Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Do You Use Employee Privacy and Security Policy and Procedure Checklist Templates?

Posted on December 21, 2020 by Jean Eaton in Blog

Why Do You Need Policy and Procedure Checklists for Onboarding and Exiting Employees?

There is much excitement when we welcome a new hire to our team and there are many administrative tasks that need to take place to get this individual up and running. An employee policy and procedure checklist will help!

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed to protect patient privacy as required by our professional colleges and privacy legislation. Otherwise, you face all sorts of risks, including privacy breaches and other legal problems.

To ensure that onboarding a new employee is a smooth transition, it is imperative to follow a practical checklist procedure to make sure no important steps are missed. There are also many other managerial benefits to adopting this high-quality process:

  • Better job performance and satisfaction
  • Greater commitment to protecting privacy in the organization
  • Reduced stress and better staff retention

Employee Privacy and Security Policy and Procedure Checklist

Policies and procedures are reasonable safeguards to protect the personal and health information entrusted to us. But polices and good intentions alone are not enough; we also need to take action to ensure our policies are understood and are being followed by all our employees.

Training new and existing staff on privacy and security best practices is instrumental in making your healthcare practice a success and maintaining its fine reputation. Following a systematic approach to welcoming a new employee, transitioning an existing employee into a new position, or offboarding an employee who is exiting will guarantee that valuable privacy and security training and accesses are completed.

Read this Privacy Breach Nugget that explains what can happen if you don’t have these good practices in place. Do You Know Where Your Policies And Procedures Are? 

New Employee Orientation / Onboarding

New employees are a welcome addition to any team and there is a vast amount of training that needs to take place from general procedures on how to handle phone calls to signing confidentiality oaths to becoming familiar with all policies and procedures, in addition to learning the everyday job duties for their own position.

Since privacy is good for business, we do not want to miss any important opportunities to train our new staff on privacy and security best practices. Using the Employee Privacy and Security Checklist will help facilitate training discussions and document the authorized accesses of each employee.

Existing Employees / Annual Review

The checklist will also act as a tool for each employee at their performance review. Provide positive feedback and observations of an employee’s successes in protecting personal information. Discuss opportunities for improvement, too. This is also a good time to review an employee’s current authorized role-based accesses and determine if any changes are needed to match the employee’s current job duties.

Ensure that the employee still has ‘tokens’ that they were given at the time of their hire, like identity badge, keys to the clinic or Alberta Netcare RSA fob.

Privacy and security best practices dictate that confidentiality oaths should be signed on an annual basis and annual privacy awareness and security refresher training should also be provided to all employees. In the event of a privacy incident or breach, it is imperative that a healthcare practice can prove by their documentation that regular privacy and security training is provided to their staff.

Transferring / Exiting Employees

When an employee transitions into a new role or is terminated, review and update the privacy and security checklist to ensure that access and permissions are appropriately modified or terminated.

Custodian Responsibility

Custodians have an obligation to ensure reasonable safeguards to protect the privacy and security of health information. This includes having appropriate policies and procedures in place, as well as demonstrating and documenting that you have implemented your plans. This is a requirement of professional college standards of practice and privacy legislation like the Health Information Act (HIA).

See the article Do You Know Where Your Policies And Procedures Are? to learn what can happen to you if you don’t have your employee training process well documented

The Employee Privacy and Security Checklist will make it easy for you to ensure your new hires, existing employees, and transferring or exiting employees are privacy and security compliant.

 

Download the FREE Report - Employee Privacy and Security Policy and Procedure Checklist Template

Your practice also needs to have policies and procedures that set out how you ensure the privacy, confidentiality, and security of the health information you collect, use, and disclose. Don't know which policies and procedures you need? Download the Privacy and Security Policies and Procedures Checklist below!

Show Me the Policy and Procedure Checklist!

Practice Management Success

If you are a member of Practice Management Success, login and access the webinar replay, and the policy, procedure, and checklist template.

Not a member? Join today!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies And Procedures Are?

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

New! Health Information Policy and Procedure Manuals

When we know better, we can do better…

Jean L. Eaton is constructively obsessive about privacy, confidentiality, and security expecially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

 

 

checklist, clinic, health care, healthcare, medical, policy, Practice Management Success, privacy, procedure, template

New Health Information Policy and Procedure Manuals!

