Do You Want To Be A Confident Healthcare Privacy Officer?

Posted on January 17, 2022 by Meghan in Blog

What Is a Privacy Officer?

A privacy officer is a key employee in a healthcare organization who is named by the healthcare provider (custodian) and assigned the responsibility to oversee all activities related to the implementation of, and adherence to, the organization’s privacy practices, and to ensure operational procedures are in compliance with relevant privacy laws. The Privacy Officer monitors employees and systems about how information is collected, used, and disclosed and access to identifying information.

A privacy officer may be known by other titles like privacy compliance officer or a security officer.

If your healthcare business involves the collection, use, and disclosure of your clients' and patients’ personal health information, a privacy officer is necessary in order to meet legislated requirements.

If You Don't Have a Privacy Officer

Healthcare practices without a privacy officer often experience confusion about how patients’ personal health information should be collected, used, and disclosed. Patients may complain about lack of access to their personal health information. Without a named privacy officer to assume the responsibility to implement and monitor reasonable administrative, technical, and physical safeguards you are more likely to experience privacy and security incidents, privacy breaches, investigations, fines, and charges under the privacy legislation!

Here are some examples of what can happen if you don’t have a privacy officer:

In 2019, the British Columbia Office of the Information and Privacy Commissioner (OIPC) conducted a privacy audit of 22 medical clinics. OIPC auditors examined 22 clinics and found gaps in privacy management programs at several clinics, including the absence of a designated privacy officer, a lack of funding and resources for privacy and a failure to ensure that privacy practices keep up with technological advances.
A complaint was made against a medical clinic with an employee suspected of accessing health information for an unauthorized purpose. The Alberta OIPC investigated and revealed confusion around the roles and responsibilities of privacy compliance among the custodians and the privacy officer. The OIPC determined that the custodian was in contravention of the regulation which requires custodians to ensure that their affiliates are aware of and adhere to the all of the custodian’s administrative, technical, and physical safeguards with respect to health information. (See Do You Know Where Your Policies and Procedures Are?)
Employees are not aware of privacy requirements and engage in snooping into personal health information. Consequences of employee snooping include firing, charges under the Health Information Act and court ordered fines, jail time, probation, community service and more. (See Snooping Conviction Earns 3 Years Probation )

Roles and Responsibilities

So, what does a privacy officer do? The roles and responsibilities of a privacy officer in a typical healthcare practices include the following:

Identify privacy compliance issues for the business.
Ensure privacy and security policies and procedures are developed and keep them up to date.
Ensure that everyone working at your clinic and your vendors are aware of their privacy obligations.
Monitor your clinic's ongoing compliance with privacy legislation like the Health Information Act (HIA) in Alberta.
Provide advice and interpretation of related legislation for the business.
Respond to requests for access and corrections to personal information.
Ensure the security and protection of personal information in the custody or control of the business.
Act as the primary point of privacy and access contact for staff, patients, vendors, regulators and other stakeholders.

#Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed.

Get the FREE Practice Management Success Tip, Privacy Officer Job Description Template.

Who Should Be The Privacy Officer?

The custodian or the healthcare provider is, by default, the privacy officer. Alternatively, the custodian may designate a responsible affiliate for the purposes of the privacy legislation and given the title of Privacy Officer. In some practices, you may have co-privacy officers or, in practices with multiple locations, a privacy officer at each location.

In small practices, the clinic manager or practice manager is often named the privacy officer. In larger practices, an individual may be given the role and responsibilities of a privacy officer on a full-time basis.

The privacy officer should be in communication with both management and planning decision makers and the front-line staff who collect, use, disclose and provide access to personal health information (PHI).

Who Should A Privacy Officer Report To?

The privacy officer must report to the healthcare provider and custodians in the practice. They may also report to the clinic manager, business manager, or other senior management position.

In practices that are heavily dependent on computer network and medical devices technology, there may be both a privacy officer and a security officer. The security officer typically is focused on intrusion protection and detection and related technology safeguards. The privacy officer is more focused on the collection and use of disclosure of PHI.

What Should Privacy Officer Training Include?

The privacy officer role is challenging yet rewarding. Training should include privacy legislation awareness, privacy awareness, privacy management best practices, privacy breach management, risk assessment and mitigation, reasonable safeguards assessment and implementation. In addition, privacy officers may also learn how to complete a privacy impact assessment.

Training for privacy officers can include formal academic programs (U of A), sessional (CHIMA, Practical Privacy Officer Strategies), supported by professional associations (PACC), and/or self-directed learning including review of resources provided by regulators (like the OIPC) and ministry of health.

Many privacy officers in small healthcare practices have other roles – as a clinic manager, healthcare provider, computer network technician, or business owner. It is little wonder that new privacy officers can feel overwhelmed when trying to balance these responsibilities each and every day.

