Info

Practice Management Nuggets

Practice Management Nuggets Podcasts for Your Healthcare Practice - is a regular interview series with practice managers, healthcare providers, or trusted vendors who support healthcare practices. Topics include things you need to know to help you start, grow, improve, or maintain your healthcare practice. The events will be short – about 30 minutes – with nuggets of information that you can use right away. And best of all – this is a free, no cost opportunity for you and your staff to hear from experts on a variety of topics how they made their clinics and businesses a success! Practice Management Nuggets© series is hosted by Jean L. Eaton (Your Practice Management Mentor and Practical Privacy Coach) of Information Managers Ltd. I am constructively obsessive about privacy and confidentiality in the healthcare sector--and I think you should be, too! I help primary care practice managers and health care providers properly manage the risk of a privacy breach, stay out of jail, avoid fines AND keep an efficient practice! Practice Management Nuggets has been interviewing guests and sharing nuggets of information since 2014! Get all the show notes at PracticeManagementNuggets.Live. www.InformationManagers.ca www.PracticeManagementNuggets.Live
RSS Feed Subscribe in Apple Podcasts
Practice Management Nuggets
2021
September
July
May
April


2020
December
October
September
August
July
June
May
April
March
February
January


2019
December
November
September
July
June
May
April
March
February
January


2018
September
August
May
April
March
February
January


2017
December
October
July
June
May
April
March
February


2016
September
June
May
April
March
February
January


2015
December
November
October
September
May
April
March
February


Categories

All Episodes
Archives
Categories
Now displaying: 2020
Dec 18, 2020

You might need to amend your PIA if you want to:

  • add a new digital health app or patient portal to make it easier for patients to book appointments with you, or
  • get access to Alberta Netcare Portal, or the CII or CPAR projects,
  • expedited Netcare Privacy Impact Assessment,
  • use the internet to get telehealth on-line consultations for your patients,
  • update your participating custodians and privacy officer, and
  • regular review to ensure that you are continuing to meet the requirements of the Health Information Act (HIA).

A PIA is a practical business tool in your healthcare practice.

A PIA is an important tool that you can use to help you with project management.

It will help you anticipate risks to the project before it starts and avoid serious problems, and wasted time and money.

The PIA process requires you to have written policies and procedures so that you can implement the project effectively and train your staff consistently.

Sometimes a PIA is a requirement of legislation. But it is always a best practice whenever you implement a project that includes personal health information.

Show Notes


01:14  Introduction Jean L, Eaton

05:08  What Is A PIA

06:46  Purpose of a PIA

10:53  PIA Facilitates Discussion

11:57  PIA Will Help You Select Vendors

13:38  PIA Process

16:12  What is a p-ORA?  

17:20  When do you need a privacy impact assessment (PIA) amendment?

19:17  Is It A New PIA or Amendment? 

20:55 Common scenarios

21:47 Change in Custodians

22:38  New Location

23:17  Alberta Netcare Portal

24:47  Previous PIA is more than 2 years ago

25:20  Telehealth

26:16  PIA Timeline

28:04  10 Steps To Prepare Your PIA Amendment

28:14  Step 1 Locate Previous PIA

31:03  Step 2 Review Your Current IT

40:07  Step 3 Review Policies Procedures

40:43  Step 4 Review Your Safeguards

41:34  Step 5 Authorizing User Permissions

43:43  Step 6 Training Policies

45:21  Step 7 Access and Correction Requests

47:06  Step 8  Masking

47:37  Step 9 Responding To Breaches

50:06  Step 10 Next Steps

52:20  Summary

53:29  Remote Working Telehealth Tools

PMS Tip Remote Worker Privacy And Security Checklist: https://informationmanagers.ca/pmsrw

PIA Template Remote Working and Virtual Care: https://informationmanagers.ca/pia-virtual-care

55:22 Practice Management Success Tip Privacy and Security Policies and Procedures Checklist
https://informationmanagers.ca/o6s2

55:58 Health Information Management Privacy and Security Policy and Procedure Templatehttps://informationmanagers.ca/hitemplates

56:10  3 Options To Help You With Your PIA
https://informationmanagers.ca/privacy-impact-assessment-pia/

Oct 28, 2020

If you have an appointment schedule with a lot of openings, you might need a patient recall program.