Posted on November 23, 2020 by Meghan in Blog

Written Health Information Policies and Procedures

Most healthcare practices have good systems in place to properly collect, use, and disclose health information – but most practices don’t have these in writing!

Patients have the right to access their personal health information but yet frequently complain about long wait times and uncooperative front office staff when trying to request their personal information.

New staff members are hired and don’t receive clear written instructions on how to perform routine health information management tasks.

Why do these same problems repeatedly appear in practice audits and privacy complaints?

The most common reason that I see is incomplete, outdated or missing written policies and procedures! It doesn’t have to be this way.

I have seen how privacy compliance and patient satisfaction improves when practices have access to written templates. But templates and checklists alone are not enough!

You know your practice better than anyone else. When you customize standard policies and procedures to best reflect your practice, you develop strategies for your daily tasks.

And, when your team receives short on-demand video tutorials about the purpose of the policies and procedures and how it impacts patient care, the staff better understand and more consistently follow the policies and procedures.

That’s why I’ve developed the Health Information Privacy and Security Policies and Procedures Manual with templates and training to help you with your health information practice management and practice management. These policies and procedures have been implemented in hundreds of practices across Alberta and Canada.

I have consulted with medical, pharmacy, chiropractic, nursing, and nurse practitioners to create practical policies and procedures for them. Now, I’ve used these best practices as templates that you can use right away!

Now For Chiropractic and Nursing, Too!

Your healthcare practice needs a Health Information Policy and Procedure Manual. Written policies and procedures assist you to correctly, efficiently, and confidently collect, use, access, and disclose health information so that you can meet your accreditation, privacy impact assessment, and regulatory compliance requirements.

  • Starting with a template saves you time and money
  • Be privacy and security compliant
  • No special software to buy or learn
  • Use your existing MS Word and MS Excel office productivity software
  • One-time fee
  • On-line support
  • Available now!
Health Information Policy and Procedure Manual

Click the >> arrow to watch a short demo of the robust manual you can create quicker than you thought possible!

Different Policy and Procedure versions available for your specific type of healthcare practice

Medical Doctor

Medical Practice

Dental Practice

Dental Practice

Chiropractor

NEW!

Chiropractic Practice

Nurse Practitioner

NEW!

Nurse Practitioner Practice

Registered Nurse

NEW!

Registered Nurse Practice

Health Information Policy and Procedure Manuals ready for you now!

Step 1: Complete the questionnaire and download the templates

Step 2: Easily generate draft 24+ policies and 28+ procedures and forms using MS Word

Step 3: Edit the documents

Step 4: Video coaching and best practices for the policies and procedures and implementation tips

Step 5: Customize for your healthcare practice

Step 6: Video orientation for your employees

Get the Reliability And Power of Policy and Procedure Templates Without Spending Hours (or Days) Creating Them.

Show me the Policy and Procedure Templates!

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Do You Know Where Your Policies and Procedures Are? 

Why Do You Need Health Information Policies and Procedures?

Healthcare Policies And Procedures: Essential in EVERY Practice

Do You Use Employee Privacy and Security Policy and Procedure Checklist Templates?

chiropractors, dentist, health information, Health Information Act, healthcare, medical clinic, Nurse Practitioners, Policies and procedures, policy, privacy and security, Privacy Impact Assessment, procedure, Registered Nurses, template

Are You Using Zoom In Your Healthcare Practice?

Posted on June 24, 2020 by Meghan in Blog

Are you using Zoom in your healthcare practice?

In healthcare, it is important that patients trust you before they will share their personal information, listen to you, and before they will carry out your treatment recommendations.

In telemedicine, your patients need to be able to see your face, hear your voice in order to trust you.

When you appear confident on camera during telemedicine call this will build trust with your patient and remove distractions so that your patient better listens to your advice.

This on-line training will help you become more confident using Zoom for meetings, virtual care, and telemedicine.

The Communicate & Meet With Zoom in Your Healthcare Practice course will look at the basics of both joining and hosting a meeting, as well as the difference between the free and pro plan options.

Communicate and Meet Using Zoom In Your Healthcare Practice

Online course

Are you using Zoom for your Telemedicine or Virtual Care Encounters? Build trust with your patients when you confidently use Zoom to Communicate and Meet.

