The protection of patient information and business records is a significant concern for physicians, especially as security breaches are an increasing challenge within the health care sector. The need for security also becomes paramount for GPs and Specialists as we move toward establishing Primary Care Networks and a more integrated system of care.  

The Doctors Technology Office (DTO) provides a number of products and services to assist physicians and clinics to safeguard against  security threats and breaches.

For more information on any of these products and services, reach us at DTOinfo@doctorsofbc.ca

Physician Office IT Security Guide (2018)

Physician%20Office%20IT%20Security%20Guide%202018

The Physician Office IT Security Guide provides practical steps and best practices to enhance privacy and security at the clinic level, and help physicians protect against security breaches and cyberattacks. It is meant to help physicians, clinic staff, and IT support to start on the path of creating a security culture within their practice and increase awareness of common safeguards to protecting patient information. 

The healthcare sector has become an increasing target for cybercriminals. There are many safeguards clinics can implement to help protect patient information from security breaches and cyberattacks. 

As we move towards establishing PCNs and a more integrated system of care, clinic security and the protection of patient health information is a paramount concern.

The document has been reviewed with the OIPC, CMPA, Health Authorities and Ministry of Health. It also complements the BC Physician Privacy Toolkit to provide practical tools to protect patient information. 

Security Education

New Online Course

Security in Low Doses:
Safeguarding Patient Information in Private Practice

Security in Low Doses: Safeguarding Patient Information in Private Practice is an introductory course that supports medical clinics to improve their current security practices and to protect the integrity and trust expected by patients.
 
Learn how to implement basic protective measures (safeguards), better train your staff, and prevent the risk of security threats and privacy breaches. Meet basic education requirements for secure access to eHealth viewers offered to private practices in British Columbia. 
 
Target audience: Family physicians and nurse practitioners, medical office managers and assistants, third parties working in private practice medical clinics.

Designed in partnership by UBC CPD and the Doctors Technology Office
Up to 1.0 Mainpro+ and Certificate of Completion


 

In-Person Workshop for Groups

Physician Office Security: Safeguards 101

Office%20Security%20Workshop

This interactive workshop focuses on three areas of security improvement: administrative, physical, and technology safeguards. 

During the two-hour session, you will have the opportunity to assess your clinic’s security practices and develop a practical action plan to address gaps. 

You will meet a local Security Industry Expert from the Doctors Technology Office and learn about practical resources, tools, and templates to be adopted by the clinic.

Target audience: Family physicians, office and support staff in private practice clinics.

Designed by the Doctors Technology Office
Up to 4 Mainpro+ and Certificate of Completion
Medical Office Assistants will receive a sessional payment of $20 per hour for attending.

To inquire about organizing the workshop, email us at DTOinfo@doctorsofbc.ca
 

Clinic Security Toolkit

 

Implementing necessary security measures to protect patient information can be a long path. Follow the steps below to build a culture of security at your clinic.

Review guides describing best practices and providing tools such as forms and checklist to be adopted by your team.  Click the buttons to download Word files that can be edited to fit your needs.

1. Discuss with your team how to build a culture of security at your clinic

Clinic Security Culture (PDF)

 

2. Appoint the Privacy Officer and the Security Lead

Roles and Responsibilities of the Privacy Officer and Security Lead (PDF)

3. Consider what type of technical support your clinic needs

IT Support Selection Checklist for Clinics (PDF)

 

4. Review your clinic current practices in safeguarding patient information

Clinic Security Self-Assessment Checklist (PDF)

5. Create an inventory of electronic equipment and currently used software

Electronic Assets Management Guide (PDF)

6. Implement proper practices for managing individual accounts of your staff

Role-Based Access Guide (PDF)

7. Establish requirements and practices for adequate password management

Password Management Guide (PDF)

8. Create the Clinic Privacy and Security Binder for your clinic’s team 

Recommended Documentation for Clinic Privacy and Security (PDF)

 

Resources
 

 

This section contains targeted tools and resources designed to help you start on the journey of creating a culture of security within your practice and:
  • Reduce risk of data breaches such as confidential patient information
  • Reduce time, material costs, and impact to workflow due to fraudulent activity  by cybercriminals
  • ​Protect integrity and trust expected by patients
Clinic Security Self-Assessment A short checklist for you, your staff and local IT to assess the status of administrative, physical, and technology safeguards at private clinic.
Questions To Ask Your Local IT Provider Guidance to physicians on specific questions to ask your local IT support. This is a great conversation starter and provides tips on what questions to ask your local IT. 
Cybersecurity Awareness Brochure A brief guide to share with your staff on protection against two common cyberattack types: phishing and ransomware. It includes a four-step process for addressing a privacy breach. 
Recommended Documentation for Clinic Privacy & Security Keep organized by creating a Privacy and Security Binder for your practice. This resource will help you manage privacy and security required documentation.