If you don't have many recall appointments in your schedule, you might need a patient recall program.

If you want to add additional or your first dental hygienist, you might need a patient recall program.

If you have patients that haven't seen you for a long time, you might need a patient recall program.

Today, Joanne Williams of U R DU Appointments is my guest on this episode of Practice Management Nuggets For Your Healthcare Practice!

Joanne will share how a patient recall program will help a dental practice, increase your revenues by implementing a consistent patient recall program.

Show Notes

Publish October 27, 2020

00:59  Introduction Jean L. Eaton

01:59  Welcome Joanne Williams

04:19  Pink elephant

05:15  Joanne Williams’s #1 Tip

Be consistent with your patient recall program.

What Is A Patient Recall Appointment

06:38  Why Are Dental Appointments Important to the Dental Practice?

07:42  Benefits Of A Patient Recall Program

08:20  Examples of Using Patient Recall Program

09:22  Metrics to Monitor

14:45  How To Start A Practice Management Program

15:40  Who In a Dental Practice Is Responsible for a Patient Recall Program

20:14  Benefits of Using Remote Team Working With Your Practice

22:35  U R Du Services On-boarding

25:27   Offer 30% off First Month Service

ttps://InformationManagers.ca/likes-urdu

Receive 30% off your first month services. Offer runs until December 31, 2020.

Sep 20, 2020

When a practice has an efficient processes in-office practice is streamlined, then you ready to embark to see patients with telemedicine. The COVID-19 pandemic is the catalyst for growth in telemedicine.

Dr. Michael Greiwe, M.D. practicing orthopaedic surgeon with OrthoCincy and the founder of the OrthoLive and SpringHealthLive telemedicine platforms is my guest on this episode of Practice Management Nuggets For Your Healthcare Practice!

He’s going to share with us how to increase you practice revenue, efficiency and patient satisfaction with telemedicine.

Meet Dr. Michael Greiwe

Michael Greiwe, M.D., is a surgeon by day and tech guru by night. He is a practicing orthopaedic surgeon with OrthoCincy, near Cincinnati, Ohio, and the founder of the OrthoLive and SpringHealthLive telemedicine platforms. The platforms allow medical practices to deliver telemedicine visits through real-time HIPAA compliant video conferencing between provider and patient - increasing practice revenue, efficiency and patient satisfaction. Dr. Greiwe is a nationally recognized expert on how telemedicine technology is changing the practice of medicine. TV news stations and podcasts across America have interviewed him about the future of telemedicine, and how to use it to improve the patient experience. He attended the University of Notre Dame, where he won the prestigious Knute Rockne Award for excellence in academics and athletics. He completed his orthopaedic surgery training at the University of Cincinnati Department of Orthopaedic Surgery and Sports Medicine. In 2010, Dr. Greiwe completed his fellowship in shoulder, elbow and sports medicine at Columbia University, training with the head team physician for the New York Yankees, Dr. Christopher Ahmad.

To find more, see OrthoLive https://www.ortholive.com and SpringHealthLive https://SpringHealthLive.com

Show Notes

Publish Sept 22, 2020

00:45  Introduction Dr. Michael Greiwe

02:42  “Telemedicine is the next tool that is going to make the job easier for physicians and better for patients.” Dr. Mike Greiwe

05:14  What is Telehealth

08:53  OrthoLive Available on the App Store readily available to providers and patients

10:22 Digital Health Misconception that patients don’t want to use telehealth

11:07  “90% of Patients Prefer Telemedicine over in-office visits.”

11:54  When Is A Practice Ready To Implement Telehealth?

14:54  Processes is the way to run your practice efficiently

15:39  Future trends in telehealth

17:27  Confidence Growing with Telemedicine

18:27  Patient Access is the Beauty and the Power of Telemedicine

19:18  Lessons Learned From 500,000 Telehealth Visits – Top 3

19:45  1. Band Leader

20:10  2. Understanding Where The Low Hanging Fruit Is

20:56  3. Technology Platform Super Easy for Patient Access and Efficient for Providers

22:38  Opportunities in Canada

Key word Searchie https://PracticeManagementNuggets.Live/search  

Sep 7, 2020

Healthcare providers and clinic managers have three common myths about EMR user monitoring auditing.

