clinic can be stressful and confusing. What should you do? Who should you contact? In this presentation, learn the 3 common mistakes made when managing a privacy breach. Learn from someone else's mistakes!

In a fun and informative format Jean will present key principles to manage a privacy breach – and 10 key steps to prevent a privacy breach! Discussion will include proactive privacy and privacy by design principles to keep your practice breach free.

Agenda Register at Verney Conferences

Let your colleagues know that you plan to attend this event! Follow Twitter @SK_Connections

Practical Privacy Coach, privacy breach

Privacy Breach – 3 Mistakes in Managing a Privacy Breach

Posted on January 25, 2014 by Meghan Davenport in Blog

Webinar Event

Time: Tuesday, February 11th at 12:00 pm – 1:00 pm Mountain Standard Time

Listening Method: Web Simulcast

Dealing with a privacy breach in your clinic can be stressful and confusing. What should you do? Who should you contact? In this webinar, learn the 3 common mistakes made when managing a privacy breach. Learn from someone else's mistakes!

Webcast Seminars: $25.00 + $1.25GST = $26.25

breach, privacy, privacy breach

Stolen Laptop Results in Privacy Breach

Posted on January 25, 2014 by Meghan Davenport in Blog

A laptop with the unencrypted personal health information of 620, 000 Albertans was stolen in September of 2013.

The laptop, belonging to an information technology consultant for Medicentres, was stolen on September 26th, and contained the names, dates of birth, provincial health card numbers, billing codes and diagnostic codes of individuals seen at Medicentres between May 2, 2011 and September 10, 2013.

The process of notifying the public was delayed because Medicentres was trying to figure out how to best do it, chief medical officer Dr. Arif Bhimji said.

“…[T]his was the first time ever having to deal with this sort of situation and it took a lot longer than we would have liked it to take.”

Questions are now being asked as to why the consultant had access to so much information, and why the laptop's data was not encrypted.

Privacy Commissioner Jill Clayton is launching an investigation into the event, and the probe will also be taking a wider look of how privacy breaches are reported in Alberta.

For more information about this privacy breach, visit CBC.ca.

Are you concerned about what your organization would do in the event of a privacy breach? Would you know how to handle it? Visit our Training Calendar for more information about an upcoming webinar!

Alberta, breach, encryption, health information, privacy, privacy breach

Pharmacist Used Health Information for Personal Reasons

Posted on January 4, 2014 by Meghan Davenport in Blog

A Calgary pharmacist has been cited for using the health information of a patient in an attempt to establish a personal relationship with her.

The woman complained to the Information and Privacy Commissioner, alleging that the relief pharmacist employed at a pharmacy in Calgary, had contacted her twice by phone and attempted to “friend” her on Facebook.

The Health Information Act (HIA) prohibits employees from using health information for purposes not required to do their job. The investigation by the Privacy Commissioner found that the pharmacist misused health information, and that the pharmacy manager had failed to provide privacy and security training to the pharmacist.

The pharmacy had access to privacy policies and training but the pharmacist in question was not made aware of these policies by the pharmacist manager. The investigation concluded by reinforcing the need for following through on administrative and technical safeguards and training for all staff.

Do you provide privacy training for all of your staff – including professional healthcare service providers? How do you document that each staff has received the training? How often do you re-fresh or update the training? A privacy management program is an important part of your responsibility as a healthcare provider, practice management and business owner. See our training programs for additional resources you can use right away.

For more information, check out the full OIPC Investigation Report H2013-IR-02

You can also read the Calgary Herald article (Dec 17, 2013) here

Alberta, breach, complaint, Health Information Act, HIA, OIPC, privacy, privacy breach