Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Table-Top Privacy Breach Fire Drill

Posted on April 19, 2021 by Meghan in Blog

Use A Table-Top Privacy Breach Fire Drill to Protect Your Practice

A table-top privacy breach fire drill is a cost-effective way to prepare for a privacy and security incident in your healthcare organization. You should have a written privacy breach incident response plan in your healthcare practice. Have you practiced your response plan lately?

A table-top privacy breach fire drill allows your incident response team to rehearse their skills in a controlled exercise.

Do you remember your school days when every month or two you had a fire drill? The fire alarm would go off and everybody would go out the doors and very calmly go down the stairs and out the doors and into their muster point.

We take the same approach with privacy breach fire drills. Fires can happen at different times, places, and for different reasons. Whey you change the scenario, you develop alternate strategies or playbooks to best respond to the fire.

A privacy breach incident playbook contains all the actionable steps to take when a privacy beach incident occurs. Your playbook will have many ‘plays’ or actions to take when different types of privacy breach incidents occur. You could also think of it as a recipe book. You have many types of recipes to select from. Identify the ingredients that you have on hand (or the characteristics of the latest privacy incident) and select the most appropriate recipe to resolve the incident.

Healthcare providers, owners, and privacy officers hear about big privacy breaches on the news and hope it won’t happen to them. It keeps them up at night…because they know that properly preventing or managing a privacy breach is critical to the continued success of their business. Implementing a table-top privacy breach fire drill will help!

Picture this. You call a meeting of your incident response team. This may include your privacy officer, computer network support or managed services provider lead, physician, dentist, or other healthcare lead, your media spokesperson, and clinic manager. The privacy officer distributes a privacy breach incident scenario summarized on one page.

The team members read the scenario and then discuss what steps that they would take to respond to the privacy breach incident.

Using the 4 Step Response Plan  as your playbook guideline, the incident response team note-keeper documents the hypothetical steps that the team takes to respond to the breach. Record the decisions, the resources, and the questions that you explore in this scenario.

Privacy Breach 4 Step Response

When the table-top exercise is complete, you now have a detailed action steps that you can take when a similar privacy incident occurs in your healthcare practice.

How To Use The Table-Top Privacy Breach Fire Drill Technique

The goal of a privacy breach fire drill is to develop your playbook so you can spring into action when a similar privacy and security incident occurs in your healthcare practice.

First, identify a scenario that could happen in your practice. Unfortunately, it’s easy to find an example about a privacy and security breach in the news. Grab a privacy breach example and pull out the bits and pieces of the information that might apply to your organization. When you select scenarios that could happen in your organization the exercise is more meaningful for you, and you will develop tools and templates that are going to help you in the event that a very similar privacy and security incident happens in your organization.

Let’s use the recent privacy breach incident that came from the province of Saskatchewan* when a cybersecurity attack that happened in their E-Health system. This attack may have started when an employee who had authorized access to the e-health system used a personal tablet to connect with a USB to the Saskatchewan health authority’s computer. This enabled a virus from that personal tablet to infect the computer system and ultimately the e-health system, allowing millions of files to be stolen. Strip the example down to its key points. Create additional details and assumptions where needed to give the team members enough information to discuss the scenario during the fire drill exercise.

Step 1 Contain The Breach

The first step in every incident is to spot and stop the breach. Make an assumption that the employee who connected the personal device to your computer is now seeing that message on the screen that says that there's a virus in the system. One of your incident team members plays the role of the employee and completes Step 1 of the privacy breach incident response form and notifies their supervisor or the privacy officer.

Another team member assumes the role of the privacy officer and explains what their next action steps would be.

Record each action that you consider. Document each policy, resource, phone number and email address that you would use in a real event. This creates the action steps in your playbook.

Step 2 Evaluate the Risks

Discuss the risks that could affect the computer systems. What tools do you need to evaluate the harm of this incident? How might this affect patient care and the privacy of patient information?

Contact your vendors and ask them to contribute to the risk assessment in this scenario.

Who else might you want to call on for assistance to investigate this incident?

You might want to revisit the news item for additional information about the actions that were taken that you might also need to explore.

In your playbook, record good leading questions to help you to investigate the incident and evaluate the risks of harm.

Step 3 Notification

Strategize who you would notify about the incident. Prepare written notification to the custodians, patients, regulators and even media statements. These become templates in your playbook that you can quickly implement in your real event.