Myth #1 – The electronic medical record EMR automatically does all the auditing – I don’t have to do anything

Myth #2 – I don’t have to audit my users – I know them

Myth #3 – I won’t have to worry about this until I have a breach

Rob Pruter, the User Monitoring Expert at SPHER is my guest on this episode of Practice Management Nuggets For Your Healthcare Practice!

He’s going to share with us how to protect your practice and your patients when you use Artificial Intelligence (AI) technology that can recognize unusual activities and generate a warning message.

Finally, an easy way to perform user monitoring and quickly recognize risks from external bad actors and employee snooping incidents!

Meet Rob Pruter

Rob Pruter

Rob is the Chief Revenue Officer at SPHER, Inc.

He is responsible for all global sales, marketing, and partner revenue at SPHER, Inc.

For the past 20 years, he has successfully built marketing programs and partner alliances in the healthcare IT space with larger companies and innovative start-ups.

He has a passion for protecting patient privacy and cybersecurity for the healthcare industry.

And he is my new best friend with a passion to improve audit log monitoring!

To find more from Rob, download the brochure from SPHER! https://informationmanagers.ca/likes-spher

 

Show Notes

Publish September 7, 2020

00:59  Introduction Jean L. Eaton

01:45  Welcome Rob Pruter

02:40  Pink Elephant in the room

What do clinic managers and health care providers need to know about monitoring audit logs?

02:57 Rob Pruter’s #1 Tip

Nobody goes to the doctor to get their identity stolen.

05:16  What is an audit log?

06:37  Everyone needs a unique user ID

08:48  Myth #1 – The electronic medical record EMR automatically does all the auditing – I don’t have to do anything

11:53  Myth #2 – - I don’t have to audit my users – I know them

15:05  Myth #3 – I won’t have to worry about this until I have a breach

19:45  How To Use AI Audit Log Reports

21:00  Identify security risks right away avoids remediation costs, time spent, and enforces a culture that snooping is not permitted.

23:44  Multiple locations and remote working often also means less supervision. AI auditing tools can help you be proactive.

25:46  Who is AI Audit Monitoring For?

27:14  When is a clinic ready to start AI Audit Monitoring?

28:10  Find Out More From SPHER

https://InformationManagers.ca/Likes-SPHER

Key word Searchie https://PracticeManagementNuggets.Live/search  

Rate and Review the Podcast

I am honoured that you choose to spend your time with me today. Thank you for the opportunity to share my obsession about privacy, confidentiality and security with you!

Reviews for the podcast on whatever platform that you use is greatly appreciated!

When you provide your honest feedback it helps other people just like you find content that may help them, too. If you received value from this episode, please take a moment and leave your honest rating and review.

Jean L. Eaton, Your Practical Privacy Coach
and Your Practice Management Mentor
with Information Managers Ltd.

Aug 30, 2020

Recently, I was asked about what privacy awareness training can you do at the clinic to keep privacy awareness top of mind.

How do you keep Privacy Awareness top-of-mind in your practice?

As an employer and health care provider, you are responsible to provide training to all of your employees about privacy awareness. If you don’t provide the training, if the employees don’t understand the policies and there is a privacy breach, then the healthcare provider is more likely to be held accountable under the legislation and face penalties including fines and even prison!

Protect your organization and your patients. Equip your staff with the information they need to confidently and correctly handle personal health information. Healthcare businesses who want employee and supervisor level privacy awareness training to support key policies, procedures and risk management programs need a privacy awareness training program.

Here are some easy to implement tips to help you get started with your privacy awareness program.

Show Notes

Publish Aug 31, 2020

11:16  Introduction to Jean L. Eaton

Are you on Instagram? Me too! Tag me @Infomanltd

00:37  Privacy Awareness Training

03:09  Example - Should You Provide Your Child's Health Insurance Number to the School?

