Privacy Principles Applies After Death

Posted on August 5, 2019 by Jean Eaton in Blog

Are your staff looking at medical records when they shouldn’t be?

Many people have the mistaken impression they can look at a patient's medical records as long as they don’t tell anyone else.

You can’t.

We see over and over again in ‘snooping’ cases where seasoned and new healthcare providers and support team members don’t realize that looking at patient’s health information without a need to know that information to provide a health service right away is wrong.

Kate Dewhirst summarized this as

Privacy = don’t look
Confidentiality = don’t tell

We still need privacy awareness training – even those experienced healthcare providers who push back and say that they have been in the business for years still often have more to learn.

Yes, we still need privacy awareness trainingClick to Tweet

In this post I am sharing an example of the Ontario’s Information Privacy Commissioner (IPC) complaint investigation from the family of a deceased individual. Whether you have a new practice, or an existing practice, we have a number of services and resources designed to help you manage your practice in a way that not only meets legal requirements, but is streamlined and efficient, and keep your information secure.

What Happened

In 2014, a physician acting in his role as a coroner, accessed the deceased’s health record. Shortly thereafter, the family alleged that the physician, who was also a family member of the deceased, continued to access the deceased’s personal health information (PHI) contrary to Ontario’s Personal Health Information Protection Act (PHIPA).

The family submitted a complaint to the hospital. Initially, the hospital's response did not satisfy the family. The family filed a complaint to the Information and Privacy Commissioner (IPC) of Ontario.

The IPC started a complaint investigation.

Privacy Breach Investigation

Privacy Complaint Investigation

Under PHIPA, the hospital is a health information custodian and the physician is an agent of the hospital.

During the IPC investigation, the physician confirmed he “accessed the health information in response to his concern about the individual’s well-being.”

“I know now that proceeding in this way was misguided and wrong.” He would never disclose the information to anyone; that would be a violation of patient privacy and a breach of doctor – patient confidentiality.

The physician acknowledged he did not fully appreciate the related but distinct concepts of patient privacy, the circle of care, and the ‘need to know’ principle.

Confidentiality rights arise out the special relationship between the client and the health professional or provider.

In contrast, privacy rights are the general rights of all persons to limit the access to their PHI. Individuals have the right to privacy, even after death.

Individuals have the right to #privacy, even after death. Click to Tweet

4 Step Response Plan

The hospital received a complaint from the family, which triggers the first step to spot and stop the breach.

Secondly, the hospital did an initial investigation to evaluate the risks of the incident. Later, after the IPC initiated their complaint investigation, the hospital re-visited the internal investigation and completed a comprehensive review and used audit log reporting tools to assist them.

Eventually, the hospital took the third step and notified the individuals’ family of the privacy breach. However, the notification was not timely. A more comprehensive response to the families’ complaint, followed by a notice to the family may have provided a better response.

Preventing a similar breach is the fourth step.

Since this incident, the hospital has:

installed a new auditing program that considerably enhances its ability to detect unauthorized access.
updated its Privacy and Confidentiality Policy, which applies to all agents of the hospital.
developed a yearly electronic privacy training program for all staff, volunteers and learners and will require all credentialed physicians to complete this training as part of the annual reappointment process.
strengthened the privacy warning on its electronic system, which warns users that unauthorized use of personal health information may result in disciplinary action.

Privacy Breach Physician Sanctions

The hospital’s Medical Advisory Committee recommended to the Board of Directors that the physician’s privileges be suspended for three months, that the hospital conduct enhanced monitoring of the physician’s access to the electronic medical record for three years, and that, on his return to practice, the physician be required to present at Grand Rounds on the topic of privacy.

The IPC concluded that the disciplinary consequences for the physician were sufficient in the circumstances.

Privacy Breach Nuggets You Need to Know

Privacy breaches are in the news every day. The more you know how breaches can affect you allows you to be more proactive to prevent privacy breach pain.