You may be missing the systems to monitor routine tasks that will protect privacy and alert you to potential problems before they become privacy and security incidents.

Bottom Line: If you are spinning your wheels trying to figure out how to get started, it will cost you time, money, and frustration!

Which means you never get around to implementing a robust privacy management program.

If you are a privacy officer in a healthcare practice who needs practical privacy management strategies to protect your patients and your healthcare business but can't figure out how to get started, here's the solution you've been looking for.

Introducing Practical Privacy Officer Strategies!

On-line training to help you:

Daily, weekly, monthly, and annual privacy tasks that make sense for your healthcare practice, that you understand, and that you can implement.
Promote a culture of privacy compliance.
Confidence in your role and responsibility as a privacy officer.
Gain confidence in your understanding of the Health Information Act and other privacy legislation.

In this Practical Privacy Officer Strategies course, you will discover the three steps that you can do now to become a confident privacy officer, protect your patients, and your healthcare business.

Register now – and start your journey to become a confident privacy officer!

Practical Privacy Officer Strategies

Online Course with 5 Live Training Sessions:

Next intake will be in September 2022.

The online Privacy Officer course includes:

5 Modules each with live 1 hour on-line training with Jean (and the replays, too!)
Health information privacy principles and legislation
Introduction to the purpose of a privacy management program
Introduction to the purpose of a privacy awareness training program
Introduction to the purpose of a privacy breach management program
Roles and Responsibilities of a Privacy Officer
Healthcare privacy officer job description template

healthcare, healthcare privacy officer, HIA, privacy officer, privacy officer training, webinar

Release Of Information In Your Healthcare Practice

Posted on July 13, 2021 by Meghan in Blog

Release Of Information In Your Healthcare Practice

Individuals have the right to access information about themselves and to request that their information be shared to others. We have a duty to assist individuals when they make these requests. Custodians have an obligation to receive and process these release of information requests promptly, consistently and correctly.

How we respond to patients request about their personal information is a key opportunity to further develop a relationship with our patients and their family.

Access and disclosure processes are regulated requirements that we must understand and follow.

Release of Information Workshop

In this 45-minute workshop, we will review:

Health privacy legislation as it relates to consent to collect personal information
Procedures for access and disclosure requests
Release of Information models, including centralized and decentralized models
Release of Information tools, including disclosure logs and EMR indexing
What is valid consent?
What are disclosure notations?

We will also go over common Release of Information scenarios that you will likely encounter in your healthcare practice, including:

Patient requests a copy of their own information
Parent requests a copy of their young child’s information
Patient requests a copy of their information to be sent to another physician / healthcare provider
Patient requests a copy of their information to be sent to someone else

Join us on Thursday, July 22

12:00pm Noon Mountain

Release of Information For Your Healthcare Practice

Register for Your FREE LIVE* Workshop

*Even if you can't attend live, register now to get access to the limited time replay and resources!

Yes! I want to attend the workshop

Learning Objectives:

Understand the difference between access and disclosure requests
Describe the difference between access and disclosure requests
Explain the routine steps to process an access request
Explain the routine steps to process a disclosure request

This Workshop Includes:

Live on-line training
Q&A with Jean Eaton, Your Practical Privacy Coach when you join the webinar live
Access to the replay for a limited time
Learning Resources Guide

What's in the Learning Resources Guide?

Collection notices
Access request / consent
Authorization to request information from another physician
Access checklist
Disclosure checklist

Yes! I want to attend the workshop

Who Should Attend?

If you collect health information from your patients you need consistent, efficient, procedures to provide patients access to their own information and disclose it to other people with the patients’ consent.

If you are a release of information clerk, medical office assistant, receptionist, clinic manager, or privacy officer in a community based healthcare practices – medical, dental, pharmacy, optician, chiropractic, physiotherapy, counselling – then you should register for this free live workshop!

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

disclosure requests, healthcare, patient access requests, patient release of information, privacy officer, release of information

Do You Need to Build A Privacy Awareness Training Plan for Your Healthcare Practice?

Posted on April 22, 2021 by Meghan in Blog

Do You Need to Build a Privacy Awareness Training Plan in your Healthcare Practice?

A practical privacy awareness training plan will save time for clinic managers, and it will manage risks with employee compliance and buy-in.

Build a privacy awareness training plan! Privacy awareness training is more than a checklist when new employees are hired.

As an employer and health care provider, you are responsible to provide training to all your employees about privacy awareness.

Your privacy officer should have direct involvement in the planning and monitoring of the privacy awareness training. The privacy officer may also:

Facilitate training opportunities
Develop / contribute to policies and procedures
Monitor for compliance
Provide instructions
Implement specific projects

If you don’t provide the training – and if your employees don’t understand the policies – and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

Protect your organization and your patients. Equip your staff with the information they need to confidently and correctly handle personal health information. Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Privacy Awareness Training Plan Workshop

Learn effective approaches to design and deliver an effective privacy awareness training plan for your healthcare practice.