For more discussion on the topic of HIN# and schools, see the Saskatchewan Office of the Information and Privacy Commissioner

The example video will be available soon for download in this lesson.

08:39  Health Information Privacy and Security Policies and Procedures Manual

09:45  Practice Management Nuggets For Your Healthcare Practice Podcast

https://practicemanagementnuggets.live/

10:15  Privacy Awareness Training course

https://corridorinteractive.com/online-training/privacy-awareness-in-healthcare/

10:57  Practice Management Success membership

https://informationmanagers.ca/practice-management-success/

11:09  CyberSecurity Awareness Month

https://Staysafeonline.org/ncsam/champions

 

Practice Management Success

Are you feeling frustrated with the same problem over and over again in your clinic?

Or solving one problem just to find another problem popping up?

Don’t know where to go for help?

Many new and seasoned clinic managers find that they need help from time to time with questions like the ones that we discussed in this podcast episode.

Do This Now

Members of Practice Management Success can access the video of this episode and the resources here in the membership.

If you are not a member of Practice Management Success, yet—what are you waiting for?

Click here and register now!

With your membership to Practice Management Success, you will get great tips, tools, templates, and training that you can use right away to help you start, grow, maintain, or fix your healthcare practice and your career!

Rate and Review the Podcast

I am honoured that you choose to spend your time with me today. Thank you for the opportunity to share my obsession about privacy, confidentiality and security with you!

Reviews for the podcast on whatever platform that you use is greatly appreciated!

When you provide your honest feedback it helps other people just like you find content that may help them, too. If you received value from this episode, please take a moment and leave your honest rating and review.

Jean L. Eaton, Your Practical Privacy Coach
and Your Practice Management Mentor
with Information Managers Ltd.

Aug 17, 2020

Are you a clinic manager or healthcare provider who wants to build your network and re-fresh your professional connections so that you are better prepared for your next career move or, maybe, start or build your own business?

You have heard that LinkedIn is THE place to grow your career and your professional presence

But you are wondering what the correct etiquette is, and the best practices for your LI profile?

Knowing the essentials to using LinkedIn will make a big difference in improving your visibility and credibility – both crucial to building your authority and influence.

If you are serious about having a solid, fully optimized LinkedIn profile, then stay tuned!

Janice Porter will help you develop and use LinkedIn as a primary tool for bringing in new business.

Janice Porter, LinkedIn Networking Expert is my guest on this episode of Practice Management Nuggets For Your Healthcare Practice!

Janice knows the essentials to using LinkedIn that will make a big difference in improving your visibility and credibility – both crucial to prepare for your next job or move your healthcare practice towards profitability.

Meet Janice Porter

Janice is known as a master communicator, and her passion is specializing in working and teaching professionals online and offline networking and marketing strategies for attracting, developing, nurturing, and retaining relationships that enhance business growth and profitability.

Janice believes anyone in business or looking for a new position, needs to have a professional LinkedIn profile, and that LinkedIn is a powerful, under-utilized online platform for attracting new clients, new referral partners, or being found by recruiters.

Connecting like-minded people is one of her innate gifts, because she cares and deeply values each person in her network. It is with deep insight and a steadfast belief in relationship marketing that Janice makes the introductions, and only when she is knows it will be beneficial to both parties.

To find more from Janice, download 16 Steps To A Fully Optimized LinkedIn Profile

Show Notes

Publish Aug 17, 2020

00:59  Introduction Jean L. Eaton

01:10  Welcome Janice Porter

08:40  Pink elephant

09:00  Janice Porter’s #1 Tip

11:00  Why Linked In

11:55  Step 1  Be Authentic

12:40  Step 2  Create An Optimized Headline

14:58  First Impression

16:50  Step 3  Be Visible

18:23  Step 4  Be Personal

20:46  Step 5  Make New Connections

23:27  Is It Worth It?

24:45  Summary 5 Tips

32:06  Janice’s Offer https://InformationManagers.ca/Janice

Practice Management Success

Are you feeling frustrated with the same problem over and over again in your clinic?

Or solving one problem just to find another problem popping up?

Don’t know where to go for help?

Many new and seasoned clinic managers find that they need help from time to time with questions like the ones that we discussed in this podcast episode.