Privacy awareness education is more than just having policies and procedures. Demonstrating good practices, regular discussion about examples, and even gamification helps to ensure that all members of your healthcare team understand their roles and responsibilities.

If you need to start or update your privacy awareness training program, check out the on-line education Privacy Awareness in Healthcare: Essentials.

If you need to start or update your privacy breach management program, check out the 4 Step Response Plan; Prevent Privacy Breach Plan.

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

Click Here To Register for the FREE Training Video "Can You Spot the Privacy Breach?"

References and Resources

Dewhirst, Kate. After Death: Who Can Access The Records Of A Patient After Death? May 7, 2019. https://katedewhirst.com/blog/2019/05/07/after-death-who-can-access-the-records-of-a-patient-after-death/

Ontario Information and Privacy Commissioner IPC Investigation Report PHIPA DECISION 74 HC15-4 Sault Area Hospital August 10, 2018.

#PrivacyBreachNugget, 4 Step Response Plan, clinic, complaint investigation, death, deceased, healthcare, IPC, medical, Ontario, PHIPA, privacy, privacy after death, privacy awareness training, privacy breach, privacy breach nugget, privacy principles

Safeguards: The What, Why, and How

Posted on July 14, 2019 by Meghan Davenport in Blog

Guest Blog Post by Tamara Beitel

Health Information Management Student, Centre for Distance Education, May 2015

Picture this, the reception room of the clinic was clean and organized, the patients were happy as they were quickly seen by an efficient, positive and qualified healthcare team. This is what happens when the clinic has taken the time to design their safeguards.

What are safeguards? Why are they important to you? How do you implement these safeguards into your clinic/office?

These are important questions to consider when thinking about safeguards. Implementing safeguards will make your clients/patients feel more confident that their personal information is safe. They will be more willing to share their information.

Why should you safeguard health information?

It is important to safeguard health information to protect your business, your reputation, and helps employees understand privacy, security and confidentiality. When your clients/patients see that you are actively making sure that their personal information is safe, they feel more confident in sharing that information knowing it will be protected.

What are safeguards?

There are three types of safeguards to use in maintaining the privacy and confidentiality of health information in your clinic.

Administrative safeguards are the policies and procedures and other written documents. Policies and procedures direct staff to properly access patient information, privacy training for staff, monitoring the policies and procedures, dealing with receiving and responding to privacy complaints and inquiries, and dealing with transferring, retaining and destroying personal information contained on electronic devices.

There is privacy breach management to help prevent or in case of a breach what the procedure is in dealing with the breach. In the blog, When is a privacy breach a privacy breach?, it discusses the repercussions of not implementing breach policies and also discusses the legislation that is in place to safeguard personal information from breaches. It is important to acknowledge when a breach has occurred, that you have taken the proper steps to address the breach, and have learned from the breach so as not to repeat the same mistakes.

Examples of Policies and Procedures:

Signed oaths of confidentiality for all affiliates
Screens should be private and not viewable from public areas
Prohibit disclosure of patient diagnostic, treatment and care information over the phone, even to an individual who claims to be the patient

Technical Safeguards are controls that protect and control access to personally identifiable and health information. Technical safeguards include electronic devices, surveillance cameras, security systems, and telephone systems. Let’s focus on electronic health information and computer networks for example.

Audits of the security and computer systems are vital to maintain privacy and security of personal information. Through audits you can enforce compliance of the policies and procedures and see where changes, if any, are needed. It helps the staff to be aware of the importance in protecting the client/patient personal information. They see that there are consequences for not following policies and procedures.

