Each person in a Practice has a role to play when it comes to protecting privacy.
Sure, having an up-to-date policy is incredibly important (in fact, vital) to show you are committed to protecting your client’s sensitive information. However, there is a lot more required - there needs to be an overall privacy culture supporting it. Each person in a Practice has a role to play when it comes to protecting privacy.
Culture in general, as defined in the Miriam Webster dictionary, is “the set of shared attitudes, values, goals, and practices that characterizes an institution or organisation”. Ever heard of the phrase its ‘What you do when no one is watching?’ That pretty much sums it up! Doing the right thing when no one is watching is vital in healthcare settings in particular, otherwise – you could be going up the creek without a paddle.
Get into a routine, and make sure the following are included:
2. Ongoing training of staff in privacy compliance is also essential. This also includes how to recognise and respond to suspected data breaches. Employees must understand the Policy, and be able to access it. Also, frequent reminders for employees of the ‘how’ and the ‘why’ never hurt!
3. Monitor your compliance – regularly audit risk areas and have meetings purely for this purpose.
4. If a complaint or a breach does occur, investigate it thoroughly and document the follow up! You may also need to make a report if there has been a data breach. Therefore, understanding the Mandatory Data Breach laws should be included in your Privacy Training regime as well.