Real-life scenarios and privacy breach offences demonstrate what can go wrong – and what you should do instead
How to manage employees who may not ‘get it'

In this 60-minute webinar, you will outline a privacy awareness plan for your practice.

Privacy Awareness Program Components
Supporting Privacy Awareness Training Policies and Procedures
Privacy Awareness Training Strategy
Privacy Awareness Training Models
How Do You Create Privacy Awareness Training Content?
Privacy Education Objectives
Audiences For Privacy Awareness Training Evaluation Methods
Monitoring / Compliance
Documentation

Join us on Thursday, May 6

12:00pm Noon Mountain

Build a Privacy Awareness Training Plan for Your Healthcare Practice

Register for Your FREE LIVE* Workshop

*Even if you can't attend live, register now to get access to the limited time replay and resources!

Yes! I want to attend the workshop

This Workshop Includes:

Live on-line training
Q&A with Jean Eaton, Your Practical Privacy Coach when you join the webinar live
Access to the replay for a limited time
Learning Resources Guide

Yes! I want to attend the workshop

Did you enjoy reading this article? You may also be interested in:

Do You Want To Be A Confident Healthcare Privacy Officer?

Keeping Privacy Active in the Minds of Clinic Staff

5 Low Cost Steps You Can Take to Prevent Employee Snooping

3 Parts to Every Privacy Awareness Training Plan

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

healthcare, privacy awareness, privacy awareness training, privacy awareness training plan, privacy officer, privacy training

Table-Top Privacy Breach Fire Drill

Posted on April 19, 2021 by Meghan in Blog

Use A Table-Top Privacy Breach Fire Drill to Protect Your Practice

A table-top privacy breach fire drill is a cost-effective way to prepare for a privacy and security incident in your healthcare organization. You should have a written privacy breach incident response plan in your healthcare practice. Have you practiced your response plan lately?

A table-top privacy breach fire drill allows your incident response team to rehearse their skills in a controlled exercise.

Do you remember your school days when every month or two you had a fire drill? The fire alarm would go off and everybody would go out the doors and very calmly go down the stairs and out the doors and into their muster point.

We take the same approach with privacy breach fire drills. Fires can happen at different times, places, and for different reasons. Whey you change the scenario, you develop alternate strategies or playbooks to best respond to the fire.

A privacy breach incident playbook contains all the actionable steps to take when a privacy beach incident occurs. Your playbook will have many ‘plays’ or actions to take when different types of privacy breach incidents occur. You could also think of it as a recipe book. You have many types of recipes to select from. Identify the ingredients that you have on hand (or the characteristics of the latest privacy incident) and select the most appropriate recipe to resolve the incident.

Healthcare providers, owners, and privacy officers hear about big privacy breaches on the news and hope it won’t happen to them. It keeps them up at night…because they know that properly preventing or managing a privacy breach is critical to the continued success of their business. Implementing a table-top privacy breach fire drill will help!

Picture this. You call a meeting of your incident response team. This may include your privacy officer, computer network support or managed services provider lead, physician, dentist, or other healthcare lead, your media spokesperson, and clinic manager. The privacy officer distributes a privacy breach incident scenario summarized on one page.

The team members read the scenario and then discuss what steps that they would take to respond to the privacy breach incident.

Using the 4 Step Response Plan as your playbook guideline, the incident response team note-keeper documents the hypothetical steps that the team takes to respond to the breach. Record the decisions, the resources, and the questions that you explore in this scenario.

When the table-top exercise is complete, you now have a detailed action steps that you can take when a similar privacy incident occurs in your healthcare practice.

How To Use The Table-Top Privacy Breach Fire Drill Technique

The goal of a privacy breach fire drill is to develop your playbook so you can spring into action when a similar privacy and security incident occurs in your healthcare practice.

First, identify a scenario that could happen in your practice. Unfortunately, it’s easy to find an example about a privacy and security breach in the news. Grab a privacy breach example and pull out the bits and pieces of the information that might apply to your organization. When you select scenarios that could happen in your organization the exercise is more meaningful for you, and you will develop tools and templates that are going to help you in the event that a very similar privacy and security incident happens in your organization.

Let’s use the recent privacy breach incident that came from the province of Saskatchewan* when a cybersecurity attack that happened in their E-Health system. This attack may have started when an employee who had authorized access to the e-health system used a personal tablet to connect with a USB to the Saskatchewan health authority’s computer. This enabled a virus from that personal tablet to infect the computer system and ultimately the e-health system, allowing millions of files to be stolen. Strip the example down to its key points. Create additional details and assumptions where needed to give the team members enough information to discuss the scenario during the fire drill exercise.