Role-play your media spokesperson being interviewed on the evening news. It’s much better to practice now, before you are in a crisis.

Step 2 Prevent the Breach From Happening Again

This might be the most valuable step in the privacy breach fire drill. Complete the privacy breach incident worksheet and summarize this practice scenario. Consider how likely this scenario could happen in your practice. What type of training could be done now to prevent this from happening? What tools or training do your incident response team members need today to make it easier for them to monitor and prevent this scenario from happening?

Fire-Drills Lead to a Confident Response

At the conclusion of this fire-drill, your team is ready, energized, and have the tools that they need to make sure that they can respond to that privacy and security breach as quickly as possible. This absolutely is a great investment in your time. These table-top privacy breach fire drills are a great demonstration of your commitment as an organization to ensure that you are protecting the privacy confidentiality and security of health information.

I hope that this privacy tip to help you do your tabletop privacy and security breach fire drills will be a value to your organization.

Listen to the podcast HERE!

Do you need help to create your privacy breach management plan – and a mentor to help you get it done?

Check out the 4 Step Response Plan – tips, tools, templates, and training to help you create your privacy breach management plan!

4 Step Response Plan

*Reference:

Saskatchewan IPC finds ransomware attack results in one of the largest privacy breaches in this province involving citizens’ most sensitive data. January 8, 2021 – Ron Kruzeniski, Information and Privacy Commissioner. https://oipc.sk.ca/saskatchewan-ipc-finds-ransomware-attack-results-in-one-of-the-largest-privacy-breaches-in-this-province-involving-citizens-most-sensitive-data/

fire drill, healthcare, privacy breach, privacy officer, privacy officer training, privacy training, table-top privacy breach fire drill

Do You Want To Be A Confident Healthcare Privacy Officer?

Posted on February 9, 2021 by Meghan in Blog

What Is a Privacy Officer?

A privacy officer is a key employee in a healthcare organization who is named by the healthcare provider (custodian) and assigned the responsibility to oversee all activities related to the implementation of, and adherence to, the organization’s privacy practices, and to ensure operational procedures are in compliance with relevant privacy laws. The Privacy Officer monitors employees and systems about how information is collected, used, and disclosed and access to identifying information.

A privacy officer may be known by other titles like privacy compliance officer or a security officer.

If your healthcare business involves the collection, use, and disclosure of your clients' and patients’ personal health information, a privacy officer is necessary in order to meet legislated requirements.

If You Don't Have a Privacy Officer

Healthcare practices without a privacy officer often experience confusion about how patients’ personal health information should be collected, used, and disclosed. Patients may complain about lack of access to their personal health information. Without a named privacy officer to assume the responsibility to implement and monitor reasonable administrative, technical, and physical safeguards you are more likely to experience privacy and security incidents, privacy breaches, investigations, fines, and charges under the privacy legislation!

Here are some examples of what can happen if you don’t have a privacy officer:

  • In 2019, the British Columbia Office of the Information and Privacy Commissioner (OIPC) conducted a privacy audit of 22 medical clinics. OIPC auditors examined 22 clinics and found gaps in privacy management programs at several clinics, including the absence of a designated privacy officer, a lack of funding and resources for privacy and a failure to ensure that privacy practices keep up with technological advances.
  • A complaint was made against a medical clinic with an employee suspected of accessing health information for an unauthorized purpose. The Alberta OIPC investigated and revealed confusion around the roles and responsibilities of privacy compliance among the custodians and the privacy officer. The OIPC determined that the custodian was in contravention of the regulation which requires custodians to ensure that their affiliates are aware of and adhere to the all of the custodian’s administrative, technical, and physical safeguards with respect to health information. (See Do You Know Where Your Policies and Procedures Are?)
  • Employees are not aware of privacy requirements and engage in snooping into personal health information. Consequences of employee snooping include firing, charges under the Health Information Act and court ordered fines, jail time, probation, community service and more. (See Snooping Conviction Earns 3 Years Probation )
Say No to Snooping

Roles and Responsibilities

So, what does a privacy officer do? The roles and responsibilities of a privacy officer in a typical healthcare practices include the following:

  • Identify privacy compliance issues for the business.
  • Ensure privacy and security policies and procedures are developed and keep them up to date.
  • Ensure that everyone working at your clinic and your vendors are aware of their privacy obligations.
  • Monitor your clinic's ongoing compliance with privacy legislation like the Health Information Act (HIA) in Alberta.
  • Provide advice and interpretation of related legislation for the business.
  • Respond to requests for access and corrections to personal information.
  • Ensure the security and protection of personal information in the custody or control of the business.
  • Act as the primary point of privacy and access contact for staff, patients, vendors, regulators and other stakeholders.

#Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed. Click to Tweet

Get the Practice Management Success Tip, Privacy Officer Job Description Template.

 

Who Should Be The Privacy Officer?

The custodian or the healthcare provider is, by default, the privacy officer. Alternatively, the custodian may designate a responsible affiliate for the purposes of the privacy legislation and given the title of Privacy Officer. In some practices, you may have co-privacy officers or, in practices with multiple locations, a privacy officer at each location.

In small practices, the clinic manager or practice manager is often named the privacy officer. In larger practices, an individual may be given the role and responsibilities of a privacy officer on a full-time basis.

The privacy officer should be in communication with both management and planning decision makers and the front-line staff who collect, use, disclose and provide access to personal health information (PHI).

Who Should A Privacy Officer Report To?

The privacy officer must report to the healthcare provider and custodians in the practice. They may also report to the clinic manager, business manager, or other senior management position.

In practices that are heavily dependent on computer network and medical devices technology, there may be both a privacy officer and a security officer. The security officer typically is focused on intrusion protection and detection and related technology safeguards. The privacy officer is more focused n the collection and use of disclosure of PHI.

What Should Privacy Officer Training Include?

The privacy officer role is challenging yet rewarding. Training should include privacy legislation awareness, privacy awareness, privacy management best practices, privacy breach management, risk assessment and mitigation, reasonable safeguards assessment and implementation. In addition, privacy officers may also learn how to complete a privacy impact assessment.

Training for privacy officers can include formal academic programs (U of A), sessional (CHIMA, Practical Privacy Officer Strategies), supported by professional associations (PACC), and/or self-directed learning including review of resources provided by regulators (like the OIPC) and ministry of health.

Many privacy officers in small healthcare practices have other roles – as a clinic manager, healthcare provider, computer network technician, or business owner. It is little wonder that new privacy officers can feel overwhelmed when trying to balance these responsibilities each and every day.

You may be missing the systems to monitor routine tasks that will protect privacy and alert you to potential problems before they become privacy and security incidents.

Bottom Line: If you are spinning your wheels trying to figure out how to get started, it will cost you time, money, and frustration!

Which means you never get around to implementing a robust privacy management program.

If you are a privacy officer in a healthcare practice who needs practical privacy management strategies to protect your patients and your healthcare business but can't figure out how to get started, here's the solution you've been looking for.

Introducing Practical Privacy Officer Strategies!

In this Practical Privacy Officer Strategies course, you will discover the three steps that you can do now to become a confident privacy officer, protect your patients, and your healthcare business.

Register now – and start your journey to become a confident privacy officer!

Online Course with 5 Live Training Sessions

June 3

June 8

June 10

June 14

June 17

 

Registration Now Open!

Learn more about the course and register HERE!

The online Privacy Officer course includes:

  • 5 Modules each with live 1 hour on-line training with Jean (and the replays, too!)
  • Health information privacy principles and legislation
  • Introduction to the purpose of a privacy management program
  • Introduction to the purpose of a privacy awareness training program
  • Introduction to the purpose of a privacy breach management program
  • Roles and Responsibilities of a Privacy Officer
  • Healthcare privacy officer job description template
healthcare, healthcare privacy officer, HIA, privacy officer, privacy officer training, webinar

How to Manage a Privacy Breach with Confidence

Posted on January 12, 2021 by Jean Eaton in Blog, Services, Training, Upcoming events/workshops

How to Manage a Privacy Breach with Confidence

The new mandatory privacy breach notification provisions to the Health Information Act (HIA) takes effect on August 31, 2018.

Custodians will be required to notify the Office of the Information and Privacy Commissioner (OIPC) and the Minister of Health, privacy breaches with risk of harm.

If you haven’t updated your privacy breach management policy, trained your staff, and prepared your reporting procedures yet, let me help you with done-for you templates and training!

If you're a healthcare practice manager, owner or privacy officer who really needs to know how to respond to a privacy breach but doesn't have a step-by-step plan ready to implement, then here's the answer you've been looking for…

Introducing the “4 Step Response Plan” on-line education with quick and helpful content so that you will properly manage a privacy breach. This is critical to the continued success of your business.

