Private Event Complimentary for Microquest Clients

Posted on December 21, 2012 by Jean Eaton in Blog

Webinar – Clinic Manager's Privacy and Security Top 10 List

Time to update your Privacy Management Program plan for 2013! This workshop is an essential and effective hour long presentation on the Top 10 Privacy and Security issues facing Clinic Managers and Privacy Officers.

Webinar Series: Clinic Manager's Privacy & Security Top 10 List

Friday, January 18, 2013

11:30am – 12:30pm

Includes: HealthQuest Appointments application, HealthQuest iPad Forms application, Email security, mobile devices, managing vendor agreements, privacy breaches, privacy officer role and responsibility, training, and more.

Facilitated by Jean Eaton, Information Managers Ltd, and Rita Hielema, Microquest.

Email security, HealthQuest Appointments application, HealthQuest iPad Forms application, managing vendor agreements, mobile devices, privacy, privacy breaches, privacy officer role and responsibility, training, webinar

Facebook Privacy Settings

Posted on December 12, 2012 by Jean Eaton in Blog

Canada AM (CTV) has posted a video on their website on how to use privacy settings on Facebook. Follow the link to the video – share the link with your family and friends! Click Here. (make sure to view both clips)

What are the risks when you ‘like' another site? How can third parties make use of your pictures? Maybe you have set your privacy settings once – but, the next time that Facebook has made program changes and includes new settings you (the user) need to go back and trigger the new privacy settings.

facebook, privacy

Charges laid under the Health Information Act

Posted on October 31, 2012 by Jean Eaton in Blog

A self-reported breach by an individual to the Office of the Information and Privacy Commissioner resulted in an offence investigation being opened into suspicious access to health information. The completed investigation, after being referred to Crown prosecutors at Alberta Justice, led to thirty-one charges under the Health Information Act being laid for improperly accessing other individuals’ health information. Another charge was laid for inappropriate use of health information, another for inappropriate disclosure of health information, and one more charge for knowingly falsifying a record. In addition to these thirty-four charges under the Health Information Act, six charges were also laid under the Criminal Code.

The Calgary Herald reports that Brian Hamilton, OIPC Director for the Health Information Act, would only confirm the accused is not a doctor or other medical professional. The matter will be heard in Airdrie Provincial Court on Thursday, October 18, 2012.

The Edmonton Journal also reported that, in addition to the charges under the Health Information Act, the accused may face up to six Criminal Code charges.

Each organization has a responsibility to ensure that their employees (affiliates) receive education and training in their roles and responsibilities under the HIA. Information Managers can help you by providing training on-site and now by webinar. Click here for more information.

For more information, see:
the OIPC Website (http://www.oipc.ab.ca/Content_Files/Files/News/NR_Oct_2012.pdf)

http://www.calgaryherald.com/health/Charges+laid+improper+access+health+files/7400003/story.html

http://www.edmontonjournal.com/health/Alberta+Justice+lays+charges+improperly+accessing+health+information/7399425/story.html

access, Alberta, complaint, disclosure log, Health Information Act, HIA, improperly accessing health information, OIPC, privacy, privacy breach, training

Calgary pharmacy found in violation of patient privacy rules

Posted on October 31, 2012 by Jean Eaton in Blog

Remember the Privacy Principles – least amount of information, on a need to know basis? This recent investigation report from the OIPC reminds us to review our practices to collect information from patients to ensure that we are meeting our best practice standards.

An investigation into a southwest Calgary Co-op pharmacy has found its practice of collecting information on the immune status of an individual when they seek administration of an injection contravenes the Health Information Act.

A patient of the pharmacy contacted the privacy commissioner in April 2012 after he was presented with a form that asked if he had a condition that affects the immune system when he went to the Co-op Shawnessy Centre Pharmacy to receive a vitamin B12 injection.

The patient feared being stigmatized due to an immune disorder that he suffered from, and felt that the amount of information being demanded was excessive. He filed a complaint after being refused treatment without providing the information.

The Health Information Act specifies that custodians must only collect the most limited amount of health information to carry out an intended purpose.