You should also be aware of the risks from external threats. These include:

identity theft
loss of information
information shared with unauthorized individuals
Some examples of external threats are: malware (malicious software, designed to infiltrate or damage a computer system), spyware (a type of malware that collects information, such as key loggers), and irresponsible use of the Internet

Mitigation strategies include:

regular training and refreshers on privacy and security
IT professionals reassess any software/hardware additions/changes

Examples of technical safeguards in electronic medical records (EMRs) are:

Strong passwords
Encryption of data
Using role-based access to limit access to health information to a need to know basis (user-based access rights ((secure)), role-based rights ((more secure)) and context-based rights ((most secure))

Physical Safeguards are the physical measures used to protect electronic health information from unauthorized access. This includes precautions to prevent break-ins, theft of computers and files, unauthorized access to personal information, applying physical barriers and control procedures against threats to personal information, and policies and procedures on locking up at night, computer etiquette, and office set up (how and where computers, fax machines etc. are set up).

Examples of physical safeguards are:

Limiting access to the building, clinic and storage areas
Alarms and security cameras, doors and locks, lighting
Placing fax machines and printers out of sight and reach of public areas

Safeguards Next Steps

All three of the safeguards should be used in conjunction with each other. The use of these safeguards will help protect your client/patient information from breach, identity theft, loss and unauthorized access. You have the power to make the clinic/office safe from threats to security, privacy and confidentiality. Your clients/patients will know that you have taken all reasonable steps to ensure that their personal information has been protected and appreciate it. It is beneficial to your clinic to review all of your safeguard measures with staff and have regular audits, reviews, updates to the policies and procedures, systems, and security of the clinic. There are many self-assessment tools available from the Privacy Commissioners in the provinces and from the federal government. See the resources below.

About the author: Tamara Beitel has successfully completed the Health Information Management Diploma at Centre for Distance Education, she is currently preparing to challenge the National Certification Exam in July 2015. Tamara is looking forward to work as a Certified Health Information Management (CHIM) professional in the area of policy and privacy protection in the Calgary area.

Resources

Privacy Awareness Training– Corridor Interactive – Privacy Awareness in Healthcare: Essentials

Jean Eaton, When is privacy breach a privacy breach? https://informationmanagers.ca/privacy-breach-privacy-breach/

Office of the Information and Privacy Commissioner of Alberta

Office of the Privacy Commissioner of Canada

best practice, clinic management, good security practices, privacy, privacy breach, Safeguards, security

When is a Privacy Breach a Privacy Breach?

Posted on July 13, 2019 by Jean Eaton in Blog

The biggest mistake in managing a privacy breach is not recognizing the privacy breach.

The second biggest mistake is not knowing what to do about it.

The recent publicity about the privacy breach in Alberta when a laptop with health information was stolen and came to the public's attention several months later is not the first news item of its kind. In fact, this happens frequently in healthcare, retail, government departments and other industries. This doesn't make it any easier to swallow and certainly doesn't make it right. But this is an opportunity for you, healthcare provider or practice manager, and vendor to make sure that you have good practices in place to manage your next privacy breach.

Health information is recognized as being particularly sensitive and important to the person that the information is about. It is so important, in fact, that a new breed of legislation was developed to set out specific rules to ensure that the health information has robust safeguards (administrative, technical, and physical) to keep the health information confidential and secure. In Alberta, the Health Information Act (HIA) was proclaimed in 2001 to help custodians (people or organizations who collect, use, and disclose health information) ensure that they have identified the risks to breach of health information and how to prevent those risks. The legislation also ensures that the people who the health information is about have access to their personal health information.

In August 2018, amendments to the HIA were proclaimed that make it mandatory to report a privacy breach that could result in harm to the Office of the Information and Privacy Commissioner (OIPC).

Privacy breaches come in all types and sizes. One of the most common forms of a privacy breach is when a clinic or healthcare provider intends to send a report to another healthcare provider for continuing care and treatment but it is sent to the wrong physician. Or, the referral request went to the correct physician but included extra information about another patient that was not part of the referral.

What Is Considered a Privacy Breach?

A privacy breach is an unauthorized access to or unauthorized collection, use, disclosure , loss, or disposal of personal or health information.