Privacy Incidents Happen!

60% of small and medium business owners go out of business within 6 months after a privacy and security breach. Patients, clients, employees and business partners trust you to keep their private and sensitive information confidential and secure.

Mandatory privacy breach reporting is quickly becoming a legislated requirement – and many businesses are not prepared!

Not recognizing and not notifying a privacy breach quickly and properly could result in fines and even jail time for the business, healthcare provider, employee, or vendor!

Learn NOW how to respond a privacy breach – Don’t get caught scrambling when a privacy breach happens.

The biggest mistake in managing a privacy breach is not recognizing the privacy breach.

The second biggest mistake is not knowing what to do about it.

Many healthcare practice managers, owners and privacy officers can’t get past the idea that simply hoping that you won’t have a privacy breach is not a good business strategy!

But nothing could be further from the truth!

What people are saying about the ‘4 Step Response Plan’

Well it happened! We recently had a privacy breach. It was an ‘oops’ but never the less a privacy breach. I had started the 4 Step Response Plan – Prevent Privacy Breach Pain but thought I had time to go through it. Unfortunately not. Your course has been a godsend with all the information and forms that I need to work through this privacy breach and notifying process.  Nancy D

Results Oriented Learning

The 4 Step Response Plan will help you with prevent privacy breach pain and give you the tips, templates, training, and tools that you can use right away to prepare your privacy breach response plan:

Learn to

  • Recognize a privacy breach.
  • Understand why a privacy breach is a significant problem.
  • Understand the cost of a privacy breach and why you need to be prepared now.
  • Use the 4 Step Response Plan to develop a privacy breach management plan.
  • Prevent a privacy breach from happening again.

… and much, MUCH more!

When you have a privacy breach you must recognize the breach, contain it, notify the affected individuals, and prevent it from happening again. When you have this plan you will have confidence that you have identified and managed your areas of risk and dramatically reduce the risk of a privacy breach. Your staff will recognize a privacy breach early and respond quickly. You will manage the breach with minimum of risk to your patients, clients, and your practice.

In the world of privacy breaches ‘If’ has become ‘When’. Will you be ready?

4 Step Response Plan

 

The 4 Step Response Plan includes

  • 6 interactive lessons
  • 60 minute training webinar
  • Video introduction to each lesson
  • Template policies and procedure NEW! Updated Privacy Breach Management Policy
  • Scenarios and examples
  • Downloadable resources, checklists and templates New! Privacy Breach Reporting Form to make it easy for you to meet your notification requirements.

 

BONUS – Discussion Group (not Facebook!)

Exclusive to registered participants – collaboration with others to help you solve problems and Jean will be there to answer your questions and encourage your progress.

 

BONUS – Q&A With Jean 

Monthly incident response training using recent real-world reported privacy breaches and mentoring with live Q&A with Jean to help you overcome obstacles so that you can get your privacy breach management plan finished!

 

BONUS – Privacy Breach Awareness Training for YOUR Employee’s Orientation

  • Video (8 min) – “Can You Spot the Privacy Breach?”
  • Learning Resources Guide to download
  • Post Test
  • Certificates of Completion

This on-line education program may be eligible for Continuing Professional Development credits with your professional association.

 

Self-paced And Self-learning – All Lessons Are Available Right Away – No Waiting To Get The Content That You Need Most! 

Privacy Breach 4 Step Response Plan Purchase

Get Started Right Now!

Not having your privacy breach management policies and procedures in place will

  • make it harder to respond to a privacy breach
  • mis steps – opens you up to fines, sanctions, and re-work that will cost you time and money
  • blind-sided by mandatory privacy breach reporting requirements

So if you’re a privacy officer, practice managers, healthcare providers, or a clinic manager who needs to know how to respond to a privacy breach but doesn't have a step-by-step plan ready to implement you need to act on this right now.

When you have your privacy breach response plan in place you will have confidence that you are prepared to respond to the breach with confidence.

Get the step-by-step help to customize your policies and training and

  • You will save time and save money.
  • Your staff will recognize a privacy breach early and respond quickly.
  • You will respond to the breach with a minimum of risk to your patients, clients, and your practice.

 

Click the Button Below to Get Started Right Away!

