
5 New Year’s Resolutions for Privacy Officers and Clinic Managers
Why Privacy Resolutions Matter for the New Year
The start of a new year is the perfect time for clinic managers and privacy officers to reflect, reset, and refocus their efforts on safeguarding patient information. Just as individuals set personal goals for growth, healthcare organizations benefit from creating resolutions to strengthen their privacy practices. With evolving regulations, new technologies, and the ever-present risk of breaches, a proactive approach ensures your clinic stays ahead of potential challenges. These five New Year’s Resolutions will help you prioritize compliance, reduce risks, and foster a culture of privacy and accountability in your practice.
1. Review Your Clinic Description and Privacy Impact Assessment (PIA)
Start by assessing your clinic’s current operations and comparing them to your original plans. Are they still aligned, or have new challenges or opportunities arisen? Consider the following:
- Are there any new initiatives or technologies your clinic is planning to implement this year?
- Are there upcoming changes in personnel, stakeholders, or organizational structure?
- Have there been any recent or anticipated legislative updates that could impact your privacy practices?
- Identify updates that need documentation and determine if you need to notify the Office of the Information and Privacy Commissioner (OIPC).
Regularly updating your PIA ensures your clinic stays compliant, prepared, and aligned with its goals.
If you haven’t completed a PIA, make it a top priority this year! A PIA ensures compliance and protects your patients and organization.
Tip: Check out the December 2024 Q&A With Jean for the ‘Annual Review Checklist’ template to help you right away!
2. Monitor Privacy Breaches and Annual Trends
Take a close look at the privacy breaches and near misses from the past year. What patterns or trends stand out? Are there recurring issues, such as faxes being sent to the wrong number or patient forms being given to the wrong person?
It’s time to evaluate your current approach. If reminders to “be more careful” haven’t reduced these incidents, it’s a sign that a new strategy is needed. Process changes, additional staff training, or implementing new tools might be necessary to achieve better results.
Action Step: If you don’t already have a privacy breach reporting tool to provide a clear summary of all breaches at a glance, make it a priority to implement one now. Use this tool to document trends, analyze recurring issues, and develop actionable solutions to discuss during staff meetings.
3. Privacy Awareness Training for Everyone!
Recent decisions, such as Ontario IPC’s PHIPA Decision 260, highlight the importance of mandatory Privacy Awareness Training (PAW) training for all staff, including physicians.
Ensure your organization not only mandates this training but also enforces compliance. Accountability starts at the top.
Case Study: In Decision 260, a hospital faced repercussions when a physician accessed 1,400 patient records without proper authorization due to lack of enforced PAW training. How do you ensure that every employee and healthcare provider receive PAW training at your practice?
4. Plan for Succession
Every business owner needs a plan to ensure that there is a plan to continue or close their business if there is a sudden inability of the owner to do their job.
Custodians must designate a successor to ensure patients maintain access to their records in case of sudden changes. Naming a successor custodian who will advocate for and ensure the proper access and retention of patient records is a requirement of professional standards of practice and good business sense.
Clinic managers should know who the designated custodian is and ensure there’s a written agreement in place.
Thought Experiment: Succession planning is critical for privacy officers and clinic managers, too! Who will take over your role if you win the lottery tomorrow? Develop a training plan for your protégé. Check out the upcoming Practical Privacy Officer Strategies training.
5. Review Your Technology Stack
Recent outages like Microsoft 365 or platform closures (e.g., Bench) highlight the importance of contingency planning.
A technology stack inventory includes a listing of your data holdings and software and hardware vendors that you use in your business.
Include the vendor contact details and backup plans for service disruptions.
Ensure that you have written agreements for each service and appropriate access, security, and retention for PHI.
Conduct a risk assessment of the technology that you implement in your business to evaluate the impact of downtime on your clinic. The higher the risk, the more important it is to have a business continuity plan.
Bonus: Email me for a free Technology Stack template to get started!
Schedule these activities into your calendar to prompt you to dedicate time to complete your resolutions. They are not difficult and will contribute to privacy compliance in your practice.
Need some help with your privacy compliance? Join our Practice Management Success Membership for templates, guides, and expert support to make 2025 your best year yet!

When we know better, we can do better…
Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you. Jean L. Eaton Your Practical Privacy Coach INFORMATION MANAGERS