THE INFORMATION IN YOUR PRACTICE A paperless medical practice is nirvana in terms of efficiency and many practices are now moving to the cloud for certain functions or for the full monty. While there is still some resistance to cloud-based services due to security fears, in reality the cloud wins hands-down. There is no room for complacency, however, so here’s what you should look out for to protect your – and your patients’ – information.
SID VERMA BE, MBA (MMM) Managing director, Corazon Systems firstname.lastname@example.org
In terms of information technology, a medical practice can be characterised as a micro enterprise business with medium enterprise needs. Almost every medical practice is a micro business in terms of size – a server, a handful of computers, printers and a few other bits and bobs. However, medical practices are medium enterprises in every other respect: compliance with stringent privacy laws, eHealth, telehealth, electronic medical records, back-up and disaster recovery, pathology and radiology downloads – the list goes on. And therein lies the problem. At what point in time does the practice realise that almost every single transaction, both internal and external, is important? And what tools are OK to use without hampering the regular functioning of the practice?
The privacy laws
About the author Sid Verma is the managing director of Corazon Systems, a health IT consulting and network security firm headquartered in Melbourne. Corazon Systems implements secure paperless processes in medical practices that comply with the new Australian privacy principles.
As widely publicised and documented, the updated privacy laws came into effect on March 12 this year. The Office of the Australian Information Commissioner, which includes the office of the Privacy Commissioner, has renewed powers, the penalties are harsher and compliance with the new laws is even more critical. The new privacy laws include the 13 Australian Privacy Principles (APPs), which apply to what is call as an “APP entity”.
Medical practices by their very nature in handling sensitive personal medical records qualify as an APP entity. However, while everyone has been talking about the privacy laws, what does it mean for medical practices at the grassroots level? What is it that a practice specifically needs to do to ensure that they are compliant?
Understanding the risk Australia is undergoing a digital health transformation. Technology is evolving rapidly even in a sector like healthcare, which has typically been behind the curve when it comes to adopting new concepts. However, a strong movement of digital health, technically savvy doctors and patients and access to mature technology is making it easier for medical practices to become paperless. But, as more practices become paperless, it is important to understand the associated risks. According to US data, in 2011 healthcare accounted for 22 per cent of reported security breaches, followed by educational institutions at 20 per cent. Almost 92 per cent of these breaches could have been avoided if the organisations had proper data access control (42 per cent), secure data back-up (32 per cent) and secure data encryption (28 per cent).
Pulse+IT Magazine - Australasia's first and only eHealth and Health IT magazine.