Purchase 4 Step Response Plan

  • You will be re-directed to Stripe to make your purchase by credit card or debit.
  • Your receipt will indicate payment has been made to Information Managers Ltd.
  • Your confirmation and receipt will be provided to the email address that you complete your registration.
  • Use your best email address – you don't want to miss access to all the resources!

 

 

What people are saying about the ‘4 Step Response Plan’


Jean L. Eaton Your Practical Privacy Coach

 

Jean L. Eaton, BA. Admin (Healthcare) CHIM, CC is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal information, particularly in primary health care settings.

Jean provides solutions that are practical and effective for today’s healthcare providers so they can implement privacy by design and best practices to protect privacy, confidentiality, security of personal information.

Jean specializes in making practical recommendations for 1000’s of independent health care providers and comply with privacy legislation while improving efficiency in their practice management. Jean is a consultant and speaker on the topic of privacy breach management, including ‘virtual privacy officer’ on demand.

She is the privacy awareness training facilitator to hundreds of medical clinics and healthcare practices and organizations that support independent healthcare businesses and privacy officers across Canada and the US. With over twenty years of experience, I have the knowledge and tools to help your business improve your information privacy practices.

I’m delighted to share this with you now in this course.

So go ahead, click the order button right now and you're well on your way to privacy breach management plan success!

 

Here Is My Personal Guarantee

 

Email Jean with your questions.

 

Jean L. Eaton is the host of the Privacy, Confidentiality and Security Workshops for Your Healthcare Practice © series.

4 Step Response Plan, incident response, online education, prevent privacy breach pain, privacy breach, privacy officer training, training

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course

Posted on October 28, 2020 by Jean Eaton in Services, Training

Do you need a Privacy Impact Assessment?

Or do you need to amend an existing PIA?

Privacy Impact Assessments are just one of the requirements you need in order to fulfill your obligations in Alberta’s Health Information Act (HIA) and other legislation and are an important aspect of developing privacy best practices in your office.

And a little help along the way is always a good thing.

Practical Privacy Coach, Jean  L. Eaton of Information Managers, is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal and health information, particularly in primary health care settings. Jean has helped hundreds of healthcare providers, vendors, and health and social service delivery organizations and associations complete their Privacy Impact Assessment which have been successfully accepted by organizations' management and regulators. Jean has customized and delivered privacy training programs for privacy officers, records management professionals, implementation teams, and healthcare providers across Canada and the US.

Now you can have access to five modules to help you learn everything you need in order to complete your own PIA.

     

**** New PIA Amendment Track ****

Each module includes a video training, as well as templates, tools, resources and case studies to build on in each lesson. You can use this scenario to guide you through the PIA process in healthcare. If you work in healthcare or privacy or records management and need to do a PIA, this e-course is for you.

 

You need a Privacy Impact Assessment when

  • You  are opening a new clinic or establishing a new health services program.
  • You are changing administrative procedures or technology equipment, services, or vendors
  • You are changing how you collect and use personal information,
  • You are implementing or changing an Electronic Medical Records (EMR)
  • You are sharing health information with another healthcare provider, organization, Primary Care Network or other health program.
  • You want to prevent a privacy breach,
  • You have a Privacy Impact Assessment that was written more than 2 years ago (It is time to review and update this!)

 

If you are a healthcare provider, practice manager, and you need your first Privacy Impact Assessment, this e-course is for you

Are you in a group or solo practice with direct patient care, for example:

  • Physician
  • Pharmacist
  • Registered nurse
  • Optometrist or optician
  • Chiropractor
  • Physiotherapist
  • Midwife
  • Podiatrist
  • Dentist, dental hygienist or denturist
  • Audiologist
  • Mental health practicitioner
  • Laboratory, x-ray, and imaging technician
  • Paramedic

A PIA should be as common place to a healthcare practice as a business plan is to a business. BUT most healthcare practices don’t know this and often don’t know that a PIA is  usually part of their professional college requirements and often even a legislated requirement! Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by completing a PIA.

If your Privacy Impact Assessment was written more than 2 years ago this e-course is for you

The Clinic Manager and Physician Lead and Privacy Officer  must ensure its content is updated to reflect the current state of administrative, physical and technical controls.

BONUS! Checklist to update your PIA to meet recent changes to Alberta's Netcare Portal. If your practice has completed a PIA and now you need to update the PIA, you receive a checklist of items that you need to consider to refresh your PIA.

 

If you a vendor that supports healthcare practices this e-course is for you

BONUS! One hour tele-consult with Jean, “Create a branded Privacy Impact Assessment Readiness Package”. Jean will work individually with you to review your documentation and coach you on how to prepare the package to give to healthcare practices.

