I am looking forward to present “Privacy Risks and Kids” at the 2013 Alberta School Councils' of Alberta Conference April 27.
Child identity theft can happen to any child. How does this happen? What can you do to prevent it? In a fun and informative format, I will share with you some practical tips on how parents can protect their children's valuable information.
See http://www.albertaschoolcouncils.ca/?page=Conference for more information.
Alberta School Councils of Alberta Conference, privacy, privacy risks and kids, privacy speakerIt will soon be tax time. If your clinic provides services where patients pay for non-insured services, you may provide a consolidated fees report to the patient. However, you may only provide health information to the patient or to the individual that the patient authorizes. Instead of having to explain this over and over again, find a creative, pro-active method to inform your patients. Use a poster or your website or existing closed circuit TV to show common examples of how your office handles routine requests for information.
Download a sample poster and consent form from our website! Tax Poster
education, healthcare, patient release of information, privacy, privacy by design, privacy poster, Pro-active privacy, templatesPrivacy Risks and Kids
Child identity theft can happen to any child. How does this happen? What can you do to prevent it? In a fun and informative format, Jean will show you some practical tips on how parents can protect their children's valuable information.
Presented at the Alberta School Council's Association (ASCA) Conference and Annual General Meeting 2013.
For more information on the ASCA Conference, click here!
Alberta School Councils of Alberta Conference, child identity theft, privacy, privacy speakerPrimary Care Providers may expect their patients to be asking more questions about Health Information in Netcare. Review this information and your policies and procedures with your staff so that you know how to respond.
In order to mark Data Privacy Day 2013 (January 28, 2013), the Information and Privacy Commissioner of Alberta, Jill Clayton, has announced a new initiative to inform Albertans about their privacy rights.
Under the authority of the Health Information Act (HIA), your health information is available through the province-wide electronic record system named Alberta Netcare. Netcare is a network of information systems that allows authorized users to see prescriptions, lab results, diagnostic images, and hospital reports. It is used throughout Alberta in hospitals, and in medical clinics and pharmacies.
Consent to have your health information in Netcare is not required by law, but you do have rights that allow you to exercise privacy control.
With the provincial electronic health record system, Alberta Netcare, you have the right to:
Know why your health information is collected and whether it is available in Netcare
Know what information about you is in Netcare by asking for a print-out
Limit access to your Netcare record by asking for your information to be masked
Know who has looked at your information in Netcare
Request that errors be corrected
Ask the Information and Privacy Commissioner to review or investigate if you are not satisfied with a decision or response you receive about any of these rights
See the OIPC webpage and contact information, visit: http://www.oipc.ab.ca/pages/HIA/NetcareKnowYourRights.aspx
To view the News Release from the OIPC, visit: http://www.oipc.ab.ca/Content_Files/Files/News/NR_Netcare_Know_Rights_Jan_2013.pdf
access, Alberta, electronic health record, Health Information Act, Netcare, OIPC, patient rights, privacyAn Australian medical center is facing the possibility that its patients’ electronic medical records may be locked away forever after hackers broke into its computer system in December and encrypted the files. The hackers captured a medical centre's data and demanded A$4000 to decrypt the information.
While this incident is rare it is a good lesson to ensure that you take control of your data. Ensure that it is secure. Ensure that your data is securely backed up and is segregated from your computer servers. Your must be proactive and monitor your computer network. This may be an appropriate task to outsource to a reputable vendor. Are your plans comprehensive? Is it time for you to schedule your Privacy Practice Review?
See the Technology for Doctors Online story from January 17, 2013, for more information.
backup, best practices, breach, computer network, encryption, external hard drive backup, privacy, privacy breach, privacy practice review, security, security external hard drive devices, segregated backupWebinar – Clinic Manager's Privacy and Security Top 10 List
Time to update your Privacy Management Program plan for 2013! This workshop is an essential and effective hour long presentation on the Top 10 Privacy and Security issues facing Clinic Managers and Privacy Officers.
Webinar Series: Clinic Manager's Privacy & Security Top 10 List
Friday, January 18, 2013
11:30am – 12:30pm
Includes: HealthQuest Appointments application, HealthQuest iPad Forms application, Email security, mobile devices, managing vendor agreements, privacy breaches, privacy officer role and responsibility, training, and more.
Facilitated by Jean Eaton, Information Managers Ltd, and Rita Hielema, Microquest.
