Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Do You Need to Build A Privacy Awareness Training Plan for Your Healthcare Practice?

Posted on January 23, 2023 by Meghan in Blog

Do You Need to Build a Privacy Awareness Training Plan in your Healthcare Practice?

A practical privacy awareness training plan will save time for clinic managers and privacy officers.

Employees and healthcare providers who keep privacy and security top of mind will contribute to increased patient satisfaction, improve privacy compliance, and reduce privacy and security incidents in your practice.

Privacy awareness training is more than a checklist when new employees are hired.

As an employer and health care provider, you are responsible to provide training to all your employees about privacy awareness.

Your privacy officer should have direct involvement in the planning and monitoring of the privacy awareness training. The privacy officer may also:

  • Facilitate training opportunities
  • Develop / contribute to policies and procedures
  • Monitor for compliance
  • Provide instructions
  • Implement specific projects

If you don’t provide the training – and if your employees don’t understand the policies – and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

Protect your organization and your patients. Equip your staff with the information they need to confidently and correctly handle personal health information. Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Quickly and Easily Build Your Privacy Awareness Training Plan For the Whole Year!

Effective training for adult learners suggest that we must re-enforce key concepts at least 4 times a year. This applies to privacy awareness topics, too. 

Start your privacy awareness training at orientation and on-boarding of ALL of your team members, including healthcare providers. 

Then, re-enforce the key concepts throughout the year with work aids, posters, a ‘training minute' at regular staff meetings or team huddles, and coaching during the work day.

When You Plan It, It Will Happen

Is this you? If you want something to happen, you schedule it in your calendar.

Planning is key to design and deliver an effective privacy awareness training plan for your healthcare practice.

Let me show you a quick and easy way to plan your privacy awareness training for the whole year!

In this 60-minute webinar, you will outline a privacy awareness plan for your practice.

  • Training plan theory
  • Training strategies
  • Privacy awareness training plan
  • Build your privacy awareness training plan for the whole year!
  • Resources you can use right away to start training

Register before February 17,  2023 to access the Replay

Build a Privacy Awareness Training Plan for Your Healthcare Practice

Register now to get access to the limited time replay and resources!

Yes! I want to attend the workshop

This Workshop Includes:

  • Live on-line training
  • Q&A with Jean Eaton, Your Practical Privacy Coach when you join the webinar live
  • Access to the replay for a limited time
  • Learning Resources Guide

Did you enjoy reading this article? You may also be interested in:

Do You Want To Be A Confident Healthcare Privacy Officer?

Keeping Privacy Active in the Minds of Clinic Staff

5 Low Cost Steps You Can Take to Prevent Employee Snooping

3 Parts to Every Privacy Awareness Training Plan

Jean Eaton

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.  

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

healthcare, privacy awareness, privacy awareness training, privacy awareness training plan, privacy officer, privacy training

Table-Top Privacy Breach Fire Drill

Posted on April 19, 2021 by Meghan in Blog

Use A Table-Top Privacy Breach Fire Drill to Protect Your Practice

A table-top privacy breach fire drill is a cost-effective way to prepare for a privacy and security incident in your healthcare organization. You should have a written privacy breach incident response plan in your healthcare practice. Have you practiced your response plan lately?

A table-top privacy breach fire drill allows your incident response team to rehearse their skills in a controlled exercise.

Do you remember your school days when every month or two you had a fire drill? The fire alarm would go off and everybody would go out the doors and very calmly go down the stairs and out the doors and into their muster point.

We take the same approach with privacy breach fire drills. Fires can happen at different times, places, and for different reasons. Whey you change the scenario, you develop alternate strategies or playbooks to best respond to the fire.

A privacy breach incident playbook contains all the actionable steps to take when a privacy beach incident occurs. Your playbook will have many ‘plays’ or actions to take when different types of privacy breach incidents occur. You could also think of it as a recipe book. You have many types of recipes to select from. Identify the ingredients that you have on hand (or the characteristics of the latest privacy incident) and select the most appropriate recipe to resolve the incident.

Healthcare providers, owners, and privacy officers hear about big privacy breaches on the news and hope it won’t happen to them. It keeps them up at night…because they know that properly preventing or managing a privacy breach is critical to the continued success of their business. Implementing a table-top privacy breach fire drill will help!

Picture this. You call a meeting of your incident response team. This may include your privacy officer, computer network support or managed services provider lead, physician, dentist, or other healthcare lead, your media spokesperson, and clinic manager. The privacy officer distributes a privacy breach incident scenario summarized on one page.

The team members read the scenario and then discuss what steps that they would take to respond to the privacy breach incident.

Using the 4 Step Response Plan  as your playbook guideline, the incident response team note-keeper documents the hypothetical steps that the team takes to respond to the breach. Record the decisions, the resources, and the questions that you explore in this scenario.

Privacy Breach 4 Step Response

When the table-top exercise is complete, you now have a detailed action steps that you can take when a similar privacy incident occurs in your healthcare practice.

