This SME spotlight is part 1 of our 5-part series on Corridor SME Certified.
This month, Corridor is showcasing Jean L. Eaton, our subject matter expert for Corridor’s privacy training solutions for the healthcare industry. Jean is a leading expert in healthcare privacy, information privacy management, and has educated thousands of healthcare professionals – PCNs, small clinics, home care facilities, hospitals, podiatrists, chiropodists, dental offices, therapists, and many more healthcare facilities.
Jean has a deep understanding of the impact privacy breaches can have along with how to avoid a breach. She has also worked extensively with the Alberta Health Information Act and the Ontario Personal Health Information and Protection Act and other provincial and federal privacy legislation. She is also a member of the Canadian Health Information Management Association (CHIMA).
What led you to become a subject matter expert for privacy in healthcare?
My career started as a receptionist in a busy family clinic, this gave me strategic insight into the privacy challenges patients and clinics face in healthcare settings. I began my education as a certified Health Information Management (HIM) professional, moving on to work in hospitals as a HIM and Director of Health Records. The insight I gained through the various positions I have held in healthcare led me to start a consulting company, Information Managers. Information Managers is focused on educating and mentoring healthcare professionals and clinic managers and employees to create better information practices that protect both their patients and businesses.
What are the trends and the situations on privacy that you are getting asked about most often?
The last decade has dramatically changed the way that personal health information is handled. Every day, we share our personal information with service providers, advertisers, banking institutions, and online stores. This has evolved into carelessness in some cases of our health information – “our most personal information, something we might not even share with our family…”. Employee snooping is an escalating trend. Often, curious employees ‘look at’ patient’s information without a need to know the information to do their job. Sometimes, employees intentionally and maliciously access patient information for their financial gain. Both scenarios are serious privacy breaches, but many healthcare practices overlook, ignore, or are unaware of these offences because they don’t know what to look for or how to respond to them.
What advice would you give a client who doesn’t have a privacy policy?
Having a training policy is critical to the healthcare practice to prevent a privacy incident. This helps staff ensure that patients’ information is collected appropriately and is available when needed. If a privacy incident occurs, your written training policy and documentation that the training was completed is essential to the investigation. A documented training plan can mitigate expensive fines, penalties, and even jail time. The training that Corridor has for the healthcare sector documents each employee’s commitment and official acknowledgement to privacy, giving the clinic an extra layer of insured compliance if a breach does occur.
What are the most common reasons why customers hire you?
Over the years, I have consulted with thousands of healthcare providers, clinic managers and administrative leads helping launch, grow, and improve their healthcare practices. Canadian privacy laws require that healthcare providers have a written “Health Information Privacy and Security Policies and Procedures” plan, that complies with their regulated professional college requirements, health privacy legislation, and best practices. Also required is a Privacy Impact Assessment to review their administrative, technical, and physical safeguards to protect health information.
Privacy legislation isn’t static, it evolves in the same way that technology does. It’s easy to get overwhelmed so having a written plan and an implementation strategy are key to success. Partnering with Corridor completes the full circle of services that I offer to my clients. Providing a trackable education for all employees gives the healthcare provider proof of compliance if a breach did occur.
What are the biggest mistakes that you see companies making over and over?
Training, Training, Training! Many practices put off training and developing proactive privacy procedures because they think it is too hard or maybe is too time consuming. Nothing could be further from the truth! Getting started now with privacy awareness training for everyone in your practice generates meaningful conversations and discussion about commitment to privacy principles. Then, take the next step to systematically review, document, and monitor your privacy practices. The time it takes to build privacy compliance into your practice is minor in comparison to the time and money that is spent on a privacy breach.
Finish this sentence: “The biggest benefit to any healthcare organization that has a training compliance policy is…” building privacy, confidentiality, and security of personal health information into everything that you do to protect your reputation, reduce liability, and keeps your business out of and privacy investigations. Mistakes that result from a lack of training have costs, the time and work to investigate, report and resolve issues and damage to public trust.
Just for fun, what book have you read lately?
I was very excited to read Go Tell the Bees That I Am Gone – from Diana Gabaldon. This is the much anticipated latest story in the Outlander series.