To each of us, our own personal health information is important. As a healthcare industry, we need to ensure that we recognize this and acknowledge that each privacy breach is important to the person the information is about. We need to make sure that we minimize the risk of the information being used inappropriately or maliciously. We need to acknowledge to ourselves and to our patients and clients that we are human and that sometimes we do make mistakes and we will strive to do better.

A ‘small' breach of one person one time might have a big impact to the individuals involved.

A ‘big' breach of a lost laptop might have a bigger magnitude affecting many individuals.

When a breach also meets the requirements of mandatory notification, a custodian must report the breach regardless of how many people's information have been included in the breach.

4 Step Response Plan

When you have a privacy breach, follow these four steps to manage the privacy breach incident.

Step 1 – Spot and Stop the Breach

Each breach is important and needs to be recognized. Contain the breach so that it doesn't get any bigger.

Step 2 – Evaluate the Risks

Your privacy officer will investigate the incident and learn about the size, scope, and details about the breach. Consider if there is a reasonable basis to believe that there is a risk of harm to an individual

Step 3 – Notify

Notify the custodian, the affected individuals and (now, with the 2018 amendments), the Alberta OIPC, Minister of Health, Alberta Health (if the breach includes Netcare) and others.

The individual who's information has been breached needs to be made aware of the problem and the risk that might be experienced so that they can be prepare to limit the risks. The custodian needs to know how to manage the privacy breach and report it – internally and perhaps to other stakeholders.

Step 4 – Prevent the Breach From Happening Again

Correct and monitor the incident(s). Actively take steps so that the breach does not happen again.

Not Sure What To Do?

You never know when a privacy breach will happen! Prepare now with a privacy breach management program and coaching from the Practical Privacy Coach!

Learn what to do if you have a privacy breach.

4 Step Response Plan, Alberta, breach, Health Information Act, HIA, OIPC, privacy, privacy breach, training

Can You Predict Successful Privacy Awareness Compliance Training?

Posted on June 13, 2019 by Jean Eaton in Blog

Protect your organization and your patients.

Investing in privacy awareness compliance training that is engaging, practical, and easy to access will prevent a privacy breach in your healthcare practice.

But, how do you find the right training?

Look for a strong completion rate.

A high completion rate is the single best predictor of successful privacy awareness compliance training. Most on-line courses have a 6-15% completion rate.

The Privacy Awareness in Healthcare: Essentials program from Corridor Interactive has a completion rate of 95%.

And the investment is only $35 per person.

Give your patients the gift of privacy. Improve your healthcare practice with privacy awareness education.

HURRY! A privacy breach can happen at any time!

health care, healthcare, HIA, PHIPA, privacy, privacy awareness compliance training

What is a PIA?

Posted on March 11, 2019 by Jean Eaton in Blog

Have you ever been in a situation where you had a great idea that you wanted to implement and then someone asked you if have a PIA for that?

Click on the >> arrow above to play the video.

Maybe you wanted to add a new digital health app to make it easier for patients to book appointments with you, or get access to Alberta Netcare Portal, use the internet to get on-line consultations for your patients, or start using a new EMR.

Or maybe you have a new healthcare practice and you are excited about choosing the right location, the right equipment, the right vendors that fit your budget and your goals.

A PIA is a practical business tool in your healthcare practice.

A PIA is an important tool that you can use to help you with that project management.

It will help you anticipate risks to the project before it starts and avoid serious problems, wasted time and money.

The PIA process requires you to have written policies and procedures so that you can implement the project effectively and train your staff consistently. Sometimes a PIA is a requirement of legislation. But it is always a best practice whenever you implement a project that includes personal health information.

Watch the video now to take a look at what is a PIA, what will a PIA do for you, and when you need a PIA. Just click on the image above to play the video.

Would you like more information about Privacy Impact Assessments for your healthcare practice?