Email security, HealthQuest Appointments application, HealthQuest iPad Forms application, managing vendor agreements, mobile devices, privacy, privacy breaches, privacy officer role and responsibility, training, webinarCanada AM (CTV) has posted a video on their website on how to use privacy settings on Facebook. Follow the link to the video – share the link with your family and friends! Click Here. (make sure to view both clips)
What are the risks when you ‘like' another site? How can third parties make use of your pictures? Maybe you have set your privacy settings once – but, the next time that Facebook has made program changes and includes new settings you (the user) need to go back and trigger the new privacy settings.
facebook, privacyA self-reported breach by an individual to the Office of the Information and Privacy Commissioner resulted in an offence investigation being opened into suspicious access to health information. The completed investigation, after being referred to Crown prosecutors at Alberta Justice, led to thirty-one charges under the Health Information Act being laid for improperly accessing other individuals’ health information. Another charge was laid for inappropriate use of health information, another for inappropriate disclosure of health information, and one more charge for knowingly falsifying a record. In addition to these thirty-four charges under the Health Information Act, six charges were also laid under the Criminal Code.
The Calgary Herald reports that Brian Hamilton, OIPC Director for the Health Information Act, would only confirm the accused is not a doctor or other medical professional. The matter will be heard in Airdrie Provincial Court on Thursday, October 18, 2012.
The Edmonton Journal also reported that, in addition to the charges under the Health Information Act, the accused may face up to six Criminal Code charges.
Each organization has a responsibility to ensure that their employees (affiliates) receive education and training in their roles and responsibilities under the HIA. Information Managers can help you by providing training on-site and now by webinar. Click here for more information.
For more information, see:
the OIPC Website (http://www.oipc.ab.ca/Content_Files/Files/News/NR_Oct_2012.pdf)
http://www.calgaryherald.com/health/Charges+laid+improper+access+health+files/7400003/story.html
http://www.edmontonjournal.com/health/Alberta+Justice+lays+charges+improperly+accessing+health+information/7399425/story.html
access, Alberta, complaint, disclosure log, Health Information Act, HIA, improperly accessing health information, OIPC, privacy, privacy breach, trainingRemember the Privacy Principles – least amount of information, on a need to know basis? This recent investigation report from the OIPC reminds us to review our practices to collect information from patients to ensure that we are meeting our best practice standards.
An investigation into a southwest Calgary Co-op pharmacy has found its practice of collecting information on the immune status of an individual when they seek administration of an injection contravenes the Health Information Act.
A patient of the pharmacy contacted the privacy commissioner in April 2012 after he was presented with a form that asked if he had a condition that affects the immune system when he went to the Co-op Shawnessy Centre Pharmacy to receive a vitamin B12 injection.
The patient feared being stigmatized due to an immune disorder that he suffered from, and felt that the amount of information being demanded was excessive. He filed a complaint after being refused treatment without providing the information.
The Health Information Act specifies that custodians must only collect the most limited amount of health information to carry out an intended purpose.
For more information, see:
http://www.calgaryherald.com/health/Calgary+Pharmacy+found+violation+patient+privacy+rules/7346243/story.html
Privacy commissioners call on small- and medium-sized businesses to look before they leap into the cloud
EDMONTON, June 14, 2012 – Increasingly today, the word cloud is almost as likely to be spoken in a conversation about computing as it would in a discussion about the weather. New guidance issued by the Privacy Commissioner of Canada, and the Information and Privacy Commissioners of Alberta and British Columbia seeks to provide insight for small- and medium-sized enterprises (SMEs) to help their forecasting of potential benefits and risks posed by cloud-based services.
Cloud computing is the delivery of computing services over the Internet. SMEs may be attracted to cloud services as they can significantly reduce the cost and complexity of owning and operating computers and networks. Businesses using a cloud service provider don’t need to spend money on information technology infrastructure, or buy hardware or software licenses. Cloud services can also enable a business to store data offsite with the ability to access it over the Internet from the office, home or virtually anywhere.
In essence, this is a form of outsourcing. Businesses need to remember however that for any information they put in the cloud, the responsibility to safeguard it to the level required by Canada’s private sector privacy laws remains firmly with them.
The guidance includes key precautions and advice, such as:
For more information see: OIPC website
cloud computing, cloud service provider, OIPC, privacy