Features Management Operations
RMT Tech Talk: Changes coming in 2019 that may affect massage therapists

If your day doesn’t start until you have caught up on recent news that could affect your practice, then let’s get started.

PIPEDA Legislation Addition
New Canadian federal privacy legislation from PIPEDA (The Personal Information Protection and Electronic Documents Act) took effect on November 1st, 2018. The legislation deals with all personal and private information you are responsible to safeguard when you have collected and stored it. Patient information such as that found in appointment records, SOAP Notes, intake forms, billing data and similar, fit into that category. In short, much of the legislation is aimed at preventing data breaches but importantly it now makes it mandatory to report a data breach or potential data breach to your patients and the Office of the Privacy Commissioner of Canada. Failure to report a data breach or potential data breach that poses a risk of significant harm to the individuals, can result in a fine of up to $100,000 per breach. Practitioners need to be aware of this new requirement and have a reporting plan in place should a breach occur.

Canadian Privacy Commission News
Somewhat related to PIPEDA, is the recent news about the former privacy commissioner of Canada’s broad concern about personal health data being transferred from one service provider to another service provider, when one company acquires the other. The two companies in this example, were Google Health and DeepMind. Allegedly, over 1.6 million peoples’ non-deidentified health data transferred from one company to another without the patients’ consent.

In Canada, this type of potential data breach is more decidedly dealt with in provincial healthcare privacy legislations (such as the Personal Health Information Protection Act in Ontario).

Here are some questions you may have about your agreement with your practice management system provider: What is your vendor’s exact policy regarding data held on their systems? Who owns the data? What rights are they claiming for the data’s use? In particular, is that company’s privacy policy compliant with your province’s specific privacy legislation?  What if your provider is acquired by another company? If you don’t know the answer to these questions I suggest you stop reading right now and find out! If your vendor’s policy falls anywhere short of “your practice data (including your patient data) is owned by you and/or the tight circle of care providers in your clinic and that it is for your use and no one else’s”, including in the event of an acquisition, you may have already exposed yourself and your patients to a potential data breach.

Website/Search Engine Change
As of July, 2018 Google SSL (Secure Socket Layer) website rankings took effect. If your business has a website that does not incorporate SSL encryption, then this will affect you. SSL is a technology that encrypts the data sent between a browser (i.e Chrome. Fire Fox, Internet Explorer, etc.) and your website. As of July 2018, Google Chrome and other browsers can display a “not secure” message when visiting a website that does not include an SSL certificate. The words “not secure” in this case is not necessarily referring to the safety of your stored data, it is identifying that the transmission of web page information across the Internet is not being encrypted. This message obviously is not a great experience for visitors to your website. The message can confuse visitors, harm your credibility and affect your Google search engine ranking. Historically SSL has been a small factor in search engine rankings, its importance has increased to the point it should now not be ignored.

Those who step up their game whenever possible to rank higher with search engines than their competitors, win more business.

To find out if your website incorporates SSL simply go to your website and you will see HTTPS:// as a prefix to your website domain in your brower’s address bar. The “S” in HTTPS indicates that a SSL certificate is installed.

TELUS Health e-Claims Awareness
The last take-away that we will explore, came as a surprise to us and is best illustrated with this short story. Recently, several of our staff were exhibiting at a large provincial healthcare association annual AGM and conference. Promotional material we displayed included the recently accomplished, seamless integration of the TELUS Health third-party insurance e-Claims billing submission service. What came as the surprise was when during not one, but many, one-on-one meetings with practitioners where third-party insurance billing came up, the practitioners said they weren’t aware of any of their patients who had coverage through TELUS Health insurance – they were under the impression that TELUS Health was an insurance provider…  After explaining that TELUS e-Claims was not an insurance company, but rather a claims submission service that offers substantial benefit to practitioners by aggregating numerous (15 insurance companies and counting) insurers under one claim billing system, they all basically said “Wow, that’s sounds perfect!”.  

The surprise is that TELUS Health is a substantial, successful and engaged Canadian firm with significant involvement in healthcare services and has been offering this service for some years now. Our takeaway from this was something we have always known is true but often lose sight of… Many technologies / services that offer substantial benefits are not always known by everyone, and have early, middle and late adopters. 

Jessica Foster writes on behalf of mindZplay Solutions, provider of massage therapy websites and practice management solutions. To learn more, visit massagemanedger.com