By entering your email address above, you are requesting about upcoming training and related resources. You can opt out at any time, and we'll never rent or sell your email address.

health care, Health Information Act, healthcare, HIA, Netcare, PIA, privacy, Privacy Impact Assessment, What is a PIA?, what is a privacy impact assessment

Privacy Like No One Is Watching

Posted on October 30, 2018 by Jean Eaton in Blog

Sometimes it feels like everyone's eyes are on you. CTV cameras, hackers, on-line scrapers, cookies, are watching and tracking us and regulators are telling us what we need to do to meet compliance requirements.

Even facial recognition software at shopping malls are watching you – and sending you targeted specials to your phone as you walk by the stores in the mall!

We can’t expect that everyone who has collected our information, like the shopping malls, will protect your personal information.

We should each be aware of and concerned about how our personal information is collected, used, and disclosed with – and without – our knowledge and consent.

I think that we should practice privacy like no one is watching.

We each need to build privacy into everything that we do in our personal life and our business because it makes sense to us to do that—not because someone says that you should.

The internet can instantly connect us to webpages that answer our questions and promise stuff to fulfill our dreams.

But now, the internet is also connecting to physical things. These things provide a service or convenience that we want. For example, an app on your smart phone will start to warm up your car on a winter day so that you don't have to scrape the windows. But, if someone hacks your internet enabled phone and remotely controls your car while you are driving, well, that's an example of how internet connected things can now physically harm you.

Listen to more examples with Bruce Schneier's interview on CBC podcast, SPARK, talking about his book ‘Click Here to Kill Everybody'.

So, lets take control of our privacy by making sure that we have some solid privacy practices that we can follow every day. And prevent internet connected things from harming us and hackers, and other folks to collect our information without our consent.

Protect you identity. It isn't about keeping secrets. It is about protecting what makes you, you.

Practical Privacy Tips Infographic

I created this Practical Privacy Tips infographic to share with the librarians and tech folks attending The Alberta Library Netspeed conference this month. I shared my practical obsession with privacy and confidentiality during my keynote ‘Privacy Like No One Is Watching'.

By clicking on the image below, you will download your infographic that you can print.

Post it in your place of work to remind you to take control by using practical privacy tips.

Yes, you can share!

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

infographic, practical privacy tips, privacy

Secure Computer Backup

Posted on October 22, 2017 by Jean Eaton in Blog

You know that Joni Mitchell song, Big Yellow Taxi? “Don't it always seem to go that you don't know what you've got 'til it's gone.”

This couldn't be more true than when your computer crashes. It's a terrible feeling when your software or hardware suddenly doesn't work, or you can't find an important file you know you had last month. This experience can be a speed bump on your busy day, or a nightmare that takes you days and weeks, and a lot of money, to recover.

Good business practices include having regular backup of your key documents, bookkeeping, website, emails, and databases including your Electronic Medical Record (EMR). If your information is personal or sensitive – to you, your client, or your business – the backup should also be encrypted.

Your backup plan should include a backup of your information in a separate location than the source documents. In case of a catastrophic failure – including bad weather, fire, theft – you can access your key information assets quickly. You could manage the backup yourself or outsource it to a remote backup provider.

Where is your encryption key?

Your encrypted backup files need a ‘key' or algorithm to de-encrypt the files so that you can read and access the information. Have you kept a copy of the encryption key in the same place as your source documents? Or have you kept the key in a separate location – away from the source documents and away from the backup files? Have you recorded in your disaster plan how to retrieve the key?

Where is your Encryption Key? Information Managers

Cybersecurity is for all businesses – even if you are not using social medial or have a website! Many small business think that they are too small to be attacked – not true! Not reviewing your security practices and keeping up to date can leave your small business vulnerable to attacks.

Remember to change your clocks for daylight savings time – and get into the habit to review your backup. Check to make sure that it includes all the information that it should and that you can restore the backup to a clean machine.

What will you do to improve your computer backup plan?

