Tag: cybersecurity tips

Cybersecurity Basics for Optometry Clinics Using Electronic Medical Records

Practice, Technology

|

0
(0)
Optometry Cybersecurity tips

Optometry clinics are increasingly relying on Electronic Medical Records (EMRs) to manage all aspects of patient data—from scheduling appointments and processing payments to storing sensitive health information. While this digital transformation brings convenience and efficiency, it also introduces real risks if data is not properly protected from cyber threats.

Cybersecurity may sound technical, but at its core, it’s about keeping patient health information private and secure. Just as physical files are locked in a cabinet, digital records must be protected from hackers, accidental leaks, or unauthorized access by employees.

Protecting patients’ information is not only a legal requirement but an ethical responsibility. In Canada, optometrists must comply with privacy laws that govern the handling of Personal Health Information (PHI).

Understanding Your Legal Responsibilities

The federal privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), applies to most private-sector businesses, including optometry clinics that collect and store PHI. Clinics are required to:
• Obtain consent when collecting, using, or disclosing patient information
• Use and store patient data only for legitimate healthcare purposes
• Take reasonable steps to protect data from theft, loss, or unauthorized access
• Respond quickly to breaches and inform affected individuals

In addition to PIPEDA, certain provinces—such as Alberta, British Columbia, and Quebec—have adopted their own privacy laws that align with federal standards. Other provinces, including Ontario, New Brunswick, Nova Scotia, and Newfoundland and Labrador, also have similar legislation. For example, in Ontario, clinics must comply with the Personal Health Information Protection Act (PHIPA). Failure to follow these laws can lead to fines, legal consequences, and reputational harm.

Choose an EMR That Meets Canadian Privacy Standards

Not all optometry Electronic Medical Record (EMR) systems are created with Canadian privacy laws in mind. It is essential to ensure that the software in use meets PIPEDA-compliant standards.

Ask the following questions:

  • Where is the data stored? PIPEDA recommends that PHI be stored within Canada.
  • Is the data encrypted? Data should be unreadable if stolen.
  • Can staff access be limited by role?
  • Does the system maintain an audit trail (logs of who accessed or edited records)?
Control Staff Access with Role-Based Permissions

EMRs should be configured so that each staff member only sees what they need to perform their job. This is called Role-Based Access Control (RBAC).
For example:
• Front desk staff can book appointments but shouldn’t access clinical test results.
• Technicians may view imaging files but not billing information.

Limiting access protects patient data and makes it easier to review audit logs for unusual activity.

Regularly Monitor EMR Access Logs

Your EMR software should track logins, file access, and changes made to records. Audit logs help detect suspicious activity such as:
• Repeated failed login attempts
• Logins during off-hours
• Employees accessing records without a legitimate reason

Review these logs at least monthly to catch problems early.

Back Up Your Data—And Test It

Even with strong security, disasters can happen: hardware failures, ransomware attacks, or human error. Backups are essential.

Backups should be:
• Performed daily
• Stored securely in Canada (cloud or off-site)
• Tested regularly to ensure quick restoration

An untested backup is nearly as risky as no backup at all.

Train Your Team to Avoid Cyber Risks

Most cybersecurity incidents stem from human error. Mistakes like clicking malicious links, sharing weak passwords, or emailing PHI to the wrong recipient can lead to serious breaches.

All staff should receive annual cyber safety training covering:

  • How to identify phishing and suspicious emails
  • Safe handling of emails and messages containing PHI
  • Strong passwords, Multi-Factor Authentication (MFA), and avoiding reused credentials
  • Importance of logging out of EMRs when not in use
  • How to report suspicious activity or data breaches
Cybersecurity: A Shared Responsibility

Cybersecurity doesn’t have to be complicated—it’s about protecting your patients and your clinic. By following basic best practices, you can ensure compliance with privacy laws and maintain trust with your patients.

Here’s a quick checklist:
☑ Use PIPEDA-compliant EMR software
☑ Limit access based on job roles
☑ Track who is accessing the EMR
☑ Back up and test data regularly
☑ Train users annually on cybersecurity basics

Maryam Moharib

Maryam Moharib, BOptom, BHSc, CSPO, CAPM

Maryam holds degrees in Health Sciences from the University of Ottawa and in Optometry from Anglia Ruskin University in Cambridge, England. She has dedicated many years to working alongside ophthalmologists in refractive surgical clinics, where she gained significant experience in clinical training and in EMR implementation for various software platforms.

Maryam has also worked as a certified product owner with an EMR software company where she played a key role in effectively bridging the gap between clinical needs and technology. Additionally, her certification in project management from the Project Management Institute has equipped her with the skills to lead implementation and transformative clinic projects successfully.