Do This Now

Members of Practice Management Success can access the video of this episode and the resources here in the membership.

If you are not a member of Practice Management Success, yet—what are you waiting for?

Click here and register now!

With your membership to Practice Management Success, you will get great tips, tools, templates, and training that you can use right away to help you start, grow, maintain, or fix your healthcare practice and your career!

Aug 2, 2020

Mergers and acquisitions and closing and consolidating are activities that healthcare practices undertake at various times in the life cycle of a business.

There are many reasons why a practice may consider buying or acquiring an existing healthcare practice.

You might be expanding your practice to rapidly expand the scope of your services, location, or space. Or you might be downsizing your practice. Or maybe you're merging multiple practices into one streamlined practice so you can better manage your profit margins.

You might be looking to diversify your services or, perhaps, create an area of super-specialty that will provide a competitive advantage for your healthcare practice.

You might be wanting to acquire skilled employees or healthcare providers that you couldn't recruit in your current circumstances.

You might be acquiring or consolidating real estate infrastructure, medical equipment or electronic medical records, computer networking, or perhaps the management team. Or you might be exploring opportunities for economies of scale or cost-cutting.

As a custodian (including physicians, pharmacists, dentists, chiropractors, nurse practitioners, optometrists, and more) you need to ensure that the patient's health information remains private and secure, and that patients have continued access to their health information.

In this episode, I’m going to help you with

5 Important Steps Before You Merge Or Close Your Healthcare Practice To Ensure Your Continued Privacy Compliance

  1. Inventory All Your Existing Patient Records
  2. Patient Records Systems
  3. Agreements
  4. Existing Documents
  5. Privacy Impact Assessment Amendment Plan

 

Show Notes

(Recorded August 3, 2020)

Show Notes – Podcast / YouTube

01:41  Introduction Jean L. Eaton

02:20 Communication Plan

04:04  5 Things You Need To Know Before You Merge

04:47  1. Inventory All Your Existing Patient Records

07:27  2. Patient Records Systems

11:04  3. Agreements

11:52  4. Existing Documents

13:14  5. Privacy Impact Assessment Amendment Plan

16:24  Privacy Impact Assessment Amendment Takes A Team

Also see

Practice Management Success Tip - Closing and Moving a Healthcare Practice

https://InformationManagers.ca/pmscm

Practice Management Success Tip - Top 3 Agreements You Must Have In Your Healthcare Practice (And Why)

https://InformationManagers.ca/Top-3

Template Forms – see the Practice Management Success Tip!

https://InformationManagers.ca/closing-your-healthcare-practice

Template Procedures –  see the Practice Management Success Tip!

https://InformationManagers.ca/closing-your-healthcare-practice

Jul 28, 2020

Closing or moving a healthcare provider practice takes co-ordination, patience, communication, and documentation.

Once you have made the big decision about closing, moving, or merging your practice and have a general idea about the next step for you, your practice, your employees, and your patient and business records you need to plan the continued administrative, technical, and physical safeguards of the patient health records.

Patients and clients have a unique trust with their healthcare provider. They trust that you will provide them continuing healthcare and continued access to their own health information that you have recorded. You are also expected to securely keep their personal health information and follow your professional college standards and health information privacy laws.

 

In this episode Jean L. Eaton will help you with

  • Provide clarity about records management in your group or shared practice.
  • Guide you to develop health records management plan when you close, move, or expand your chiropractic practice.
  • Contribute to the health information privacy compliance.

Get the show notes and links to the templates at https://PracticeManagementNuggets.Live 

Show Notes

01:49  Introduction to Jean L. Eaton

Are you on Instagram? Me too! Tag me @Infomanltd

03:05  Close, Move, Merge Your Practice

04:32  Continuing Care and Treatment

05:44  Custodian Defined Under HIA

08:34  Patient Records

09:22  Steps When You Close Your Practice

10:05  Notice To Patients

Template Forms – see the Practice Management Success Tip!

https://InformationManagers.ca/closing-your-healthcare-practice

 

Template Procedures -  see the Practice Management Success Tip!

https://InformationManagers.ca/closing-your-healthcare-practice

 

12:16  Records Requests, Fee Schedule

14:49  Patient Access To Their Own Health Record

16:33  Moving vs Closing Timelines

18:37  Notify Others

19:19  How To Manage Conflicts

22:08  Information Management Agreement / Information Sharing Agreement

Download the Practice Management Success Tip –

Top 3 Agreements Your Healthcare Practice MUST Have (and Why).