BONUS! Vendor PIA live webinar includes Vendor non-disclosure agreement, Information Manager Agreement, GAP Analysis, Computer Network Narrative templates.

 

Jean has helped hundreds of physicians, chiropractors, pharmacists, and other healthcare providers complete their Privacy Impact Assessment. She has visited hundreds of practices across Canada. But time and geography limit my ability to visit each healthcare practice that needs a PIA. That's why I developed this on-line interactive course to help you learn everything you need in order to review, amend, or create your own PIA. Each module includes a video training as well as templates, tools, resources and two common case studies to build on each week. You can use these scenarios to guide you through the PIA process.

You know your practice better than anybody else. If you had the right tools, at the time most convenient for you and a mentor to help you, you can develop good office practices, meet legislated and college requirements, and successfully complete your Privacy Impact Assessment requirements.

Using a Webinar on-line interactive program, you will get great content and mentoring from Jean Eaton and once a month during the Q&A live training webinars. Learn the PIA process with these modules.

The modules include:

Module 1:

PIA to Protect Your Practice, Your Assets, and Your Patients

 

Module 2:

Information Flows–-the Foundation of Your PIA

 

Module 3:

Risk Analysis and Mitigation Strategies

 

Module 4:

PIA Format - Pulling it All Together

 

Module 5:

Complete Your PIA Submission

BONUS Module 6:

Create a Branded Privacy Impact Assessment Readiness Package

The replays, tools, and resources will be available to you right away.

If you are new to this field, I suggest that you first register for Privacy Awareness in Healthcare: Essentials to master the key definitions and concepts.

Corridor_Privacy_Awareness_In_Healthcare_banner

Privacy Awareness in Healthcare: Essentials

 

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments –

A Complete Step-by-Step Course

5 Core Modules, Templates, Training, and Tools to Get Your PIA Done!

Monthly Live Q&A Training Webinars

$450.00 (plus GST)

Purchase e-course

 

You will get

  • Learning Resource Guide for EACH module – how-to explanations, templates, and resource lists
  • Checklists to help you plan your PIA
  • MindMap of the entire PIA process
  • PIA project plan timeline templates
  • Checklists of  personal and health information privacy and security policies that you need in your practice
  • Many examples of projects in medical, dental, chiropractic and more practices including new PIA project and PIA amendments.
  • Explanation and real-life examples of key terms that you need to know and include in your PIA
  • Strategies and templates of risk management assessments that you can customize
  • This E-course might qualify for CPE credits, too!

 

BONUS!  Monthly live Q&A webinar training with Jean to help you get un-stuck with your PIA.

BONUS! Checklist to update your PIA to meet recent changes to Alberta's Netcare Portal.

BONUS! Private discussion group with other registered participants of this course to network and support each other on your PIA journey and continue to help you after this course closes.

BONUS! Regular updates of privacy resources and templates that you can use.

 

If you hired a consultant to do the work of the PIA process for you it may cost you as much as $3,000!

And then…when the consultant is done, they take their knowledge out the door with them.

Invest only $450 in this course and you'll have what you need to do your first PIA project today…and every project in the future!

Jean Introduction Ecourse PIA (1)

I had the pleasure of working alongside Jean to develop a PIA for my Dental Office. I could not have completed this document without her. She was there to help me every step of the way. Her online course made it easy to communicate with her as well as having so many resources to use that were so helpful. Each Module had videos to watch that explained step by step what needed to be done. The PIA document is a lot of information to put together and if it's not enough information on its own, you also need to develop a policy and procedures manual. Jean has developed an amazing resource for this manual that was very user friendly and made a 300 page manual a lot more attainable than creating it on your own. I highly recommend taking Jean's PIA course and having her help throughout the process!”

~~Lindsey Cave, Office Manager, Orion Dental Group

 

What people are saying about our PIA e-courses and in-person workshops:

Q: What did you learn from this workshop?

Participant's Responses:

  • Understanding of need / use of Information Management Agreement's and an ‘Evaluation” agreement.
  • Lots – when / how to make amendments.
  • Compliance / requirements of PIA and their purpose.
  • PIA information; agreements, updating.

 

Q: What do you feel was the biggest benefit to attending this workshop?

