You've probably heard about the Office of the Information and Privacy Commissioner (OIPC) investigation report into Babylon Health. The investigation report provides privacy guidance for vendors of virtual health solutions and the healthcare providers who use the digital health solutions. This is a great demonstration on why it is so important to ensure that you have current information management agreements with your vendors. Jean Eaton shares tips to help you keep your vendor agreements current and explains why it is important to the protection of patient information and the reputation of your business.

 

Use the lessons from the Babylon Health Investigation Report as guidance to healthcare providers, clinic managers, privacy officers, and vendors to develop and implement virtual healthcare solutions in your practice. Jean Eaton shares tips regarding

• key criteria when reviewing (or preparing) your privacy impact assessment (PIA)
• policies, procedures
• information management agreements (IMA)
• privacy and security awareness training
• data storage outside of Alberta

See all the show notes at https://PracticeManagementNuggets.Live

You might need to amend your PIA if you want to:

• add a new digital health app or patient portal to make it easier for patients to book appointments with you, or
• get access to Alberta Netcare Portal, or the CII or CPAR projects,
• expedited Netcare Privacy Impact Assessment,
• use the internet to get telehealth on-line consultations for your patients,
• update your participating custodians and privacy officer, and
• regular review to ensure that you are continuing to meet the requirements of the Health Information Act (HIA).

A PIA is a practical business tool in your healthcare practice.

A PIA is an important tool that you can use to help you with project management.

It will help you anticipate risks to the project before it starts and avoid serious problems, and wasted time and money.

The PIA process requires you to have written policies and procedures so that you can implement the project effectively and train your staff consistently.

Sometimes a PIA is a requirement of legislation. But it is always a best practice whenever you implement a project that includes personal health information.

Show Notes

01:14  Introduction Jean L, Eaton

05:08  What Is A PIA

06:46  Purpose of a PIA

10:53  PIA Facilitates Discussion

11:57  PIA Will Help You Select Vendors

13:38  PIA Process

16:12  What is a p-ORA?  

17:20  When do you need a privacy impact assessment (PIA) amendment?

19:17  Is It A New PIA or Amendment? 

20:55 Common scenarios

21:47 Change in Custodians

22:38  New Location

23:17  Alberta Netcare Portal

24:47  Previous PIA is more than 2 years ago

25:20  Telehealth

26:16  PIA Timeline

28:04  10 Steps To Prepare Your PIA Amendment

28:14  Step 1 Locate Previous PIA

31:03  Step 2 Review Your Current IT

40:07  Step 3 Review Policies Procedures

40:43  Step 4 Review Your Safeguards

41:34  Step 5 Authorizing User Permissions

43:43  Step 6 Training Policies

45:21  Step 7 Access and Correction Requests

47:06  Step 8  Masking

47:37  Step 9 Responding To Breaches

50:06  Step 10 Next Steps

52:20  Summary

53:29  Remote Working Telehealth Tools

PMS Tip Remote Worker Privacy And Security Checklist: https://informationmanagers.ca/pmsrw

PIA Template Remote Working and Virtual Care: https://informationmanagers.ca/pia-virtual-care

55:22 Practice Management Success Tip Privacy and Security Policies and Procedures Checklist
https://informationmanagers.ca/o6s2

55:58 Health Information Management Privacy and Security Policy and Procedure Templatehttps://informationmanagers.ca/hitemplates

56:10  3 Options To Help You With Your PIA
https://informationmanagers.ca/privacy-impact-assessment-pia/

Mergers and acquisitions and closing and consolidating are activities that healthcare practices undertake at various times in the life cycle of a business.

There are many reasons why a practice may consider buying or acquiring an existing healthcare practice.

You might be expanding your practice to rapidly expand the scope of your services, location, or space. Or you might be downsizing your practice. Or maybe you're merging multiple practices into one streamlined practice so you can better manage your profit margins.

You might be looking to diversify your services or, perhaps, create an area of super-specialty that will provide a competitive advantage for your healthcare practice.

You might be wanting to acquire skilled employees or healthcare providers that you couldn't recruit in your current circumstances.

You might be acquiring or consolidating real estate infrastructure, medical equipment or electronic medical records, computer networking, or perhaps the management team. Or you might be exploring opportunities for economies of scale or cost-cutting.

As a custodian (including physicians, pharmacists, dentists, chiropractors, nurse practitioners, optometrists, and more) you need to ensure that the patient's health information remains private and secure, and that patients have continued access to their health information.

