Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Use These Reports To Improve Privacy Compliance

Posted on December 29, 2021 by Jean Eaton in Blog

Use These Reports To Improve Your Privacy Compliance

Investigation reports of privacy breach incidents helps to inform and update policies, procedures, and risk assessments can be used by privacy officers, clinic managers, and healthcare custodians to improve privacy compliance in their healthcare practice.

Recent publications by the Alberta Office of the Information and Privacy Commissioner (OIPC) and the College of Physicians and Surgeons of Alberta (CPSA) are great resources.

We can use these real-world examples to improve our current practices to protect the privacy, confidentiality, and security of personal health information and to protect personal health information from unauthorized access, use, disclosure, and loss.

Alberta OIPC Annual Report

In the Alberta OIPC Annual Report 2020-21, Jill Clayton, the Privacy Commissioner, noted that ‘this past year was a year like no other for access to information and protection of privacy in Alberta as the COVID-19 pandemic raised new challenges for regulated stakeholders and my office.’

Work from home mandates impacted how organizations responded to access to information requests and the security of personal information as employees shifted to remote work. The OIPC received over 150 privacy impact assessments (PIA) and notifications about the implementation of new virtual care (or telemedicine) projects.

Overall, the OIPC reports that there was a 31% increase in the number of PIAs that they had received over the previous years. The healthcare sector may not have applied the usual rigour to assess new virtual care solutions as has been previously applied to, for example, EMR implementation. The urgency of the pandemic may have triggered this weakness, but it's something that now we should be able to do better.

There were 930 breaches reported by health information custodians to the OIPC in 2020-21, representing a slight decrease from 2019-20 (938). There were four convictions under the Health Information Act (HIA) for unauthorized access to health information in 2020-21.

Download the Annual Report from the OIPC here

CPSA Virtual Care Standards of Care

The Alberta College of Physicians and Surgeons (CPSA) released on December 20, 2021, its updated Virtual Care Standards of Practice. This was previously released as telemedicine standards.

Download the CPSA Virtual Care Standards of Care here.

I want to highlight a few things that have changed and a few things that we should know about already. The standard provides clarity about physicians who can provide virtual care services for Albertans. A physician who has been licensed to practice and provide care in Alberta, with some exceptions. Other healthcare providers outside of Alberta should not be providing virtual care to residents of Alberta.

The standards also provide guidance on the procedures that a regulated member providing virtual care must follow, including Standard #8:

  • provide the patient with their name, location and licensure status during the initial virtual care encounter;
  • take reasonable steps to confirm the identity and location of the patient during each virtual care encounter;
  • confirm the patient’s physical setting is appropriate given the context of the encounter and ensure consent to proceed, in accordance with the Informed Consent standard of practice;
  • offer the patient the opportunity for in-person care; and
  • ensure there is a plan in place to manage adverse events or emergencies and make patients aware of appropriate steps to take in these instances.

The standards also remind physicians that prior to implementing new virtual care technologies or practices, that you must prepare a PIA. This applies even if you are ‘just’ using telephone to provide virtual care.

PIA Remote Working and Virtual Care Templates

Last year, Information Managers created a virtual care privacy impact assessment package which includes template policies, procedures, implementation tips, and privacy training. This follows the requirements from the standards from the CPSA and the HIA.

The PIA Remote Working and Virtual Care Templates provide you virtual care procedures, workflow, tips, and Privacy Impact Assessment templates that you can quickly and easily download and customize for your healthcare practice. The training provided will help you to assess privacy and security options to assist you to select the best technology solution for your needs. Then, use the Privacy Impact Assessment templates to document your decisions and submit to the OIPC.

 

Yes! I Want Virtual Care Templates

privacy compliance

Privacy Compliance and Technology in Healthcare

Posted on March 7, 2021 by Meghan in Blog

Privacy Compliance and Technology in Healthcare

Event by Rafiki Technologies with Information Managers

 

A Privacy Impact Assessment (PIA) is a practical business tool in your healthcare practice.

A PIA is an important tool that you can use to help you with project management.

It will help you anticipate risks to the project before it starts and avoid serious problems, wasted time and money.

The PIA process requires you to have written policies and procedures so that you can implement the project effectively and train your staff consistently.

Sometimes a PIA is a requirement of legislation. But it is always a best practice whenever you implement a project that includes personal health information.

Join Rafiki Technologies’ Naheed Shivji and Information Managers’ Jean L. Eaton for a guide to successfully keep your patients’ information safe, follow cyber security best practices, and comply with the requirements of the Health Information Act (HIA).

This on-line workshop will provide you with practical tips to plan your Privacy Impact Assessment (PIA) amendment as well as a strategic cybersecurity checklist.

Who Should Attend?

  • Medical, dental, chiropractic, optometric, pharmacy practices in Alberta.
  • Clinic manager, privacy officer or administrative lead responsible for updating your Privacy Impact Assessment.
  • Healthcare provider

Join Naheed Shivji and Jean L. Eaton for a guide to your PIA completion and technology requirements

Thursday, March 18th, 2021

6:00 PM – 7:00 PM MT

Free Registration

 

Click the button below to register for the workshop!

Register for the Complimentary Workshop HERE!
speakers lady man

Meet Naheed Shivji, Founder & President of Rafiki Technologies Inc.

