Mandatory breach reporting requirements under Health Information Act (HIA) came into force on August 31, 2018. Are you prepared?
If your practice had a security breach, would you be able to answer “yes” to the following questions?
- Does our practice have privacy and information security policies in place?
- Have all of our staff members received privacy and information security training?
- Have we submitted our first privacy impact assessment? (March 2011, HIA requires custodians to prepare an initial privacy impact assessment and update as required).
- Do we have an information manager agreement in place with our IT service provider?
- Do we have the administrative, technical, and physical safeguards in place to protect the confidentiality of the health information that is in our custody?
If you answered “no” to any of the above questions your practice may not be following the rules.
A security breach can shine a spotlight on your practice and make everyone aware of the fact that you aren’t following the rules. Ignorance of the law is no excuse. In addition to negative publicity, there are legal and financial consequences for violating privacy legislation.
Don’t wait to have a security breach to find out if your practice is following the rules. By calling today, you can have peace of mind, knowing your sensitive information is being managed appropriately.