In this episode, I’m going to help you with

5 Important Steps Before You Merge Or Close Your Healthcare Practice To Ensure Your Continued Privacy Compliance

1. Inventory All Your Existing Patient Records
2. Patient Records Systems
3. Agreements
4. Existing Documents
5. Privacy Impact Assessment Amendment Plan

 

Show Notes

(Recorded August 3, 2020)

Show Notes – Podcast / YouTube

01:41  Introduction Jean L. Eaton

02:20 Communication Plan

04:04  5 Things You Need To Know Before You Merge

04:47  1. Inventory All Your Existing Patient Records

07:27  2. Patient Records Systems

11:04  3. Agreements

11:52  4. Existing Documents

13:14  5. Privacy Impact Assessment Amendment Plan

16:24  Privacy Impact Assessment Amendment Takes A Team

Also see

Practice Management Success Tip - Closing and Moving a Healthcare Practice

https://InformationManagers.ca/pmscm

Practice Management Success Tip - Top 3 Agreements You Must Have In Your Healthcare Practice (And Why)

https://InformationManagers.ca/Top-3

Template Forms – see the Practice Management Success Tip!

https://InformationManagers.ca/closing-your-healthcare-practice

Template Procedures –  see the Practice Management Success Tip!

https://InformationManagers.ca/closing-your-healthcare-practice

A Privacy Impact Assessment is Easy – When You Start With a Good Plan!

Do you need a PIA? or a PIA amendment?

If you are a healthcare provider or clinic manager and are not sure if you need a Privacy Impact Assessment . . . then this 30 minute webinar / podcast is for you!

If you are a custodian--including physicians, optometrists, dentists, chiropractors, nurse practitioners, podiatrists, and more!--as defined by Alberta's Health Information Act, then you probably need a PIA.

Jean L. Eaton, Your Practical Privacy Coach, will explain

• what a PIA is,
• why you need it, and
• how to start planning to prepare a PIA.

A PIA is an important tool that you can use to help you with that project management. It will help you anticipate risks to the project before it starts and avoid serious problems, wasted time and money.

The PIA process requires you to have written policies and procedures so that you can implement the project effectively and train your staff consistently.

Sometimes, after you have completed a foundational PIA for your practice, you want to add a new tool, move or add a new clinic location, or change the way that you collect, use, or disclose health information.  This may trigger a PIA amendment where you can build onto your original PIA submission.

Sometimes a PIA is a requirement of legislation. But it is always a best practice whenever you implement a project that includes personal health information.

---

Podcast Sponsor - Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments

A complete step by step on-line course !

 

Show Notes

Recorded July 5 2018

You can advance the audio to these time markers:

04:52  Elephant in the Room

Some people think that a PIA is a big scary elephant in the room. I’d like to show you that a PIA is not scary and, in fact, is a practical tool for your business.

03:49  Assess Your Project

04:24  Purpose of a PIA

04:58  PIA Process

13:42  Don’t Be Shocked!

17:00  Carrot or Stick Approach

26:07  5 Step Plan to PIA

30:22  When Do You Need a PIA?

31:40  Questions

34:00  Strategies to Complete Your PIA

34L30  DFY – Done For You

Hire a consultant. A consultant may be internal to your organization or external. If you are a part of a large organization or association, you may have a dedicated Privacy Officer or Project Manager who will work with you and your business unit to develop the PIA.

Or you may hire a consultant from an external business with experience in your industry and is knowledgeable about the regulatory requirements in your jurisdiction.

34:56  DIY Options - On-Line course

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A complete step by step course with on-line coaching from me. https://informationmanagers.ca/protect-your-practice-with-privacy-impact-assessments-course/ 

The DIY approach will take more of your time, and less money, to complete your PIA.

If you ae the type of person that likes policies, procedures and details about legislation this is a good option for you.

36:17  DWY – Done With You Hybrid

The hybrid approach includes you doing the majority of the information gathering and creating or reviewing your existing policies and procedures for your project.

You also work with an experienced consultant (internal or external) to help you put the pieces of the PIA together and prepare the PIA submission, and to work with you to develop the implementation plan.

---

Do This Now

Members of Practice Management Success can access the video of this episode and the resources here.

If you are not a member of Practice Management Success, yet—what are you waiting for?

Click here and register now!

With your membership to Practice Management Success, you will get great tips, tools, templates, and training that you can use right away to help you start, grow, maintain, or fix your healthcare practice.

---

Rate and Review the Podcast

I am honoured that you choose to spend your time with me today. Thank you for the opportunity to share my obsession about privacy, confidentiality and security with you!

Reviews for the podcast on whatever platform that you use is greatly appreciated!

When you provide your honest feedback it helps other people just like you find content that may help them, too.  If you received value from this episode, please take a moment and leave your honest rating and review.

Jean L. Eaton, Your Practical Privacy Coach

and Your Practice Management Mentor

with Information Managers Ltd.