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#15DayPrivacyChallenge, #CyberAware, #NCSAM, computer backup, Practical Privacy Coach, privacy

Email Confidentiality Notice

Posted on October 16, 2017 by Jean Eaton in Blog

October is CyberSecurity Privacy Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #1

Take a quick look at your email address book: how many Jennifers and Toms do you see? Even uncommon names can show up more than once, and it’s easy to send an email to the wrong person by mistake.

Mistakes happen. But from a privacy perspective, it’s important that our email recipients know what we want them to do should we make an error of this sort. So it’s vital to include some guidelines in the form of a confidentiality notice.

Consider the following elements of a well-crafted confidentiality notice:

State your email privacy policy.
Encourage the recipient to inform you should an error occur.
Thank them for letting you know about any mistakes.
State that you believe their privacy is important, and that you will take every step necessary to correct the error to prevent it from happening again.

Does your email signature block and fax cover sheet include these points?

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware.

#15DayPrivacyChallenge, #CyberAware, e-mail confidentiality statement, Practical Privacy Coach, privacy

Do Your Club Volunteers Protect Your Privacy?

Posted on October 12, 2017 by Jean Eaton in 15 Day Privacy Challenge, PMN Replay

Your family is busy! Kids have sports teams, social clubs, and classes. Parents are involved in clubs and networking too–and, sometimes, you are the volunteer manager and snack co-ordinator, too.

But – do your club volunteers know how to protect your privacy?

Maybe more sensitive information like dates of birth, street address?

Do you have a policy to mask email addresses to members?

Who has a control of the club's financial information?

Do you have written policies and training for your volunteers to protect this information?

If your club is like thousands of others, you don't have good practices in place to protect your valuable personal information.

It only takes a little time and effort now to dramatically reduce the likelihood of a privacy breach in the future.

[clickToTweet tweet=”Do your club volunteers protect your #privacy? https://informationmanagers.ca/club-volunteers-protect-privacy/ ” quote=”Club Privacy Policy templates ready for you to use right away!”]Does your club collect email addresses or phone numbers?

Discover the 3 simple practical tips every club can use to prevent a privacy breach. This works for every type of club – toastmasters, Scouts, soccer team or book club!

Join the live webinar to discover the 3 simple practical steps every club needs to improve your club's procedures and prevent complaints, fines, and even jail time!

Practical tips that you can use right away to protect your privacy! with Jean L. Eaton, Your Practical Privacy Coach!

30 Minute Live Webinar followed by Q&A

Recorded Live Thursday, October 19, 2017

Replay is available for a limited time!

This webinar is a special presentation in the 15 Day Privacy Challenge E-Course. Your FREE webinar registration also includes access to the FREE 15 Day Privacy Challenge.

Webinar replay will be available in your E-course but join us live – because that's the only way that you get the Q&A!

When you register for the webinar, you will also receive the 15 Day Privacy Challenge. This is a fun, FREE online educational opportunity on privacy and security that you can use at home or at work. Enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches when you use these practical tips, tools, and resources.

This free online course is ideal for businesses, healthcare practices, or clubs and their privacy officers, employees, and their families.

We are official champions of the National Cyber Security Awareness Month (NCSAM). October is Cyber Security Awareness Month and Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.

#CyberAware, 15 Day Privacy Challenge, privacy, protect your privacy, webinar

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Posted on September 11, 2017 by Jean Eaton in 15 Day Privacy Challenge, Blog, Upcoming events/workshops

Is this you?

Paul clicked on a link in an email that encrypted all his data on his computer and now he has to pay a ransom to get the data back.

Mary used her work email address to register for the course, “Ready to leave your job?” Now her boss thinks that she is looking for a new job.

Alice did not follow your clinic policies and procedures properly and she left a confidential message with the wrong patient.

Bob is a new employee and will start his orientation tomorrow.

They each use the internet for their personal lives and as an employee. You need to know the best practices on the internet and how to protect your personal information. It's easy once you know how!