Ideal for physicians, dentists, chiropractic, physio, optometry – every healthcare professional who use Zoom for telehealth, virtual care, or team meetings!

  • 25 step-by-step videos to get started quickly and be successful with Zoom
  • Bonus downloadable Zoom instructions for patients
  • Bonus training: Easily Improve Your Video Conference Presence with Lauren Sergy
  • Bonus: Virtual Care Workflow
  • Bonus: Virtual Background templates and training

If you are new to Zoom, I suggest that you follow the on-screen videos step by step.

If you are familiar with Zoom, and just need to dig a little deeper into the advanced settings or have specific questions, you can select the training that would most help you.

Note: This training is not specific to Zoom Healthcare; however, many of the features are similar between the public and the Healthcare versions of Zoom.

The Practice Management Success Tip, Communicate and Meet Using Zoom In Your Healthcare Practice, will help you

  • Gain your patients' trust.
  • Communicate confidently on-camera with your patients and your employees.
  • Document your new virtual workflow process.
  • Present yourself professionally.
Show Me Communicate and Meet Using Zoom In Your Healthcare Practice
healthcare, healthcare business, medical, physician, small business, Social Media for the Small Healthcare Practice, telehealth, telemedicine, template, videoconferencing, virtual care, zoom

Is Remote Working A Good Choice For Your Healthcare Practice?

Posted on March 23, 2020 by Jean Eaton in Blog

In our healthcare practices, we have policies and procedures to identify the reasonable safeguards we need to take to protect personal and health information entrusted to us. But when employees complete their roles off-site, due to personal circumstances or to ensure business continuity in unusual situations, we need to take action to ensure reasonable safeguards are in place to protect the privacy, confidentiality, and security of personal health information.

Remote Work May Be Available To Employees

Working from home is at the sole discretion of the custodian and owner of the clinic. Examples when this may be applicable include:

  • Business continuity – due to technical, physical, or other unusual circumstances.
  • Work levelling – volumes of work are distributed to another location usually for a short duration.
  • Illness / personal circumstances – where an employee is unable to report to work at the clinic but can continue to complete their roles off-site.

Some administrative tasks in a healthcare office – for example, incoming phone calls, appointment booking, appointment reminders, billing, and/or transcription – could be done from a home office environment. Sometimes even follow-up and consultations from the healthcare provider can be done remotely, too.

The healthcare provider or custodian is ultimately responsible to ensure the secure collection, use, and disclosure of health information.

For the purposes of this article, the ‘custodian’ may be the healthcare provider defined by the HIA, or the lead healthcare provider or owner in your practice.

p

In Alberta, a ‘custodian’ is defined under the Health Information Act as a health services provider who is designated in the regulations as a custodian, or who is within a class of health services providers that is designated in the regulations. HIA section 1(1)(f)(ix)

This includes:

  • Physicians
  • Pharmacists
  • Optometrists
  • Opticians
  • Chiropractors
  • Midwives
  • Podiatrists
  • Denturists
  • Dentists and dental hygienists
  • Registered nurses

Is Remote Working Good for Your Business?

As the custodian, you must decide if remote working is a good option for your business. When you decide that this is a viable option for your business, you then need to: 

  • Determine if remote working is appropriate for your employees.
  • Identify what clinic / business resources need to be provided to the employee remote worker.
  • What reasonable safeguards need to be implemented to protect the privacy, confidentiality, and security of personal (health) information.

Likely you will continue to have both on-site and remote workers. The custodian will decide what ratio is appropriate to provide patient care and business goals on both a short term and a long term basis.

Regulations, Standards, Policy

Each healthcare business has multiple sources of sensitive information, including employee, financial, business, and health information. Custodians and owners have a responsibility under a variety of regulations, professional practice standards, and internal policies to protect the privacy, confidentiality, and security of personally identifying information (PII).

Health information is sensitive information. Reasonable efforts must be made to ensure that identifying and sensitive information is protected from unauthorized access, loss, or damage during and outside work hours. What a custodian may consider is reasonable efforts during a pandemic may be different than reasonable efforts from normal circumstances.

During a public health crisis, privacy laws still apply, but they are not a barrier to appropriate information sharing.

Privacy Impact Assessments

In Alberta, section 64 of the Health Information Act (HIA) requires custodians to prepare a privacy impact assessment (PIA) and submit it to the Office of the Information and Privacy Commissioner (OIPC) of Alberta prior to implementing a new administrative or technical process in a healthcare practice.