Share:
Rate:

0 / 5. 0

The Deep Fake – 7 Tips to Help Protect You from Scams & Fraud

Finance|Wealth

|

0
(0)
ECBC Roxanne Arnal CFP article on scams and fraud

With the vast proliferation of AI, detecting scams and fraud is becoming more difficult. What used to be primarily an issue for seniors has become a top concern for everyone. Despite the growing number of threats and their increased sophistication, there are ways to help protect yourself against those out to harm you.

  1. Is the content unexpected?

Are you getting an inheritance from a relative you don’t even know? Winning a contest you haven’t entered? Updating delivery information for a package you haven’t ordered?

Packages are becoming increasingly difficult to track, so ensure that the sender matches up with items you have actually ordered. If unsure, reach out directly to the supplier for confirmation.

Always ask, “Did I make this request?” “Does it sound too good to be true?”

  1. But it’s really urgent!

Making a request urgent is a great way for you to accidentally open, click, or respond to a request. Always take a few extra moments to question if the content really needs urgent handling.

An ounce of prevention is worth a pound of cure!

  1. Wow, you must really like me.

Tone can be hard to read over email and texts. Does the content sound too nice or too threatening? These tactics are designed to keep you off balance. Don’t let someone else’s bad day ruin yours.

  1. Do you really need that?

Requests asking you to enter your SIN, PIN, or password likely aren’t real. Such personal and confidential information shouldn’t be used for accessing anything from a request you didn’t originate.

Furthermore, your SIN, PIN, and passwords should never be shared in print or verbally with anyone where the request is even remotely odd.

As your trusted advisor, I should already have the information needed to process required transactions and for reporting purposes.

And don’t ever send your driver’s license or sensitive documents that contain your SIN via email. Use a secure share site for uploading.

  1. Is the sender for real?

Although AI is making typos a thing of the past, it’s still wise to review a sender’s email address before engaging with the content.

Messages sprinkled with typos and grammatical errors are red flags.

When it comes to email, do you have access to a third-party security system such as KnowBe4? Reporting suspicious emails helps build a wall of protection around your company.

  1. Click here to stop this suspicious credit card transaction!

Whether you receive a phone call from “your credit card company” or “your bank,” always ask to speak to someone you know there. Better still, advise them you’ll call back in a few minutes.

To confirm anything credit card related, always call the phone number on the back of your card – NEVER call a number left on a message for you. The same goes for CRA and other government requests.

If your bank is calling, you likely have a relationship with your key banking advisors; always call them directly to confirm.

  1. Beware of No Risk and High Return Investments

The financial industry is notorious for large-scale investor fraud. Ponzi schemes, commodity purchasing, and deals you can’t afford to refuse are common.

It’s important to know who you are dealing with. Can someone vouch for their credibility? Are they listed with recognized professional bodies, such as FP Canada, or with securities regulators? It’s worth a few minutes to double-check that the person you are giving money to is legit and has verified custodians.

When it comes to reasonable expected returns refer to FP Canada Standards Council annual publication Projection Assumption Guidelines. Remember, none of us know what future returns will be – so we really can’t every sell you an expectation of a future return.

Lastly, don’t get caught in any tax schemes. Schemes are designed to evade or improperly reduce tax liabilities. There are many legal tax efficiencies available, but pushing the grey envelope just isn’t worth it.

Conclusion

Staying ahead of the scammers is an ongoing concern for all of us. Stay vigilant, question all deals and promises, and never provide personal and sensitive information to those unknown to you.

Having trusted and certified advisors is just one step in helping to protect you, your business and your family.

Roxanne Arnal is a CFP®, former Optometrist, Professional Corporation President, and practice owner. Today she is on a mission to Empower You & Your Wealth with Clarity, Confidence & Control.

These articles are for information purposes only and are not a replacement for personal financial and tax planning. Individual circumstances and needs vary. Tax strategies should also be discussed with your tax accountant and lawyer. Errors and Omissions exempt.

ROXANNE ARNAL,

Optometrist and Certified Financial Planner

Roxanne Arnal graduated from UW School of Optometry in 1995 and is a past-president of the Alberta Association of Optometrists (AAO) and the Canadian Association of Optometry Students (CAOS). She subsequently built a thriving optometric practice in rural Alberta.

Roxanne took the decision in 2012 to leave optometry and become a financial planning professional. She now focuses on providing services to Optometrists with a plan to parlay her unique expertise to help optometric practices and their families across the country meet their goals through astute financial planning and decision making.

Share:
Rate:

0 / 5. 0