The 15 Day Privacy Challenge is a fun, FREE online educational opportunity on privacy and security that you can use at home or at work. Enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches when you use these practical tips, tools, and resources.

This free online course is ideal for businesses, healthcare practices, or clubs and their privacy officers, employees, and their families.

The course is free – there is no risk to you and you will see that the 15 Day Privacy Challenge is the perfect way to make small changes easily that can improve the privacy and security of your information right away!

The 15 Day Privacy Challenge starts October 15th, for fifteen days.

The challenge includes tasks centered on a privacy or security best practice. Each challenge includes a short description about why this practice is important, how to get started, and links to additional resources. Each challenge will take approximately 15 minutes to complete. All activities are online and accessible from any internet enabled device.

[clickToTweet tweet=”Practical #privacy and security tips for home or office – FREE! #15DayPrivacyChallenge #CyberAware” quote=”15 Day Privacy Challenge – Practical privacy and security tips for the internet enabled home and office – FREE!”]

Businesses and healthcare providers are legally responsible to ensure that every employee, contractor, and vendor receives privacy and security training, including cyber awareness. Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by being up to date on privacy and security best practices.

Training is the cornerstone of every privacy and security program.

People love games, challenges, and cyber competitions to create variety and interest in privacy and security best practices. The 15 Day Privacy Challenge uses a variety of multi-media content that everyone in your practice can understand. Privacy awareness training alone won’t guarantee that mistakes or errors in judgement won’t happen, but Privacy Awareness Training is your logical first step.

The 15 Day Privacy Challenge starts October 15th, for fifteen days.

The 15 Day Privacy Challenge includes easy to access on-line resources delivered each day. You will have access to all of the resources for one year on the website.

BONUS – access to discussion group with other participants to share your tips.

What People Are Saying

Don't just take it from us, here is what previous participants are saying:

“The 15 Day Privacy Challenge has given me some additional information on day-to-day responsibilities that I hadn't considered until now. Each Privacy Challenge has been so informative and I've been sharing it with our office staff.”

Vera. Alberta Health Services

“The 15 Day Privacy Challenge has made me aware of the policies that my facility needs to update/create!”

Rachel Worthing, CHIM, Ontario Shores Centre for Mental Health Sciences

“The 15 Day Privacy Challenge has given me some great resource information and helped me to identify the areas that I need to work on. I found value in almost all of the Privacy Challenges, but I would say Risk Assessment, Social Media, Email Phishing and Spam, and Confidentiality are the top four.”

Sharon

The 15 Day Privacy Challenges includes:

Posters
Short articles with practical information
Videos
Infographics
Links to additional free resources
Certificate of completion

The 15 Day Privacy Challenge includes practical tips on:

Confidentiality
Privacy Collection
Manage USB Sticks and Mobile Devices
Computer Backup
Computer Security
Spam email, Phishing emails, Spear-phishing
Privacy Officer Education
The Right to Access Your Own Personal Information
Change Your Passwords
Employee Orientation
Social Media
Risk Assessment
Privacy Breach Reporting

At the end of the challenge, you will receive a printable certificate of completion. Successful challengers might also find that this qualifies for CPE credits, too!

You will also have many more tools to add to your privacy tool box!

You can do this yourself or make it a team event. The finished tasks and poster will contribute to your business' Privacy Management Program. Proudly display your poster to your co-workers and customers to show the steps you have taken to manage privacy and security.

Yes, I'm ready to take the Privacy Challenge!

Includes the webinar on October 19 – Do Your Club Volunteers Protect Your Privacy?

Along with your webinar registration, you will also benefit from the occasional Privacy Nugget tips by email of similar privacy resources and articles that you can use right away!

#15DayPrivacyChallenge, #CyberAware, #NCSAM, 15 Day Privacy Challenge, healthcare, Practical Privacy Coach, Practice Management Mentor, privacy, privacy awareness, privacy officer, security, security awareness, training

1 2 3 ›»