Is IT compliance At The Forefront Of Your Dental or Medical Practice?

hi

PHIPA – Personal Health Information Protection Act. PHIPA is legislation – November 2004.

 PHIPA applies to health information custodians that collect, use and disclose personal health information, whether or not in the course of commercial activities. 

Dental and Medical Professionals have stringent legal requirements under Ontario PHIPA Legislation. Secure technology should be at the forefront of your business practices

Did you know that the Information and Privacy Commissioner of Ontario can Audit your Practice at any time?

On March 25, 2020, significant amendments to Ontario’s Personal Health Information Protection Act, 2004 (PHIPA) were introduced and came into force.

Section 61 of PHIPA now permits the Commissioner to make an order imposing administrative penalties on any person or organization whose activities the Commissioner has reviewed, if the Commissioner is of the opinion that the person or organization has contravened PHIPA or its regulations. 

The potential maximum penalty for offences under PHIPA has doubled to $200,000 for an individual and $1,000,000 if the offender is an organization.  PHIPA now also provides for the possibility of up to one year of imprisonment.

It is important to note that PHIPA also holds officers, members, employees or agents of corporations liable for corporate offences under PHIPA.  Such persons can be liable if they authorize an offence or knowingly refrain from using their authority to prevent an offence from being committed. 

To help Dental and Medical professionals deal with the requirements of PHIPA legislation, we provide consulting and IT services that bring your technology into compliance and recommend practices that help eliminate potential violations. 

See the requirements here:

http://www.health.gov.on.ca/english/providers/project/priv_legislation/phipa_pipeda_qa.html

PHIPA requires your practice to complete a threat Risk Assessment and perform reviews, yearly

Your assessment must include all Administrative, Technical and Physical Safeguards of all systems in your practice

A Risk Assessment is not a 5 minute, online checklist, but rather a comprehensive PHIPA compliant risk assessment typically requires 3-4 hours to complete

The outcome of this Assessment should generate a Management Plan

The Management Plan details all the individual components necessary for technical compliance. It must be completed by experts

S7 Systems PHIPA Service Includes

Comprehensive Risk Assessment and Compliance Plan

Incident Response Plans

Policies and Procedures Manual

Staff Training

Yearly Compliance Reviews

S7 Systems will do all the heavy lifting for you

Compliance means reducing your exposure to risk and increasing your IT security posture. Most experts in security will advise you to work with an IT service and support company that can assess, manage and mitigate your compliance risk

S7 Systems is an IT Service & Support Company that specializes in serving Dental and Medical Professionals. We can write Compliance Policies and Procedures customized according to the way you work, and that will keep you in compliance with PHIPA

How S7 Systems Managed Services will Keep You PHIPA Compliant

  • PHIPA Compliance Plan Management
  • Data Encryption
  • Backup and Recovery
  • Firewall Management
  • Threat Hunting – Antivirus and Intrusion Detection
  • Zero Trust tools for application Control
  • Identity and Access Management
  • Access and Audit logs
  • Secure Remote Access
  • Device / Data Destruction
  • User Training
  • Software Updates

We’ll review your current IT systems and create a comprehensive PHIPA Compliance plan for better security and peace of mind

Schedule your no cost PHIPA Audit today