22:45  Inventory Patient Records

25:14  Retention, Archive, Destruction

27:45  Electronic Transfer, Data Migration, Quality Assurance, Privacy Impact Assessment (PIA)

31:19  Practice Management Success Tip Download

https://InformationManagers.ca/closing-your-healthcare-practice

32:39  Discussion

33:12  Searchie

33:38  Follow Me on Social Media

Do you have a question about practice management or privacy compliance? Would you like to be a guest on Practice Management Nuggets? Send me an email at https://practicemanagementnuggets.live/contact-us/ 

Jun 13, 2020

Have some of your employees been working remotely during COVID-19?

If schools re-open with children attending alternate days, will your employees continue to work from homes on alternate days?

Do the social distancing guidelines for re-opening suddenly limit the number of employees who can work out of your current space?

Or, are you considering changing your business structure to include remote working as your new business model?

In this podcast, Jean L. Eaton will discuss privacy breach risks when remote working - and how you can prevent them!

Get the show notes and links to the templates at https://PracticeManagementNuggets.Live 

May 13, 2020

Each healthcare practice has been impacted by the COVID-19 pandemic.

This is certainly a disruption to our business continuity and a risk to privacy and security of patient, employee, and business information.

Each custodian and healthcare provider must maintain a written record of safeguards that have been implemented during the pandemic, ensure that these are communicated to their affiliates, and monitor to ensure they are followed.

What can we learn about the pandemic incident response so far?

As we prepare to re-open our practices, what can we anticipate?

If we experience a second wave and have to lock down again, are you prepared?

In this podcast, Jean L. Eaton shares a strategy to help you with your pandemic incident response review so that you can respond to a similar incident with confidence.

Get the show notes and links to the templates at https://PracticeManagementNuggets.Live 

Apr 20, 2020

Are you a healthcare provider who needs to hire information technology or business support services - but don't know what questions to ask?

Are you a vendor who works with healthcare or dental practices and need to better understand your responsibilities to keep your clients regulations compliant and your business disaster-free?

In this podcast episode, my guest expert Jon Harmon of Trinus Technologies shares his tips about computer security and standards that every healthcare provider needs to know!

Mar 25, 2020

Is Remote Working A Good Choice For Your Healthcare Practice?

In our healthcare practices, we have policies and procedures to identify the reasonable safeguards we need take to protect personal and health information entrusted to us.

But when employees complete their roles off-site, due to personal circumstances or to ensure business continuity in unusual situations, we need to take action to ensure reasonable safeguards are in place to protect the privacy, confidentiality, and security of personal health information.

Remote Work May Be Available to Employees

Working from home is at the sole discretion of the custodian and owner of the clinic. Examples when this may be applicable include:

  • Business continuity - due to technical, physical, or other unusual circumstances.
  • Work levelling – volumes of work are distributed to another location usually for a short duration.
  • Illness / personal circumstances – where an employee is unable to report to work at the clinic but can continue to complete their roles off-site.

Some administrative tasks in a healthcare office—for example, incoming phone calls, appointment booking, appointment reminders, billing, and/or transcription—could be done from a home office environment. Sometimes even follow-up and consultations from the healthcare provider can be done remotely, too.

The healthcare provider or custodian is ultimately responsible to ensure the secure collection, use, and disclosure of health information.

Is Remote Working Good For Your Business?

As the custodian, you must decide if remote working is a good option for your business. When you decide that this is a viable option for your business, you then need to

  • Determine if remote working is appropriate for your employees.
  • Identify what clinic / business resources need to be provided to the employee remote worker.
  • What reasonable safeguards need to be implemented to protect the privacy, confidentiality, and security of personal (health) information.

In this podcast episode, Jean Eaton shares how to prepare a risk assessment that you can use as part of your PIA submission for Remote Working and Virtual Health.