Step 1 Contain The Breach

The first step in every incident is to spot and stop the breach. Make an assumption that the employee who connected the personal device to your computer is now seeing that message on the screen that says that there's a virus in the system. One of your incident team members plays the role of the employee and completes Step 1 of the privacy breach incident response form and notifies their supervisor or the privacy officer.

Another team member assumes the role of the privacy officer and explains what their next action steps would be.

Record each action that you consider. Document each policy, resource, phone number and email address that you would use in a real event. This creates the action steps in your playbook.

Step 2 Evaluate the Risks

Discuss the risks that could affect the computer systems. What tools do you need to evaluate the harm of this incident? How might this affect patient care and the privacy of patient information?

Contact your vendors and ask them to contribute to the risk assessment in this scenario.

Who else might you want to call on for assistance to investigate this incident?

You might want to revisit the news item for additional information about the actions that were taken that you might also need to explore.

In your playbook, record good leading questions to help you to investigate the incident and evaluate the risks of harm.

Step 3 Notification

Strategize who you would notify about the incident. Prepare written notification to the custodians, patients, regulators and even media statements. These become templates in your playbook that you can quickly implement in your real event.

Role-play your media spokesperson being interviewed on the evening news. It’s much better to practice now, before you are in a crisis.

Step 2 Prevent the Breach From Happening Again

This might be the most valuable step in the privacy breach fire drill. Complete the privacy breach incident worksheet and summarize this practice scenario. Consider how likely this scenario could happen in your practice. What type of training could be done now to prevent this from happening? What tools or training do your incident response team members need today to make it easier for them to monitor and prevent this scenario from happening?

Fire-Drills Lead to a Confident Response

At the conclusion of this fire-drill, your team is ready, energized, and have the tools that they need to make sure that they can respond to that privacy and security breach as quickly as possible. This absolutely is a great investment in your time. These table-top privacy breach fire drills are a great demonstration of your commitment as an organization to ensure that you are protecting the privacy confidentiality and security of health information.

I hope that this privacy tip to help you do your tabletop privacy and security breach fire drills will be a value to your organization.

Listen to the podcast HERE!

Do you need help to create your privacy breach management plan – and a mentor to help you get it done?

Check out the 4 Step Response Plan – tips, tools, templates, and training to help you create your privacy breach management plan!

4 Step Response Plan

*Reference:

Saskatchewan IPC finds ransomware attack results in one of the largest privacy breaches in this province involving citizens’ most sensitive data. January 8, 2021 – Ron Kruzeniski, Information and Privacy Commissioner. https://oipc.sk.ca/saskatchewan-ipc-finds-ransomware-attack-results-in-one-of-the-largest-privacy-breaches-in-this-province-involving-citizens-most-sensitive-data/

fire drill, healthcare, privacy breach, privacy officer, privacy officer training, privacy training, table-top privacy breach fire drill

Meeting Leadership Podcast – Why Leaders Should Understand Privacy

Posted on September 2, 2019 by Jean Eaton in Blog

I'm tickled pink to be a guest on the 5 minute podcast with Gord Sheppard!

Meeting Leadership Podcast – Learn How To Become An Outstanding Leader Who Runs Highly Effective Meetings

On the podcast, we talked about What Leaders Need To Know To Start a Privacy Program.

Here’s a summary of our discussion.

Train Your Team About Privacy And Security

You must train your team about privacy and security in your practices.

Let me use an example. A business in Alberta had a privacy program in place in 2013. In 2018 they experienced a privacy breach where an employee was snooping and got caught. When the Commissioner's office did the investigation, nobody in that practice, nobody in that business could find the policies and procedures that they had in place in 2013. The staff told the investigator that they hadn't received any training since that time. (See the article, “Do You Know Where Your Policies Are?”)

We need to make sure that we're providing privacy and security training on a regular basis, not just on orientation. You need to keep privacy and security top of mind.

Privacy Is An Investment That Will Save You Money

Privacy awareness training and proper policies and procedures is an investment and it is part of your operating costs. It will also save you time and money by avoiding re-work and re-training. When you have good policies and procedures in place and you're making the right decisions, you're avoiding all sorts of other costs about fines, a bad reputation, poor customer service. When you build that into your practice, you're going to reap the rewards about having an efficient practice and making sure that you're meeting all those requirements.

The Benefits Of Naming a Privacy Officer

Every business needs to have a privacy officer in your organization. This is somebody that you have assigned with the responsibility to make sure that there's a privacy management program in place. Now, not all privacy officers need to know everything. They do need to know those important questions and they need to know how to make it practical for your business.

Stay tuned for an announcement about the new course, The Practical Privacy Officer starting in September.

When You Understand Privacy, You Make Better Business Decisions!

When you have good privacy practices in your business, you will make sure to also select the best vendors who can work with you that also demonstrate their knowledge and support about privacy practices. You can build privacy practices into your business contracts and your agreements. This will also help you to grow your business reputation and attract better business partners and business suppliers and better clients and customers for your organization.

