15 Day Privacy Challenge October 2015

Posted on September 10, 2015 by Jean Eaton in Blog

October is Cyber Security Awareness Month!

Information Managers is proud to host the 15 Day Privacy Challenge – a fun, no cost educational opportunity on privacy and security. A privacy awareness training program for work and home.

How it Works:
Each day, for fifteen days, participants receive an e-mail with a privacy challenge. The task is a privacy or security best practice that can be used in home or business. Each email includes a short description about why this is a good practice, how to start it, and links to additional resources. Each challenge will take about 15 minutes to complete.

Register me for the Free 15 Day Privacy Challenge

We invite you to share this great opportunity with your colleagues.

Help your clients with useful tips, tricks and resources to make their jobs easier.

The 15 Day Privacy Challenge begins October 15, 2015.

Email me my Privacy Challenge!

Use the 15 Day Privacy Challenge as part of your privacy awareness training for your organization. Send us an email to request promotional materials.

Want to know more? Listen to the interview with Jean.

Practical Privacy Coach, Practice Management Mentor, privacy, privacy awareness, privacy officer, security, security awareness, training

Is this Exciting Privacy and Data Governance Congress for You?

Posted on January 7, 2015 by Jean Eaton in PMN Replay, PMN Stitcher

In this FREE 30-minute Practice Management Nugget Webinar with Sharon Polsky you will get a behind-the-scenes peak at the upcoming National Privacy and Data Governance Congress.

If you're serious about practical learning in privacy, access and security and want to join speakers, delegates and thought leaders with shared interests on privacy that you can apply in your own environment right away make sure to check out this exciting interview with Sharon Polsky right now!

Replay of the Live Webinar Recorded Thursday, January 7, 2016

Join us for Practice Management Nugget Webinar

Is this Exciting Privacy and Data Governance

Congress for You?

Privacy and Access Council of Canada offers a congress where delegates have a realistic opportunity to attend the sessions of interest. Plenaries and breakout sessions are longer than usual , and formal remarks are shorter, leaving time for speakers and delegates to engage in genuine conversation. And we ask speakers to offer practical guidance borne of their experience (not just theoretical advice or historical reviews) that delegates can put to work in their own organizations.

Learn, share and network at the 2016 National Privacy & Data Governance Congress. Join industry experts, risk management professionals, thought leaders and regulatory authorities to explore critical connections between privacy, access, security and compliance.

Join speakers, delegates and thought leaders with shared interests in privacy, access and security. Colleagues from public and private institutions, federal, provincial and territorial governments, industry, academia and regulatory authorities will meet in a relaxed setting to enjoy workshop, breakout, keynote and plenary sessions.

Congress 2016 takes a refreshingly practical approach. Breakout sessions are longer than at most conferences, but formal presentations are shorter. Speakers offer practical examples and case studies, but are discouraged from using PowerPoint or similar tools (or distractions).

Continuing Education Credits applicable to PACC Professional Certification, and may qualify for CPD credits from other organizations as well.

Who should attend the Privacy and Data Governance Congress?

privacy officer
security officer
access and disclosure administrators
compliance officer
FOIP Co-ordinators
human resources manager
insurance agents
healthcare administrators, health information management
medical ethicists and genetics

What previous attendees say

Interesting, new speakers — not the same folks saying the same things over and over. Executive Director, Office of the Information & Privacy Commissioner of Ontario.

I thought your event was the best event I have been to in years. It really was a mixed bag of different approaches with the workshops, keynotes and panel discussions. I also thought it was very honest and open discussion of serious issues that we face with privacy and access. You had advocates for leveraging private information to create greater convenience for the consumer as well as privacy advocates for doing whatever you can to protect your private information. Project Manager, Service Alberta.

Sharon Polsky, MAPP

Sharon Polsky is president of AMINA Corp. and a Privacy by Design Ambassador with more than 30 years’ experience advising corporations, governments and organizations about privacy and access implications and unintended consequences of emerging laws, technologies and global trends. She is also president of the Privacy and Access Council of Canada, the nonpartisan national non‑profit association of privacy and access professionals in Canada’s private and public sectors.

In 2007, Sharon founded The Winston Report, the foremost quarterly journal devoted to information access, privacy protection and data governance in Canada, and serves as its Editor‑in‑Chief.

Sharon is passionate about the importance of effective data protection and information risk management, and has extensive knowledge and demonstrated ability for researching, analyzing, interpreting and applying Canada’s privacy and access legislation, and for assessing relevant business and technical issues.

Ms. Polsky is frequently invited to write and speak about data governance and information security, and is a frequent speaker and lecturer in the areas of data privacy, information security, cyberliability, and the privacy implications of emerging laws and technologies, and her insights are frequently sought by conference organizers and by media including CTV, CBC, CPAC, the National Post, Montreal Gazette, Toronto Star, Calgary Herald, Edmonton Journal, Edmonton Sun, Calgary Sun, iPolitics, Blacklock’s Reporter, Corus Entertainment, Times of London and professional journals including Canadian HR Reporter.

hosted by Jean Eaton of Information Managers Ltd.

compliance officer, FOIP Co-ordinator, National Privacy And Data Governance Congress, Practical Privacy Coach, Privacy and Access Council of Canada, privacy officer, security officer, Sharon Polsky

Calendar January 2015

Posted on January 1, 2015 by Jean Eaton in Blog

Happy New Year!

Do you need a new calendar for January? I've got one here that you can download and use right away!