Feb 4, 2020
Subscribe: itunes | Email | Stitcher | RadioPlayer |

Are you a healthcare provider who needs to hire information technology or business support services – but don’t know what questions to ask?

Are you a vendor who works with healthcare or dental practices and need to better understand your responsibilities to keep your clients regulations compliant and your business disaster-free?

In this podcast episode, Jean Eaton speaks with Donna Grindle  who  shares her observations on the HIPAA violations trends from the United States so that healthcare providers and vendors in Canada can prevent similar experiences.


Don’t Be Confused About Information Manager Agreements!

In this free report, I’ve explained the Top 3 Agreements Your Healthcare Practice MUST Have (and Why).

Good business practices and health information management is supported by three agreements your healthcare must have.

Buttonimage e-book

Meet Donna Grindle

Donna Grindle – Founder & CEO Kardon in Georgia, US – Kardon is a HIPAA focused business

Donna brings over 30 years experience in healthcare IT which is the solid foundation of Kardon’s HIPAA privacy and security consulting. Donna stays busy with speaking engagements, the weekly Help Me With HIPAA podcast, and managing a business with a growing client list. Donna’s sense of humor and southern charm spills out into everything she does.

You can find Donna on social media, too! Kardon  https://kardonhq.com

Twitter  |  Linkedn  |  YouTube  |  Podcast

Show Notes

Recorded: January 17, 2020
(you can fast forward to your favourite section)

01:04  Help Me With HIPAA Fan Club

It’s not about compliance. It’s about patient care.

03:04  Introduction Donna Grindle

09:00  More Similar Than Different US / Canada

09:33  US / Canada Terminology

18:00  What If There Isn’t A BAA / IMA?

19:00  Tips: Healthcare Provider Selecting A Vendor

26:00  Tips: Vendor Selecting A Healthcare Client

32:00  Liability – What Is It?

34:33  Time Frame To Report And Notify

36:38  Reportable Breach / Security Incident

39:37  Incident Response Plans

40:22  Cyber Security Insurance

42:15  Is Hacking An Act Of War?

44:15  How Big  Is Your BAA / IMA?

45:35  Key Points In Your BAA / Information Manager Agreement

48:59  THE HIPAA Boot Camp!

https://helpmewithhipaa.com/

2020 Spring Dates: March 23, 24, 25

 

Check out these Help Me With HIPAA podcast episodes where Donna and David share more vendor vetting and BAA tips.

•Ready for extreme vendor vetting?  – Episode #150

•7 Questions to Ask Your Vendor – Episode #218

Need more information about Information Manager Agreements? See https://InformationManagers.ca/Top-3


New! Podcast Key Word Search Tool

Did you hear something on today’s podcast that you would like to go back and listen to again?

Or, maybe you heard something on one of our previous podcasts that you want to listen to again, but you can’t remember which one and you would like to find it quickly and easily.

Well, that’s easy to do now!

If you heard something on this podcast that you want to re-visit, go to PracticeManagementNuggets.Live/search and enter the keyword in the magic box.

You will automatically be brought to the podcast at the exact spot where we talked about it.

Rate and Review the Podcast

I am honoured that you choose to spend your time with me today. Thank you for the opportunity to share my obsession about privacy, confidentiality and security with you!

Reviews for the podcast on whatever platform that you use is greatly appreciated!

When you provide your honest feedback it helps other people just like you find content that may help them, too.  If you received value from this episode, please take a moment and leave your honest rating and review.

Jean L. Eaton, Your Practical Privacy Coach

and Your Practice Management Mentor

with Information Managers Ltd.

Jan 7, 2020

 

Organizations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private sector privacy law, are required to report to the Office of the Privacy Commissioner (OPC) any breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals. They also need to notify affected individuals about those breaches, and keep records of all data breaches within the organization.

On today's podcast, PIPEDA’s Mandatory Privacy Breach Notification, we will look at how PIPEDA applies to healthcare organizations and the vendors that support them.

The Privacy Commissioner shares lessons learned after one year of mandatory breach reporting requirements under PIPEDA.

Does PIPEDA Apply To You?