I've put together a checklist for you about the 10 Key Steps To Prevent A Privacy Breach.

Download the checklist and make sure that you implement these best practices in your business.

Meeting Leadership Podcast

Learn How To Become An Outstanding Leader Who Runs Highly Effective Meetings – Daily Episodes – in just 5 minutes!

Poor communication is bad for business. At Meeting Leadership Inc. we take a unique approach to helping you learn how to communicate more effectively. First we help you turn your meetings into highly productive events that drive your organization strategy. Then we empower you with the ability to use online education to tell your story to the most important people in your world.

Check out the Meeting Leadership Podcast here!

leaders, Meeting Leadership Podcast, privacy breach, privacy management, privacy officer, privacy officer training, privacy program

Balancing Privacy and the Public Interest

Posted on January 30, 2018 by Jean Eaton in Blog

The 2018 Congress is your opportunity to explore leading issues at the crossroads of privacy, access, security, law and technology. Network with peers and colleagues from industry and government to explore this year’s theme — The Road Ahead — Balancing Privacy and the Public Interest. Get a clearer view of how privacy, access, security, compliance, law and technology intersect, and why that matters to you, your career, and your organization.

The PACC Congress takes a refreshingly pragmatic approach. We think it’s important to offer a truly varied assortment of perspectives and experiences — that offer practical guidance. Speakers from different locations, industries and organizations offer a range of views that are never the same-old, same-old.

The Congress is a unique professional development opportunity. Sessions are longer than at most conferences, and formal presentations are shorter — so that speakers have plenty of time to present their views, and delegates have time to ask questions and get real, unscripted answers. To accomplish that — and because the Congress is about quality, not quantity — registration is strictly limited.

Register now to get Early Bird Rates!

[clickToTweet tweet=”Are you going? 2018 National Privacy and Data Governance Congress. #PACCongress @PACC_CCAP #Privacy” quote=”Learn, share and network at the 2018 National Privacy and Data Governance Congress.”]

Topics Include:

The Virtual Fishbowl and the Future of Privacy – Will Artificial Intelligence, Automation, the Internet of Things and Block Chain Technologies Protect Privacy, or Destroy It?
Authentication & Beyond
Baked In – Not Sprinkled on Top: Practical Privacy Pointers
Privacy and Impact Assessment Fundamentals
Professional Development Workshop — Breach Response
GDRP
and more!

Click here to see the complete agenda

Continuing Professional Development Credits

The PACC is a membership association and credentialing body for anyone in the field of information access and privacy regardless of their career progression. The Congress has been approved for Continuing Professional Development credits applicable by the Law Society of Alberta, Law Society of Upper Canada, and the PACC Certification Board, and may qualify for CPD credits from other organizations as well.

Join industry experts, risk management professionals, thought leaders and regulatory authorities to explore critical connections between privacy, access, security and compliance. March 6-8, 2018 in Calgary, AB

Join speakers, delegates and thought leaders with shared interests in privacy, access and security. Colleagues from public and private institutions, federal, provincial and territorial governments, industry, academia and regulatory authorities will meet in a relaxed setting to enjoy workshop, breakout, keynote and plenary sessions.

Congress 2018 takes a refreshingly practical approach. Breakout sessions are longer than at most conferences, but formal presentations are shorter. Speakers offer practical examples and case studies.

Who should attend the National Privacy and Data Governance Congress?

privacy officer
security officer
access and disclosure administrators
compliance officer
FOIP Co-ordinators
human resources manager
insurance agents
healthcare administrators, health information management
medical ethicists and genetics

Register with PACC for the National Congress

You will be directed to the PACC website to register.

The Congress Agenda is now available here.

#PACCongress, compliance officer, FOIP Co-ordinator, National Privacy And Data Governance Congress, Practical Privacy Coach, Privacy and Access Council of Canada, privacy officer, security officer

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Posted on September 11, 2017 by Jean Eaton in Archive

Is this you?

Paul clicked on a link in an email that encrypted all his data on his computer and now he has to pay a ransom to get the data back.

Mary used her work email address to register for the course, “Ready to leave your job?” Now her boss thinks that she is looking for a new job.

Alice did not follow your clinic policies and procedures properly and she left a confidential message with the wrong patient.

Bob is a new employee and will start his orientation tomorrow.

They each use the internet for their personal lives and as an employee. You need to know the best practices on the internet and how to protect your personal information. It's easy once you know how!

The 15 Day Privacy Challenge is a fun, FREE online educational opportunity on privacy and security that you can use at home or at work. Enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches when you use these practical tips, tools, and resources.

This free online course is ideal for businesses, healthcare practices, or clubs and their privacy officers, employees, and their families.

The course is free – there is no risk to you and you will see that the 15 Day Privacy Challenge is the perfect way to make small changes easily that can improve the privacy and security of your information right away!

