Start Your Search

Ariane Siegel



Author of

  • +

    RF01 - Foundational Methodologies (ID 7)

    • Event: e-Health 2019 Virtual Meeting
    • Type: Rapid Fire Session
    • Track:
    • Presentations: 1
    • Coordinates: 5/27/2019, 10:30 AM - 11:30 AM, Area 5
    • +

      RF01.05 - All-in-One: Comprehensive, Current, Cost-Effective, Practical Privacy & Security Training (ID 403)

      Ariane Siegel, OntarioMD; Toronto/CA

      • Abstract

      Purpose/Objectives:
      Concerns about protecting patient privacy and growing risks related to cybersecurity are dominating the digital health agenda. There was an increasing need for comprehensive, up-to-date, convenient privacy and security training with attestation that addressed important topics such as legal obligations around PHI, best practices for protecting PHI, and dealing with privacy breaches. Training needed to be practical, accessible 24/7 and recognized by all digital health partners. Learn how we delivered this scalable, cost-effective solution for clinicians and their staff.


      Methodology/Approach:
      Previous attempts at providing a robust privacy and security training solution did not fulfill the objectives for the health care system because they were either not comprehensive, not updated, could not be audited to ensure completion and often involved a cost to the end-user’s organization. Our organization took a unique, transformative and strategic approach to providing privacy and security training. Our strategy was to work with key health care partners to develop a practical solution to privacy and security training recognized by all organizations and scalable to thousands of clinicians, allied health professionals, administrative and IT staff who may come into contact with PHI. An online solution was the most cost-effective for the partners and the health care system. Partners included organizations responsible for digital health infrastructure, regulatory bodies, and associations representing physicians and liability protection, and risk-management education for physicians. The strategy incentivized users of the Privacy and Security Training Module by making the training mandatory for access to EHR systems, providing a printable certificate of attestation, and providing CME credits for physicians. The strategy provided flexibility so the training could be ‘white-labeled’ for any health care organization or other jurisdictions to spread the benefits of the training to more clinicians and prevent more cybersecurity incidents.


      Finding/Results:
      In less than 9 months, almost 1,000 users have completed the Privacy and Security Training Module. In October, a French version of the Module became available. The reviews are very positive. After completing the Privacy and Security Training Module: - 91% of users understand PHI and ownership of medical records - 90% of users indicated that they were able to identify and appropriately respond to privacy breaches and security incidents - 89% understand ways to safeguard PHI. This comprehensive training is helping to instill privacy and security best practices at the practice level, avoid breaches and ensure EHR systems are used appropriately.


      Conclusion/Implications/Recommendations:
      At a time when health information is shifting to digital platforms, security and privacy training is critical for all clinicians and partners. The Privacy and Security Training Module is convenient, accessible and accredited training that clinicians want and need. It is an innovative learning solution that encompasses change management principles that include the people and process sides of change. Users can access the free training from any Internet-enabled mobile device and complete it at their own pace. As privacy legislation and technology evolves, the module will be updated. It is recommended that users take the training once a year to keep current on best practices and protocols.


      140 Character Summary:
      The Privacy & Security Training Module with attestation provides comprehensive, 24/7 training accessible from any Internet-enabled device.