Participant's Responses:

  • Understanding a PIA.
  • Having a better understanding of PIA's and everything included in requirements.
  • Gain a better overview of my PIA and what I need to add; organizational strategy.
  • Clear vision of work to be done.

“When Jean told us about the Protest Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments E-course and explained how the course will help us better understand the Health Information Act, our responsibilities as healthcare providers and our relationship with our vendors and partners, I signed up right away! Thanks again – it is no doubt that we have hitched our wagon to a shining star.”
~~Bill Stowe, Business Manager Synergy Respiratory & Cardiac Care

“This was my first ever time I had to work on a PIA and I was a little nervous about doing it efficiently – but you really made it as simple and straight forward as possible. Thank you for being available for my questions when I had them. I would easily recommend Privacy Impact Assessments to Protect Your Practice course for anyone to do their own PIA's! Thank you so much!”
~~Karen Sarabura, Clinic Manager and Privacy Officer, CGA Medical Imaging, Alberta

“I attended the Privacy Impact Assessment Walk-through workshop (for ARMA members). Jean shared resources and on-going networking opportunities. The biggest benefit to me is to know that there is help out there in moving forward with our Privacy Impact Assessment responsibilities.”
~~Ellen Sauvé, Parkland County

Comments from other E-course participants:

“Learning about how all the information gathering systems interact was the most valuable part of this workshop”

“Excellent presenter – variety of learning opportunities.”

“Jean is an excellent speaker and I enjoyed the audio seminar you gave today and I learned a lot from your seminar.”
~~Annette T (AHIMA webinar, Three Mistakes in Managing a Privacy Breach”)

“Jean Eaton is one of those ‘critical suppliers' you keep in your email contacts list, no matter what company you manage. She really knows her stuff and delivers prompt, accurate information on time. Her courses are interesting, informative, and I like the opportunity to meet with classmates who have similar challenges.”
~~Kevin Morris, Shape MD, Team Leader/Office Manager

 

Buy e-course

In-Person Workshops Are Now Available 

Are you a hands-on kinda person?

Are you more likely to get things done when you schedule your time for a working meeting?

Would you like help to kick-start your PIA amendment and review with other like-minded clinic managers and privacy officers?

PIA Amendment Workshops are available. Send a request to me and let's set up a workshop near you! You also get full access to the on-line course to support you after the workshop.

 

 

Not sure if the E-course is for you?

Jean will answer your questions in the free webinar, 

 

Prevent Big Fines (or Worse!) for Your Healthcare Practice

How to Plan a Privacy Impact Assessment for Your Healthcare Practice

with Jean L. Eaton
Replay Recorded Live

This webinar is for Privacy Officers, Clinic Managers, Practice Managers and anyone else responsible for doing a PIA.

You will learn what is getting in your way of getting your PIA done!

In this free webinar, you will learn:

  • 5 Manageable Steps of every PIA
  • 3 Biggest Myths about PIA’s that is preventing you from completing your PIA
  • Questions Privacy Officers, Clinic Managers, Practice Managers and Healthcare providers should ask about PIA’s but don’t
  • Biggest fears about doing a PIA and how you can kick it to the curb so that you can finally get it done

Join us for the webinar so that you can plan your PIA for your healthcare practice!

Sign me up for this FREE webinar

Get Free Access Now Arrow

Please provide your email address below and you will be re-directed to the webinar replay right away.

Check your email in-box to confirm your registration!

 Along with your webinar registration, you will also benefit from the occasional Privacy Nugget tips by email of similar privacy resources and articles that you can use right away!

 

Alberta, amendment, breach, employee training, ePIA, ePrivacy, Health Information Act, healthcare, HIA, PIA, PIA process, Practical Privacy Coach, Privacy Impact Assessment, privacy officer training, templates

Meeting Leadership Podcast – Why Leaders Should Understand Privacy

Posted on September 2, 2019 by Jean Eaton in Blog

I'm tickled pink to be a guest on the 5 minute podcast with Gord Sheppard!

Meeting Leadership Podcast – Learn How To Become An Outstanding Leader Who Runs Highly Effective Meetings

On the podcast, we talked about What Leaders Need To Know To Start a Privacy Program.

Here’s a summary of our discussion.

Train Your Team About Privacy And Security

You must train your team about privacy and security in your practices.

