Computer Security and General Practice: The "IT" Factor
Computer security in general practice is critical, ensuring business runs efficiently and to maintain the integrity of the electronic health records. The constantly evolving face of general practice makes it necessary to have an equally adaptable medium with which to organise patient and business information.
The shift from paper based to IT savvy practices is under way meaning that decision support tools and other information from organisations operating in the national eHealth arena are of vital importance.
One of the fundamental concerns of all medical practices in Australia is the preservation of privacy. Particularly when information is contained electronically on a server that is accessed by a number of different staff. And not to forget accessed remotely too. Security is also important because, if not maintained properly, can lead to a loss of patient clinical information, making medical care more difficult and prone to errors.
In order to improve your practice, it isn’t necessary to have a thorough knowledge of IT systems, binary, gigabytes, RAM, firewalls and routers! What you do have to come to grips with is a better understanding of what the risks are, why they are important and what you need to do about them. This is why the IT systems are needed in the first place - and so they are the most valuable pieces of the puzzle. That’s not to say that a basic understanding of technical issues can be completely avoided though. However we will discuss these in a future article.
Who looks after your computer security? Chances are that if there is no coordinator, the oversight of the system will be lost. The coordinator doesn’t need to be the technical Jo(e) Fix-it, rather a member of the practice who understands the concepts and takes responsibility for the computer systems security. While it would be possible to assign the role of security coordinator to two or more people, this isn’t recommended unless strictly defined sub-roles can be designated.
Only certain people should see some types of information such as sensitive financial or clinical information. Delineate this and stick to it. Procedures need to be in place for occasions when an authorised person/s isn’t available, e.g. an invoice needs to be modified and reprinted but the Practice Manager is out for lunch.
Disaster Recovery Plan
It is Murphy’s first law “If something can go wrong, it will go wrong”. This plan will help your practice continue business as usual in terms of everything from making appointments and raising invoices through to providing clinical care.
Consulting Room And Front Desk Security
Screen visibility both at reception and within the consultation is a matter to be considered. It may be as simple as changing the position of your screen but there are other techniques, such as screen savers, that can be used.
Policies And Procedures
How is everything handled? Don’t store it in someone’s head, write it down! There should exist a manual that outlines the coordinators role, the disaster recovery plan, access control and other security aspects.
The GPCG Computer Security Self-Assessment Guideline
This document has been designed with the practice, that is, its staff and GPs, in mind. That’s right - it is not a technical manual, but will help your practice put a series of computer security strategies in place. It covers organisation issues outlined above as well as helping you understand some fundamental IT standard practice such as backing up data, viruses and virus protection, firewalls, network maintenance and secure electronic communication.
Should you wish to know any more details or get your hands on a copy of the guide, you can contact Jane London at the Royal Australian College of General Practitioners. It is also available at the GPCG website and on the accompanying PULSE DVD.
Posted in Australian eHealth