Protecting the information in your practice
In terms of information technology, a medical practice can be characterised as a micro enterprise business with medium enterprise needs.
Almost every medical practice is a micro business in terms of size – a server, a handful of computers, printers and a few other bits and bobs. However, medical practices are medium enterprises in every other respect: compliance with stringent privacy laws, eHealth, telehealth, electronic medical records, back-up and disaster recovery, pathology and radiology downloads – the list goes on.
And therein lies the problem. At what point in time does the practice realise that almost every single transaction, both internal and external, is important? And what tools are OK to use without hampering the regular functioning of the practice?
As widely publicised and documented, the updated privacy laws came into effect on March 12 this year. The Office of the Australian Information Commissioner, which includes the office of the Privacy Commissioner, has renewed powers, the penalties are harsher and compliance with the new laws is even more critical.
The new privacy laws include the 13 Australian Privacy Principles (APPs), which apply to what is called an “APP entity”. Medical practices by their very nature in handling sensitive personal medical records qualify as an APP entity.
However, while everyone has been talking about the privacy laws, what does it mean for medical practices at the grassroots level? What is it that a practice specifically needs to do to ensure that they are compliant?
Posted in Australian eHealth