Let me use an example. A business in Alberta had a privacy program in place in 2013. In 2018 they experienced a privacy breach where an employee was snooping and got caught. When the Commissioner's office did the investigation, nobody in that practice, nobody in that business could find the policies and procedures that they had in place in 2013. The staff told the investigator that they hadn't received any training since that time. (See the article, “Do You Know Where Your Policies Are?”)

We need to make sure that we're providing privacy and security training on a regular basis, not just on orientation. You need to keep privacy and security top of mind.

Privacy Is An Investment That Will Save You Money

Privacy awareness training and proper policies and procedures is an investment and it is part of your operating costs. It will also save you time and money by avoiding re-work and re-training. When you have  good policies and procedures in place and you're making the right decisions, you're avoiding all sorts of other costs about fines, a bad reputation, poor customer service. When you build that into your practice, you're going to reap the rewards about having an efficient practice and making sure that you're meeting all those requirements.

The Benefits Of Naming a Privacy Officer

Every business needs to have a privacy officer in your organization. This is somebody that you have assigned with the responsibility to make sure that there's a privacy management program in place. Now, not all privacy officers need to know everything. They do need to know those important questions and they need to know how to make it practical for your business.

Stay tuned for an announcement about the new course, The Practical Privacy Officer starting in September.

When You Understand Privacy, You Make Better Business Decisions!

When you have good privacy practices in your business, you will make sure to also select the best vendors who can work with you that also demonstrate their knowledge and support about privacy practices. You can build privacy practices into your business contracts and your agreements. This will also help you to grow your business reputation and attract better business partners and business suppliers and better clients and customers for your organization.

I've put together a checklist for you about the 10 Key Steps To Prevent A Privacy Breach.

Download the checklist and make sure that you implement these best practices in your business.

10 Key Steps To Prevent a Privacy Breach

Meeting Leadership Podcast

Learn How To Become An Outstanding Leader Who Runs Highly Effective Meetings – Daily Episodes –  in just 5 minutes!
Poor communication is bad for business. At Meeting Leadership Inc. we take a unique approach to helping you learn how to communicate more effectively. First we help you turn your meetings into highly productive events that drive your organization strategy. Then we empower you with the ability to use online education to tell your story to the most important people in your world.

Check out the Meeting Leadership Podcast here!

 

leaders, Meeting Leadership Podcast, privacy breach, privacy management, privacy officer, privacy officer training, privacy program

2014 PIPA Connections Conference

Posted on October 16, 2014 by Jean Daffin in Blog, Past Events

PIPA came into effect in January of 2004 for both Alberta and British Columbia, marking 2014 as the official 10 year Anniversary of the Personal Information Protection Acts! Join your fellow privacy colleagues for Western Canada's premiere privacy-related event for businesses and non-profit organizations!

November 13 and 14, 2014

Calgary Alberta

The focus for this year’s event is on practical, real-world problems and solutions on managing personal information in the electronic age.

Whether you have a detailed compliance program, are in the middle of implementing one, or you are just getting started, this is a one-of-a-kind learning opportunity.

Jean Eaton, Information Managers will be presenting on November 14th on ‘How to easily develop your own in-house privacy & security education program.”

For more information visit http://www.privacyconference.ca/  Presented by Verney Conference Management. Early bird registration special pricing closes October 17.

best practice, PIPA, Practice Management Mentor, privacy, privacy officer training, security

Risky Business: Embracing Privacy & Data Governance in a Hostile World

Posted on August 24, 2014 by Jean Eaton in Archive

National Privacy & Data Governance Congress

October 15-17, 2014
• Calgary • Alberta • Canada •

Congress 2014 early bird rates extended to September 5, 2014.

The National Privacy and Data Governance Congress brings together privacy,

security, resilience, compliance and data governance professionals — to get a

broader view of the intersections between their respective areas of expertise.

General and niche educational plenary, workshop and breakout sessions will be

longer than usual, and presentations will be shorter — so that there will be plenty of

time for delegates to pose questions, get answers, and engage in meaningful

conversations with presenters, colleagues, and decision makers.

See National Privacy and Data Governance Congress for more information and to

register.

PACC logo

Presented by Privacy & Access Council of Canada. PACC is an educational and

professional membership organization of privacy professionals.

This event qualifies for CPE Credits applicable toward PACC certification

PACC Members are entitled to a discount when registering to attend.

#PACCCongress, @PACC_CCAP, privacy, privacy officer training

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"The information in the Privacy Awareness In-Service Training had lots of useful and valuable information."

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2020 Information Managers Ltd.