January 2015 Calendar

This is what I've got for you:

January 2015 calendar you can print
Privacy poster that you can print
Reminders about events at Information Managers that you can attend on line for FREE!
Reminder about one task to complete this month for Privacy Officer
Reminder about one task to complete this month for Human Resources or Clinic Manager

Here's what it will do for you:

Keep you organized
Help you to focus on one key task each month to meet your privacy management program objectives
Education events for you and your clinic
Links to other events this month

Here's what to do next:

January 2015 Calendar

Tweet This!

Would you like your event to be on our calendar?

Tweet us at @InfoManLtd

Sign up for Privacy Nuggets Newsletter and select ‘Publications' to receive an email as soon as the February Calendar and Privacy Poster is available!

Calendar 2015 January, Practice Management Mentor, privacy officer

Do you have Netcare?

Posted on September 22, 2014 by Jean Eaton in Blog

Netcare's PIA Process

When we provide our personal and sensitive information to a healthcare provider, we want assurances that the confidential information will be respected. We expect that our information will only be shared with people who need to know the information to provide health services to us. Alberta's Health Information Act requires healthcare providers (custodians) to put appropriate safeguards in place to protect the privacy, confidentiality, and security of health information.

Alberta Netcare, also known as the Alberta Electronic Health Record (EHR), is a network of information systems that allows authorized users to see prescriptions, lab results, diagnostic images (e.g. x-rays and ultrasounds) and hospital reports (e.g. hospital discharge summaries). Netcare is used throughout Alberta in hospitals run by Alberta Health Services and Covenant Health and in medical clinics and pharmacies. This is managed by Alberta Health, Government of Alberta. Alberta Health Services (regional health authority), community pharmacies, labs and diagnostic imaging centres and other agencies upload patient information to Netcare.

Netcare Portal PIA

Each custodian is required by Health Information Act to submit a Privacy Impact Assessment to the OIPC. Alberta Health submitted a Privacy Impact Assessment (H1124) in 2006 for Alberta Netcare Portal (ANP) and an updated Privacy Impact Assessment (H3879) in March 2013.

Healthcare providers (custodians) who request access to Alberta Netcare Portal (ANP) must submit a Privacy Impact Assessment to the OIPC that documents the healthcare providers’ computer systems integration with Alberta Netcare.

If you have a previous Privacy Impact Assessment that was accepted by the OIPC regarding your access to Alberta Netcare Portal and it is less than two years old, you can submit a Privacy Impact Assessment Addendum. If you have previously completed a Provincial Organization Readiness Assessement (pORA) you will need to review and update the pORA including completing “Section Two: Mandatory Security Requirements for S2S Sites” and return it to Alberta Health for review and approval.

If you have not yet submitted a Privacy Impact Assessment

You need to submit a PIA to the OIPC for acceptance. This must reference the ANP Privacy Impact Assessment (H3879). You must also complete and submit a pORA including “Section Two: Mandatory Security Requirements for S2S Sites”.

Questions to ask:

1) When was the last time we reviewed our PIA? (This should be reviewed annually.)

2) Do we have / do we want access to Alberta Netcare Portal (ANP)? If ‘yes’, then:

3) Was your Privacy Impact Assessment accepted more than two years ago (before August 2012)? If ‘yes’, then

Review and amend your PIA and submit to OIPC including reference to ANP Privacy Impact Assessment H3879 and
Review your pORA including “Section Two: Mandatory Security Requirements for S2S Sites”. You will likely need additional support from your computer network vendor and your EMR vendor.

4) If you are a Registered Nurse and work in occupational health, at a First Nations care centre, at a remote nursing station, for a federal jurisdiction or for an authorized homecare service or self employed, you may be eligible to apply for access to Netcare as a custodian. The above steps also applies to you.

Please share this information with colleagues and your computer network support, EMR vendor, and privacy officer in your organization.

PS

Not all healthcare providers are custodians as defined by Health Information Act. For more information, see our blog, HIA Amendments and Document Management Tip

For more information see:

Alberta OIPC. Bulletin Health Information Act Bulletin August 2014 Update.

Alberta Netcare, Your System Integration with Alberta Netcare.

CARNA Netcare Access to Registered Nurses as Custodians.

Need to do a Privacy Impact Assessment or a Privacy Impact Assessment amendment? We have a course for that!

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course

Alberta, E-course PIA; privacy impact assessment, HIA, Netcare, PIA, pORA, Practical Privacy Coach, privacy officer

Top ten privacy and security tips for business

Posted on September 11, 2014 by Jean Eaton in Blog

September is the new New Year. Sunny days and cool nights. New schools. New fashions. New energy to review your New Year's resolutions.

How are you doing on your Top Ten privacy and security New Year’s check list?

Don't worry–here are few reminders.

Change your passwords on your computers, perimeter security alarms, voice mail, debit and credit cards and other places.
Encrypt your data. Do you know who has the encryption key?
Back up your data. Keep separate from the source data – on a different device and stored in a different secure location.
Restore your data, know how this works. Try restoring a few different files. Open the files and make sure that you can read and print the files.
Review your policies and procedures.
Check your employee orientation files and make sure that they are up to date.
Find and make a written inventory of all your USB drives and external hard drives. Store them in one location so that you can quickly notice if one is missing.
Find and make a written inventory of all your office door keys. Make sure none are missing and securely store what you do not need.
Update your privacy awareness and security training – and made sure that everyone – including contractors and professional staff – receive the training.
Update your oaths of confidentiality and review your contracts with vendors and information managers and business associates.

As a privacy officer, clinic manager, or healthcare professional it is your responsibility to ensure that you protect the confidentiality and security of the private information that your patients, employees, or business associates give to you. Of course, you want to protect your personal and business information, too!

These top ten privacy and security to do items are commonly accepted business best practices are a good foundation to develop your practical privacy and security program.

healthcare, Practical Privacy Coach, privacy, privacy officer, security

1 2