Naheed has more than 20 years of experience in IT with expertise in the dental industry. He is a passionate entrepreneur helping companies understand and embrace technology and is always searching for business best-practices while giving back to the community.

Naheed works hands-on with his clients to develop winning IT strategies and smooth implementations. He is constantly learning and adapting to industry trends to maintain Rafiki Technologies’ position as a leading managed IT services company in Canada.

Meet Jean L. Eaton, BA Admin (Healthcare), CHIM, CC

Your Practical Privacy Coach and Practice Management Mentor with Information Managers Ltd.

Jean has helped hundreds of physicians, chiropractors, pharmacists, and other healthcare providers complete their Privacy Impact Assessment. She has visited hundreds of practices across Canada.

Jean helps independent healthcare practices with practice administration, privacy awareness, privacy breach management, and legislated regulation compliance in Canada.

Jean's career started as a receptionist and transcriptionist in a busy family medical walk-in practice. She moved into health records and health information management and hospital administration in hospitals, regional health authorities, cancer agencies across Canada and Alberta Health.

Now, Jean specializes her consulting practice to independent healthcare practices who want to start, grow, or improve their practice administration so that healthcare providers can focus on providing quality healthcare services. Jean provides training to businesses including healthcare on practical privacy and security best practices and privacy breach management.

If you are starting your new practice and need your first Privacy Impact Assessment, see our available consultation options here.

You May Also Be Interested In:

 

“What is a Privacy Impact Assessment?”

Read the article and watch the short video now to take a look at what is a PIA, what will a PIA do for you, when you need a PIA, and what is the PIA process.

You can also listen to the Practice Management Nuggets podcast episode here.  

 

“How Long Does it Take to do a New Privacy Impact Assessment?”

Ideally, you should start the Privacy Impact Assessment process 3- 6 months prior to your go-live date. Find out more by reading the article.

cybersecurity, dentist, healthcare, privacy, privacy compliance, privacy consultant, Privacy Impact Assessment, security, technology

Why You Need To Get The Right Agreements With Your Vendors

Posted on February 4, 2020 by Jean Eaton in Blog

Donna Grindle knows having a business arrangement agreement between a healthcare provider and their business associate is very important in defining clearly the responsibilities of both parties.  

But, many healthcare providers, business owners, and vendors don’t get this right!

Donna shares her observations on the HIPAA violations trends from the United States so that healthcare providers and vendors in Canada can prevent similar experiences and avoid massive fines and penalties.

Donna Grindle is my guest expert on Practice Management Nuggets For Your Healthcare Practice.

Donna Grindle's #1 Tip to healthcare providers and vendors

Don’t assume. Ask questions! Click to Tweet

My Favorite Takeaways From The Podcast

  • Healthcare privacy and security regulations are more similar than different.
  • Educate as many people as possible about the importance of privacy and cybersecurity.
  • Don't assume that you don't have to ask questions.
  • Privacy is a civil right.
  • Under HIPAA, any business that provides a service to covered entities (healthcare providers) that requires them to have access to protected health information is then considered a business associate (BA).
  • BA's are separately and equally liable to protect patient information.
  • You must have a written agreement between your vendors and your healthcare providers that describes how you will protect patient health information. If you disclose personal information without a written agreement, you are breaking the law.
  • BAA / IMA must include liability clause.
  • Tips: Healthcare Provider Selecting A Vendor
  • Tips: Vendor Selecting A Healthcare Client
  • Cybersecurity insurance

Featured Guest: Donna Grindle

Image ladyFounder & CEO Kardon and
Co-Host Help Me With HIPAA Podcast

Donna brings over 30 years experience in healthcare IT which is the solid foundation of Kardon’s HIPAA privacy and security consulting. Donna stays busy with speaking engagements, the weekly Help Me With HIPAA podcast, and managing a business with a growing client list. Donna’s sense of humor and southern charm spills out into everything she does.

Be sure to tune in to my interview with Donna Grindle,

What Healthcare Practices Should Know About Vendor Vetting And Accountability | Episode #085

Listen To The Podcast Here
#PracticeManagementNugget, BAA, business associate agreement, Donna Grindle, healthcare, HIA, HIPAA, IMA, information manager agreement, podcast, privacy compliance, vendor vetting

Privacy Practice Review

Posted on November 1, 2013 by Jean Eaton in Clinic Manager / Privacy Officer, Established Practice, Services, Vendor

Demonstrate and ensure compliance to your privacy goals. A Privacy Review is an educational and consultative program that serves as a vehicle to identify best practices as well as opportunities for improvement.

Your medical office wants to promote a culture of respect for privacy and information security throughout the organization when providing patient care and accessing and disclosing protected health information.

To demonstrate and ensure continuing compliance to your privacy goals, a Privacy Review, is an educational and consultative program that serves as a vehicle to identify best practices as well as opportunities for improvement.

The Privacy Review is designed to be transparent in order to maximize the opportunity to impart knowledge and effect change.

Each review presents an opportunity to give members of your staff the information and tools that they need to protect patient privacy.

healthcare, Netcare, privacy compliance, reasonable safeguards, security compliance

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"The 15 Day Privacy Challenge has given me some additional information on day-to-day responsibilities that I hadn't considered until now. Each Privacy Challenge has been so informative and I've been sharing it with our office staff."

- Vera, Alberta Health Services

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}