The OIPC in Alberta requests in its notice of March 19, 2020, that custodians notify the Commissioner about new administrative practices or information systems. Your submission to the OIPC should include a description of what the new program is meant to achieve and any safeguards for health information.

Standards

Your professional college may also have standards of practice and recommendations that impact your decision to implement remote working or virtual healthcare.

The Advice to the Profession series from the College of Physicians and Surgeons of Alberta (CPSA) offers guidance documents to assist you in assessing the security risks and safeguards of electronic communications, including laptops and mobile devices, to further assist you to determine appropriate safeguards.



From the College of Physicians and Surgeons of Alberta (CPSA):

COVID-19: Virtual Care

Electronic Communications & Security of Mobile Devices

Standard of Practice Telemedicine

Review Your Current Policies and Procedures

Don’t cut corners. Instead, build privacy into your decision. Create, review, and update your policies and procedures.

Use the Remote Worker Privacy and Security Checklist to help you document your decisions and expectations with eligible employees.

You may also need to consult your information technology support providers to ensure up-to-date computer and network security has been implemented.

Virtual Healthcare

Healthcare providers may consider providing virtual healthcare services to their patients. The healthcare provider may be at their usual clinic or office location and use all of their existing systems and tools to access patient records in paper or electronic medical records (EMR).

Alternatively, the healthcare provider may be working remotely, too. The same privacy, confidentiality, and security safeguards applies to their home working location.

If you are choosing to implement a new virtual healthcare solution specifically to respond to the current public health emergency, the Office of the Information and Privacy Commissioner (OIPC) of Alberta advises that

“ . . .custodian[s] need to determine what are reasonable safeguards in the circumstances and be prepared to justify their decision. Health custodians should also ensure individuals are aware of any heightened risks to privacy as a result of a new administrative practice or information system being implemented.”

Remember, you can leverage existing technology – like the telephone – to keep in touch with your patients. This likely would not be considered a new administrative or technological practice that would require a PIA. This might also be a great time to fully implement your current patient portal functionality from your EMR vendor, too.

You may decide, based on your evaluation of the potential risks and what reasonable safeguards that you can quickly implement in response to the new public health emergency, that authorizing remote working or a new videoconferencing solution is not the best choice at this time.

Select the process that ensures continuity of care to the patient, including appropriate documentation in the patient record and the protection of the PII.

​Reference

Notice: PIAs During Public Health Emergency, March 19, 2020, Office of the Information and Privacy Commissioner (OIPC) of Alberta

The Practice Management Success Tip, Remote Worker Privacy and Security Checklist, will help you

  • Determine if remote working is appropriate for your employees.
  • Identify what clinic / business resources need to be provided to the employee remote worker.
  • What reasonable safeguards need to be implemented to protect the privacy, confidentiality, and security of personal (health) information.
Show Me The Remote Worker Privacy and Security Checklist

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

What Should I Do If I Think I Have COVID-19?

Do You Know Where Your Policies and Procedures Are? 

 

assessment, healthcare, medical, pandemic, physician, remote working, risk assessment, template, work from home

Privacy Challenge #3 Privacy Collection Notice

Posted on October 17, 2015 by Meghan Davenport in Archive

Privacy Collection Notice

Every time we gather information from a client, we're entering into a trust relationship with them. We trust them to provide accurate information, and they trust us to keep it private and safe.

So it's only fair that we are transparent with our clients about our policies and procedures regarding the collection and safe-keeping of CollectionNoticetheir important confidential information. We want them to understand:

  • Why we are collecting their information
  • How we are using their information
  • How we are protecting their information
  • How our organization meets the rules and regulations of our industry

Read More

#15DayPrivacyChallenge, 15 Day Privacy Challenge, Collection Notice, Health Information Act, HIA, Practical Privacy Coach, privacy, template

The Honest Spin Doctor

Posted on July 24, 2014 by Jean Daffin in Blog, Practice Management Nugget Interview

A press release can be used to announce an event like community wellness day, product launch or some other newsworthy event. A well written press-release makes it easy for the media to make you look good.

The Honest Spin Doctor 

is a tightly written book that will give you what you need to know about media relations, crisis communications and the need for organizations to have policies that guide their behaviour when it comes to the media and social media.  Tweet this!