We are official champions of the National Cyber Security Awareness Month (NCSAM). October is Cyber Security Awareness Month and Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.

The 15 Day Privacy Challenge starts October 15th, for fifteen days.

The challenge includes tasks centered on a privacy or security best practice. Each challenge includes a short description about why this practice is important, how to get started, and links to additional resources. Each challenge will take approximately 15 minutes to complete. All activities are online and accessible from any internet enabled device.

[clickToTweet tweet=”Practical #privacy and security tips for home or office – FREE! #15DayPrivacyChallenge #CyberAware” quote=”15 Day Privacy Challenge – Practical privacy and security tips for the internet enabled home and office – FREE!”]

Businesses and healthcare providers are legally responsible to ensure that every employee, contractor, and vendor receives privacy and security training, including cyber awareness. Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by being up to date on privacy and security best practices.

Training is the cornerstone of every privacy and security program.

People love games, challenges, and cyber competitions to create variety and interest in privacy and security best practices. The 15 Day Privacy Challenge uses a variety of multi-media content that everyone in your practice can understand. Privacy awareness training alone won’t guarantee that mistakes or errors in judgement won’t happen, but Privacy Awareness Training is your logical first step.

The 15 Day Privacy Challenge starts October 15th, for fifteen days.

The 15 Day Privacy Challenge includes easy to access on-line resources delivered each day. You will have access to all of the resources for one year on the website.

BONUS – access to discussion group with other participants to share your tips.

What People Are Saying

Don't just take it from us, here is what previous participants are saying:

“The 15 Day Privacy Challenge has given me some additional information on day-to-day responsibilities that I hadn't considered until now. Each Privacy Challenge has been so informative and I've been sharing it with our office staff.”

Vera. Alberta Health Services

“The 15 Day Privacy Challenge has made me aware of the policies that my facility needs to update/create!”

Rachel Worthing, CHIM, Ontario Shores Centre for Mental Health Sciences

“The 15 Day Privacy Challenge has given me some great resource information and helped me to identify the areas that I need to work on. I found value in almost all of the Privacy Challenges, but I would say Risk Assessment, Social Media, Email Phishing and Spam, and Confidentiality are the top four.”

Sharon

The 15 Day Privacy Challenges includes:

Posters
Short articles with practical information
Videos
Infographics
Links to additional free resources
Certificate of completion

The 15 Day Privacy Challenge includes practical tips on:

Confidentiality
Privacy Collection
Manage USB Sticks and Mobile Devices
Computer Backup
Computer Security
Spam email, Phishing emails, Spear-phishing
Privacy Officer Education
The Right to Access Your Own Personal Information
Change Your Passwords
Employee Orientation
Social Media
Risk Assessment
Privacy Breach Reporting

At the end of the challenge, you will receive a printable certificate of completion. Successful challengers might also find that this qualifies for CPE credits, too!

You will also have many more tools to add to your privacy tool box!

You can do this yourself or make it a team event. The finished tasks and poster will contribute to your business' Privacy Management Program. Proudly display your poster to your co-workers and customers to show the steps you have taken to manage privacy and security.

The course is free – there is no risk to you and you will see that the 15 Day Privacy Challenge is the perfect way to make small changes easily that can improve the privacy and security of your information right away!

Register right away while this is fresh in your mind! You won’t want to miss a single one!

Yes, I'm ready to take the Privacy Challenge!

Includes the webinar on October 19 – Do Your Club Volunteers Protect Your Privacy?

Along with your webinar registration, you will also benefit from the occasional Privacy Nugget tips by email of similar privacy resources and articles that you can use right away!

#15DayPrivacyChallenge, #CyberAware, #NCSAM, 15 Day Privacy Challenge, healthcare, Practical Privacy Coach, Practice Management Mentor, privacy, privacy awareness, privacy officer, security, security awareness, training

Should You Attend the National Privacy and Data Governance Congress?

Posted on February 23, 2017 by Jean Eaton in Archive

The Privacy and Access Council of Canada (PACC) is proud to present the National Privacy and Data Governance Congress brings together professionals industry, government and academia attend who are — or ought to be — concerned about privacy, access, security, compliance and data governance within their organizations.

The PACC is a membership association and credentialing body for anyone in the field of information access and privacy regardless of their career progression.

[clickToTweet tweet=”Are you going? 2017 National Privacy and Data Governance Congress. #PACCongress” quote=”Learn, share and network at the 2017 National Privacy and Data Governance Congress. “]

Join industry experts, risk management professionals, thought leaders and regulatory authorities to explore critical connections between privacy, access, security and compliance. April 5-7, 2017 in Calgary, AB

This interview with Sharon Polsky was recorded live on Thursday February 23, 2017.

Register with PACC for the National Congress

You will be directed to the PACC website to register.