PIPEDA applies to private sector businesses across Canada with the exception of Quebec, Alberta, and BC. In these provinces, provincial legislation wish is substantially similar to PIPEDA applies. In all cases, businesses which handle personal information which crosses provincial or national borders fall under PIPEDA regardless of which province that they are based in.

In Alberta, we have privacy legislation called the Health Information Act (HIA) that takes precedence over PIPEDA and Alberta's Personal Information Protection Act, (PIPA). If a business, like a physician's office, has a privacy breach which includes health information, then the custodian of the physician office must report the privacy breach following the HIA regulations. If it's employee information or other non-health information is included in the breach then that triggers privacy breach notification under PIPA. Sometimes, a breach can include both types of information and the physician office must notify under both legislation.

In BC the Personal Information Protection Act (PIPA) is BC's private sector privacy laws has also been deemed substantially similar to the federal private sector privacy law. BC does not have health information specific privacy legislation, so PIPA applies to private organizations in BC, including physician practices, and governs how the personal information about patients, employees and volunteers may be collected, used and disclosed.

If you are a business in Canada, for example, an electronic medical records (EMR) business and you have a data center in Canada where all of your clients provide their information and store it in your data center, the EMR vendor likely falls under the PIPEDA regulations.

The vendor may be responsive to other legislation as well. If you are an EMR vendor, you do not directly comply with the HIA in Alberta because that applies only to custodians. However, as an information manager of a custodian under the HIA, you have some obligations under the HIA in the event of a privacy breach. But that does not mean that you don't also have obligations under PIPEDA.

Listen to the podcast to learn more!

Show Notes

You can advance the audio to the time entries

03:00  PIPEDA

03:18  Does PIPEDA apply to you?

04:11  Alberta

04:53  British Columbia

05:26  EMR vendor and businesses that support healthcare practices

06:52  What is personal information

07:44  Why is privacy important?

In 2017, 65% of large organizations with more than 100 employees indicated that they were privacy aware, but only 43% of small businesses indicated that they were privacy aware.

09:11  What Is A Privacy Breach

12:44  PIPEDA Mandatory Privacy Breach Reporting Process

12:55  Keep Records

13:27  ROSH

14:04  Report to the OPC

14:10  Notification

Information Manager Agreement – should indicate if a vendor should directly notify a patient about the privacy breach or if the custodian will do the notification. The Information Manager Agreement should also identify which party (parties) is responsible for the cost of notification.

See the Practice Management Success Tip – Top 3 Agreements https://InformationManagers.ca/Top-3

15:46  What is ROSH?

17:47  What information, circumstances of the breach.

19:33   CASL Canada’s Anti-Spam Legislation

20:34  Good Privacy Is Good For Business

When we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

How to Manage a Privacy Breach with Confidence

The 4 Step Response Plan will help you with prevent privacy breach pain and give you the tips, templates, training, and tools that you can use right away to prepare your privacy breach response plan:

In the world of privacy breaches ‘If’ has become ‘When’. Will you be ready?

Link to 4 Step Response Plan

Click here for more information on the on-line 4 Step Response Plan course available now!

https://informationmanagers.ca/4-step


New! Podcast Key Word Search Tool

Did you hear something on today’s podcast that you would like to go back and listen to again?

Searchie Lady

Or, maybe you heard something on one of our previous podcasts that you want to listen to again, but you can’t remember which one and you would like to find it quickly and easily.

Well, that’s easy to do now!

If you heard something on this podcast that you want to re-visit, go to PracticeManagementNuggets.Live/search and enter the keyword in the magic box.

You will automatically be brought to the podcast at the exact spot where we talked about it.


Rate and Review the Podcast

I am honoured that you choose to spend your time with me today. Thank you for the opportunity to share my obsession about privacy, confidentiality and security with you!

Reviews for the podcast on whatever platform that you use is greatly appreciated!

When you provide your honest feedback it helps other people just like you find content that may help them, too.  If you received value from this episode, please take a moment and leave your honest rating and review.

Jean L. Eaton, Your Practical Privacy Coach

and Your Practice Management Mentor

with Information Managers Ltd.

1