How To Use The Table-Top Privacy Breach Fire Drill Technique

The goal of a privacy breach fire drill is to develop your playbook so you can spring into action when a similar privacy and security incident occurs in your healthcare practice.

First, identify a scenario that could happen in your practice. Unfortunately, it’s easy to find an example about a privacy and security breach in the news. Grab a privacy breach example and pull out the bits and pieces of the information that might apply to your organization. When you select scenarios that could happen in your organization the exercise is more meaningful for you, and you will develop tools and templates that are going to help you in the event that a very similar privacy and security incident happens in your organization.

Let’s use the recent privacy breach incident that came from the province of Saskatchewan* when a cybersecurity attack that happened in their E-Health system. This attack may have started when an employee who had authorized access to the e-health system used a personal tablet to connect with a USB to the Saskatchewan health authority’s computer. This enabled a virus from that personal tablet to infect the computer system and ultimately the e-health system, allowing millions of files to be stolen. Strip the example down to its key points. Create additional details and assumptions where needed to give the team members enough information to discuss the scenario during the fire drill exercise.

Step 1 Contain The Breach

The first step in every incident is to spot and stop the breach. Make an assumption that the employee who connected the personal device to your computer is now seeing that message on the screen that says that there's a virus in the system. One of your incident team members plays the role of the employee and completes Step 1 of the privacy breach incident response form and notifies their supervisor or the privacy officer.

Another team member assumes the role of the privacy officer and explains what their next action steps would be.

Record each action that you consider. Document each policy, resource, phone number and email address that you would use in a real event. This creates the action steps in your playbook.

Step 2 Evaluate the Risks

Discuss the risks that could affect the computer systems. What tools do you need to evaluate the harm of this incident? How might this affect patient care and the privacy of patient information?

Contact your vendors and ask them to contribute to the risk assessment in this scenario.

Who else might you want to call on for assistance to investigate this incident?

You might want to revisit the news item for additional information about the actions that were taken that you might also need to explore.

In your playbook, record good leading questions to help you to investigate the incident and evaluate the risks of harm.

Step 3 Notification

Strategize who you would notify about the incident. Prepare written notification to the custodians, patients, regulators and even media statements. These become templates in your playbook that you can quickly implement in your real event.

Role-play your media spokesperson being interviewed on the evening news. It’s much better to practice now, before you are in a crisis.

Step 2 Prevent the Breach From Happening Again

This might be the most valuable step in the privacy breach fire drill. Complete the privacy breach incident worksheet and summarize this practice scenario. Consider how likely this scenario could happen in your practice. What type of training could be done now to prevent this from happening? What tools or training do your incident response team members need today to make it easier for them to monitor and prevent this scenario from happening?

Fire-Drills Lead to a Confident Response

At the conclusion of this fire-drill, your team is ready, energized, and have the tools that they need to make sure that they can respond to that privacy and security breach as quickly as possible. This absolutely is a great investment in your time. These table-top privacy breach fire drills are a great demonstration of your commitment as an organization to ensure that you are protecting the privacy confidentiality and security of health information.

I hope that this privacy tip to help you do your tabletop privacy and security breach fire drills will be a value to your organization.

Listen to the podcast HERE!

Do you need help to create your privacy breach management plan – and a mentor to help you get it done?

Check out the 4 Step Response Plan – tips, tools, templates, and training to help you create your privacy breach management plan!

4 Step Response Plan

*Reference:

Saskatchewan IPC finds ransomware attack results in one of the largest privacy breaches in this province involving citizens’ most sensitive data. January 8, 2021 – Ron Kruzeniski, Information and Privacy Commissioner. https://oipc.sk.ca/saskatchewan-ipc-finds-ransomware-attack-results-in-one-of-the-largest-privacy-breaches-in-this-province-involving-citizens-most-sensitive-data/

fire drill, healthcare, privacy breach, privacy officer, privacy officer training, privacy training, table-top privacy breach fire drill

Privacy Myth

Posted on May 5, 2014 by Jean Eaton in Blog

Myth:  Privacy is a big, scary thing

that will interrupt your routine, rob you of countless billable hours, impact all of your staff, turn your office inside out and change the way you run your entire business!

Fact:  Privacy is important.

Memo_Privacy_Warning_Information_Managers_smallWe respect the privacy of our patients and clients and the confidentiality of their information.

Sometimes we need to review our office procedures and our administrative, technical, and security safeguards to make sure we are doing the best that we can.

We need to provide privacy awareness training to our new staff and discussion for all of our team members.

Build privacy into things you do everyday in your healthcare practice.

You can be a myth-buster!  We can help.

privacy training

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

I have used Jean Eaton’s Privacy Impact Assessment consulting services on multiple projects at a very reasonable cost. Information Managers also provides a plethora of privacy information, education and training tools for minimal costs. One thing that has helped satisfy the training needs of staff for the PIA is paying for her in service program that is online and staff go through at their own pace while we monitor to ensure completion.

- Luke Brimmage, Executive Director, Aspen Primary Care Network

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}