The Congress has been expanded to three days (April 5, 6 and 7), with workshops on Wednesday April 5, 2017. Workshops are included in the registration.

The Congress Agenda is now available here.
Sharon Polsky is the president of AMINA Corp. and a Privacy by Design Ambassador with more than 30 years’ experience advising corporations, governments and organizations about privacy and access implications and unintended consequences of emerging laws, technologies and global trends. She is also president of the Privacy and Access Council of Canada, the nonpartisan national non-profit association of privacy and access professionals in Canada’s private and public sectors.

In 2007, Sharon founded The Winston Report, the foremost quarterly journal devoted to information access, privacy protection and data governance in Canada, and serves as its Editor-in-Chief.

Sharon is passionate about the importance of effective data protection and information risk management, and has extensive knowledge and demonstrated ability for researching, analyzing, interpreting and applying Canada’s privacy and access legislation, and for assessing relevant business and technical issues.

Ms. Polsky is frequently invited to write and speak about data governance and information security, and is a frequent speaker and lecturer in the areas of data privacy, information security, cyberliability, and the privacy implications of emerging laws and technologies, and her insights are frequently sought by conference organizers and by media including CTV, CBC, CPAC, the National Post, Montreal Gazette, Toronto Star, Calgary Herald, Edmonton Journal, Edmonton Sun, Calgary Sun, iPolitics, Blacklock’s Reporter, Corus Entertainment, Times of London and professional journals including Canadian HR Reporter.

#PACCongress, compliance officer, FOIP Co-ordinator, National Privacy And Data Governance Congress, Practical Privacy Coach, Privacy and Access Council of Canada, privacy officer, security officer, Sharon Polsky

A World of Change – National Privacy and Data Governance Congress

Posted on February 17, 2017 by Jean Eaton in Uncategorized

The Privacy and Access Council of Canada (PACC) is proud to present the National Privacy and Data Governance Congress that brings together professionals from industry, government and academia who are — or ought to be — concerned about privacy, access, security, compliance and data governance within their organizations.

Sessions are longer than usual, so that there is plenty of time for delegates to pose questions, get unscripted answers, and engage in meaningful conversations with presenters, colleagues, and decision makers. For that to be possible, attendance is strictly limited and registration is on a first come, first served basis.

The PACC is a membership association and credentialing body for anyone in the field of information access and privacy regardless of their career progression.

[clickToTweet tweet=”Are you going? 2017 National Privacy and Data Governance Congress. #PACCongress” quote=”Learn, share and network at the 2017 National Privacy and Data Governance Congress. “]

Join industry experts, risk management professionals, thought leaders and regulatory authorities to explore critical connections between privacy, access, security and compliance. April 5-7, 2017 in Calgary, AB

Not sure if this is for you?

Watch the Practice Management Nugget Webinar interview with Sharon Polsky President & CEO Privacy and Access Council of Canada (PACC) to answer all your questions!

Recorded Live Thursday February 23, 2017

Replay is Ready!

Register for the Free Interview with Sharon Polsky!

Register for the webinar here! Check your email to confirm your registration and the webinar details.

You will receive an email with a link to watch the replay right away. The replay is available for a limited time.

Along with your registration for the event you’ll also benefit from weekly email reminders of the next guest expert on Practice Management Nuggets Webinars for Your Healthcare Practice. You can unsubscribe at any time.
Sharon Polsky is the president of AMINA Corp. and a Privacy by Design Ambassador with more than 30 years’ experience advising corporations, governments and organizations about privacy and access implications and unintended consequences of emerging laws, technologies and global trends. She is also president of the Privacy and Access Council of Canada, the nonpartisan national non-profit association of privacy and access professionals in Canada’s private and public sectors.

In 2007, Sharon founded The Winston Report, the foremost quarterly journal devoted to information access, privacy protection and data governance in Canada, and serves as its Editor-in-Chief.

Sharon is passionate about the importance of effective data protection and information risk management, and has extensive knowledge and demonstrated ability for researching, analyzing, interpreting and applying Canada’s privacy and access legislation, and for assessing relevant business and technical issues.

Ms. Polsky is frequently invited to write and speak about data governance and information security, and is a frequent speaker and lecturer in the areas of data privacy, information security, cyberliability, and the privacy implications of emerging laws and technologies, and her insights are frequently sought by conference organizers and by media including CTV, CBC, CPAC, the National Post, Montreal Gazette, Toronto Star, Calgary Herald, Edmonton Journal, Edmonton Sun, Calgary Sun, iPolitics, Blacklock’s Reporter, Corus Entertainment, Times of London and professional journals including Canadian HR Reporter.

Join speakers, delegates and thought leaders with shared interests in privacy, access and security. Colleagues from public and private institutions, federal, provincial and territorial governments, industry, academia and regulatory authorities will meet in a relaxed setting to enjoy workshop, breakout, keynote and plenary sessions.