For more information, see:
http://www.calgaryherald.com/health/Calgary+Pharmacy+found+violation+patient+privacy+rules/7346243/story.html

complaint, Health Information Act, HIA, OIPC, privacy, privacy principles

Privacy commissioners call on small- and medium-sized businesses to look before they leap into the cloud

Posted on June 16, 2012 by Jean Eaton in Blog

Privacy commissioners call on small- and medium-sized businesses to look before they leap into the cloud

EDMONTON, June 14, 2012 – Increasingly today, the word cloud is almost as likely to be spoken in a conversation about computing as it would in a discussion about the weather. New guidance issued by the Privacy Commissioner of Canada, and the Information and Privacy Commissioners of Alberta and British Columbia seeks to provide insight for small- and medium-sized enterprises (SMEs) to help their forecasting of potential benefits and risks posed by cloud-based services.

Cloud computing is the delivery of computing services over the Internet. SMEs may be attracted to cloud services as they can significantly reduce the cost and complexity of owning and operating computers and networks. Businesses using a cloud service provider don’t need to spend money on information technology infrastructure, or buy hardware or software licenses. Cloud services can also enable a business to store data offsite with the ability to access it over the Internet from the office, home or virtually anywhere.

In essence, this is a form of outsourcing. Businesses need to remember however that for any information they put in the cloud, the responsibility to safeguard it to the level required by Canada’s private sector privacy laws remains firmly with them.

The guidance includes key precautions and advice, such as:

Pay close attention to cloud service contracts. For example, might the fine print allow for third-party disclosures of the information stored?
Are your customers aware that their information might be outsourced to the cloud and do you have their consent?
Where in the world is the data stored and what law may apply? No matter what, the business outsourcing the data is responsible for ensuring it’s protected to a level expected under Canadian privacy law.

For more information see: OIPC website

cloud computing, cloud service provider, OIPC, privacy

Change your PIN Day March 1 2012

Posted on March 1, 2012 by Jean Eaton in Blog

Edmonton Mayor Stephen Mandel proclaimed March 1 as Change Your PIN Day.

Police are encouraging Edmontonians to change their banking PIN numbers Thursday to help prevent fraud.

In Edmonton last month police issued an arrest warrant for ten men accused of skimming more than half a million dollars from at least 900 bank accounts in Edmonton.

Here are some additional tips from Royal Bank of Canada: http://www.rbc.com/privacysecurity/ca/alert-fraud-prevention-month.html

Keep personal information confidential.
Do not give out personal information over the phone, through email or over the Internet unless you initiated the contact and know who you're dealing with.
Do not include personal information in regular, unencrypted email or enter it on an unencrypted website as your information will not be secure.
Keep your personal information safe. An identity thief will pick through your garbage or recycling bins, so be sure to shred receipts, copies of credit applications, insurance forms, etc.
Protect your PIN and passwords. Do not reveal your PIN or passwords to anyone, including employees of RBC, family members and friends. When conducting a transaction at an ATM or retail (point-of-sale) location, keep your Client Card/Credit Card within sight and shield the keypad when entering your PIN.
Be aware and be safe! REMEMBER—if something sounds too good to be true, it probably is!

March is Fraud Prevention Month: Recognize it, Report it, Stop it!

Over the next four weeks, the RCMP will be participating in a series of local and national fraud-awareness initiatives. To reduce your chances of being victimized by fraud, check the RCMP's website daily during the month of March for tips aimed at keeping you safe from scammers. Topics covered will include identity theft, phishing, on-line shopping, social networking and credit and debit card fraud.

For more information, see Metro Edmonton March 1, 2012 http://metronews.ca/news/edmonton/9057/a-day-to-change-your-pin/
and CTV Edmonton. http://edmonton.ctvnews.ca/mayor-mandel-proclaims-march-1st-change-your-pin-day-1.775231

change your PIN, Fraud Prevention Month, privacy

Data Privacy Day Edmonton

Posted on January 16, 2012 by Jean Eaton in Blog

Save the Date! January 28, 2013

The Office of the Information and Privacy Commissioner of Alberta will be hosting a half day Data Privacy Day event on the morning of Monday, January 28, 2013 at the Delta Edmonton Centre Suite Hotel, 10222 – 102 Street, Edmonton. Details regarding the agenda and registration at OIPC.ab.ca.

Data Privacy Day

2013, Data Privacy Day, Data Privacy Day Edmonton, privacy

«‹6 7 8