This easy to read, easy to use, valuable resource is ideal for healthcare practices to

  • Prepare press release about your practice
  • Develop communications and social media policies
  • Respond to media inquiries

 

Grant Ainsley Grant Ainsley Inc.

Grant Ainsley
Grant Ainsley Inc.

Grant Ainsley is an award-winning journalist and public relations professional, who has interviewed some of the biggest names in Canada.  His newest book, self-published The Honest Spin Doctor:  Navigating the Media Maze is now available.

Practice Management Nugget webinar interview with Grant Ainsley recorded live on Thursday July 24, 2014.

Try out a Membership Trial to access this Practice Management Nugget interview and other webinar replays and resources. And if you’re already a member, just log-in and enjoy!

 

communications policy, honest spin doctor, media relations, Practice Management Mentor, Practice Management Nugget, press release, self-publishing, social media, template

Privacy Breach – 3 Mistakes in Managing a Privacy Breach

Posted on June 3, 2014 by Meghan Davenport in Blog, Privacy, Confidentiality, and Security Series Webinar

Privacy, Confidentiality, Security for Medical Offices©

Privacy Breach – 3 Mistakes in Managing a Privacy Breach

Privacy is a huge issue for the public right now, and as more businesses, health care practices, and even your grocery store collect more information about you, the risks of having that information stolen, misused, or compromised, are huge.

Having a privacy breach can cost you time, money, and trust of your patients.

Attend this webinar, 3 Mistakes in Managing a Privacy Breach, to help you understand the three common mistakes in managing a privacy breach, and ensure that you and your staff take the right steps to contain, manage, and prevent privacy breaches.

 

Pssst – if you are a member, click this link for an EXCLUSIVE coupon. Not a member? Become one!

 

This webinar will teach you:

  • how to identify a privacy breach
  • how to notify a privacy breach
  • how to communicate about a privacy breach

 

Register for the Webinar!

 

Privacy Breach – 3 Mistakes in Managing a Privacy Breach

Tuesday July 29th, 2014  12:00pm – 1:00pm MST

Live webinar with Jean Eaton, the Practical Privacy Coach and Practice Management Mentor.

Discussion, resources, and template procedures that you can use right away!

Replay will be available for 1 week. Register today!

The Privacy, Confidentiality and Security Series include topics such as privacy awareness, privacy breaches, and email with patients. Seminars last from an hour to an hour and a half, and cover important information for new patient care providers and support staff, as well as practice managers, healthcare providers, or trusted vendors who support healthcare practices. Privacy, Confidentiality and Security© series is hosted by Jean Eaton (the Practice Management Mentor) of Information Managers Ltd.

 

practice management, privacy breach, template

Fax cover page – friend or foe?

Posted on November 25, 2013 by Jean Eaton in Blog

Fax cover pages often act as ‘dividers' to piles of paper – electronic or hard copy.  Many offices still receive faxes by hard copy – and this remains the default assumption as the ‘lowest common denominator'.  I think that the dividers still serve a purpose.

Perhaps more importantly, there is a common practice that the cover page is the identifier of where the document originated, the intended purpose the information was provided, who the information is addressed, and who authorized the sending of the information.

Often the cover page provides clarity to the identify of the individual the information is about.  Many healthcare providers use the cover page as their ‘disclosure log' to meet legislative compliance to clearly document disclosure of health information of a individual.  I don't think it is feasible to add the information to the source document.

The receiver of the information needs this information in order to determine if they will accept the responsibility of collecting the information and the purpose for that information.

Perhaps the better approach is to make the cover page more useful – to both the receiving and sending party – by improving the documentation and adding suggested indexing categories.  This can be easily generated if the sending party is using an EMR.

See also:  Canadian EMR http://blog.canadianemr.ca/canadianemr/2013/11/a-complication-of-paper-faxes.html

best practice, cover pages, disclosure log, EMR index, fax, health information, healthcare, template

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"The 15 Day Privacy Challenge has given me some great resource information and helped me to identify the areas that I need to work on. I found value in almost all of the Privacy Challenges, but I would say Risk Assessment, Social Media, Email Phishing and Spam, and Confidentiality are the top four."

- Sharon

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2020 Information Managers Ltd.