Congress 2017 takes a refreshingly practical approach. Breakout sessions are longer than at most conferences, but formal presentations are shorter. Speakers offer practical examples and case studies, but are discouraged from using PowerPoint or similar tools (or distractions).

The Congress has been approved for Continuing Professional Development credits applicable by the Law Society of Saskatchewan and the PACC Certification Board, and may qualify for CPD credits from other organizations as well.

Who should attend the National Privacy and Data Governance Congress?

privacy officer
security officer
access and disclosure administrators
compliance officer
FOIP Co-ordinators
human resources manager
insurance agents
healthcare administrators, health information management
medical ethicists and genetics

Conference workshops include “Managing a Privacy Breach” with Jean L. Eaton, Your Practical Privacy Coach with Information Managers Ltd.

Register with PACC for the National Congress

You will be directed to the PACC website to register.

The Congress has been expanded to three days (April 5, 6 and 7), with workshops on Wednesday April 5, 2017. Workshops are included in the registration.

The Congress Agenda is now available here.

#PACCongress, compliance officer, FOIP Co-ordinator, National Privacy And Data Governance Congress, Practical Privacy Coach, Privacy and Access Council of Canada, privacy officer, security officer, Sharon Polsky

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Posted on September 18, 2016 by Jean Eaton in Archive

Is this you?

Paul clicked on a link in an email that encrypted all his data on his computer and now he has to pay a ransom to get the data back.

Mary used her work email address to register for the course, “Ready to leave your job?” Now her boss thinks that she is looking for a new job.

Alice did not follow your clinic policies and procedures properly and she left a confidential message with the wrong patient.

Bob is a new employee and will start his orientation tomorrow.

They each use the internet for their personal lives and as an employee. You need to know the best practices on the internet and how to protect your personal information. It's easy once you know how!

The 15 Day Privacy Challenge is a fun, FREE educational opportunity on privacy and security that you can use at home or at work. Enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches when you use these practical tips, tools, and resources.

This free course is ideal for businesses, healthcare practices, or clubs and their privacy officers, employees, and their families.

The course is free – there is no risk to you and you will see that the 15 Day Privacy Challenge is the perfect way to make small changes easily that can improve the privacy and security of your information right away!

October is Cyber Security Awareness Month and Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.

The 15 Day Privacy Challenge starts October 14th, for fifteen days.

The challenge includes tasks centered on a privacy or security best practice. Each challenge includes a short description about why this practice is important, how to get started, and links to additional resources. Each challenge will take approximately 15 minutes to complete.

Businesses and healthcare providers are legally responsible to ensure that every employee, contractor, and vendor receives privacy and security training, including cyber awareness. Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by being up to date on privacy and security best practices.

Training is the cornerstone of every privacy and security program.

People love games, challenges, and cyber competitions to create variety and interest in privacy and security best practices. The 15 Day Privacy Challenge uses a variety of multi-media content that everyone in your practice can understand. Privacy awareness training alone won’t guarantee that mistakes or errors in judgement won’t happen, but Privacy Awareness Training is your logical first step.

privacy-challenge-information-managers-event-fb-2016-nolink

The 15 Day Privacy Challenge starts October 14th, for fifteen days.

The 15 Day Privacy Challenge includes easy to access on-line resources delivered each day. You will have access to all of the resources for one year on the website.

BONUS – access to discussion group with other participants to share your tips.

The 15 Day Privacy Challenges includes:

Posters
Short articles with practical information
Videos
Infographics
Links to additional free resources
Certificate of completion

The 15 Day Privacy Challenge includes practical tips on:

Confidentiality
Privacy Collection
Manage USB Sticks and Mobile Devices
Computer Backup
Computer Security
Spam email, Phishing emails, Spear-phishing
Privacy Officer Education
The Right to Access Your Own Personal Information
Change Your Passwords
Employee Orientation
Social Media
Risk Assessment
Privacy Breach Reporting

At the end of the challenge, you will receive a printable poster, bragging rights, and an opportunity to win a draw for a small prize basket (Canadian participants, only).

You will also have many more tools to add to your privacy tool box!

You can do this yourself or make it a team event. The finished tasks and poster will contribute to your business' Privacy Management Program. Proudly display your poster to your co-workers and customers to show the steps you have taken to manage privacy and security.

Successful challengers might also find that this qualifies for CPE credits, too!

Register for the 15 Day Privacy Challenge!

The course is free – there is no risk to you and you will see that the 15 Day Privacy Challenge is the perfect way to make small changes easily that can improve the privacy and security of your information right away!

Register right away while this is fresh in your mind! You won’t want to miss a single one!

#15DayPrivacyChallenge, #CyberAware, 15 Day Privacy Challenge, healthcare, Practical Privacy Coach, Practice Management Mentor, privacy, privacy awareness, privacy officer, security, security awareness, training