Three-day program to focus on health-sector privacy officer training
Toronto health law firm Dykeman Dewhirst O’Brien LLP (DDO Health Law) is offering three days of health sector privacy officer training this fall, featuring 20 hours of intensive instruction from leading legal educators in the field, DDO partners Mary Jane Dykeman and Kate Dewhirst.
The course, set to take place on Oct. 14, Nov. 10 and Dec. 10 in downtown Toronto and via webcast, is the only program of its kind in Canada and is aimed at providing participants with the information and skills they need to succeed as a privacy officer.
“The privacy practices of health-care organizations and providers are under increasing scrutiny from patients, residents and clients (and their families), the courts, the media and the Information and Privacy Commissioner of Ontario (IPC/O). Attorney General prosecutions are underway under the Personal Health Information Protection Act (PHIPA), and class actions and other claims have been filed in the courts," says Dykeman.
"On Sept. 16, 2015, Bill 119, the Health Information Protection Act, was introduced. If passed it will double the fines under PHIPA to up to $100,000 for individuals and $500,000 for organizations and require reports to the IPC/O of certain privacy breaches, among other changes,” she adds. "While the course is targeted to health sector privacy officers, it would also benefit lawyers working in health privacy."
Participants in the course will receive the most current information on privacy practices and expectations for health-care organizations, as well as practical and dynamic skills training using scenarios, stories, quizzes and assignments. Attendees will also be given sample tools to adapt to their organization, including: a privacy program checklist; a privacy program documentation checklist; privacy policies; an annual confidentiality pledge for all staff, students and volunteers; privacy communiqués; a board update on privacy; a privacy impact assessment; a privacy breach checklist; privacy breach notification; and privacy library.
Participants will also receive the primary Ontario privacy resource — Irwin Law’s Guide to the Ontario Personal Health Information Protection Act: A Practical Guide for Health Care Providers (Perun, Orr & Dimitriadis) — as well as downloadable PDF resources and a letter outlining the training received, for the organization’s due diligence.
Day one will cover the basics of privacy, a privacy compliance overview and how to create and reinforce a culture of privacy. On day two, participants will learn how to approach health privacy security issues and the safeguards they should have in place, as well as the concept of consent, the circle of care and lockbox. The session will also cover secondary uses and disclosures you can make with health information without the consent of patients.
This course is intensive and does not tinker at the edges of compliance, says Dewhirst, “this is where we roll up our sleeves and work through common scenarios, the toughest kinds of breaches, how to make the privacy officer the go-to resource, early and often; and create a plan for privacy leadership and sage response should a breach occur."
And, on day three, the session will discuss access, correction and disclosure to third parties, privacy breach investigation and response, recent developments in the courts and elsewhere (including at the Ontario Securities Commission), as well as questions and answers.
The program will take place at St. Andrew’s Club and Conference Centre, located at 150 King St. W. in Toronto.