Digital Health Update - September 2017

04 September, 2017

Recently, EMPHN held a ‘Technology in Practice’ event facilitated by Miroslav Doncevic (Digital Medical Systems).

The following are some highlights in relation to managing your practice IT and an effective backup strategy for data backup.

A simple but still effective backup strategy for data backup is to follow the 3-2-1 rule. This should be the minimum backup strategy for medical practice data (and system configuration). This is Miroslav’s simplified version of the 3-2-1 rule:

ICT Systems for Medical Clinics

Is your practice compliance with the RACGP CISS Second Edition standard?

Is your clinic IT safe?  What do the guidelines mean?

RACGP CISS 2nd Ed. For GP Medical Clinics

The key points in Plain English according to Miroslav

1. ICT Policy and Procedures

  • Does your policy documentation stack up for accreditation and compliance

2. Are your practice ICT systems and data secure? And available?

  • Do you have high security access controls? 
  • Are the backups working? (Can you prove it? – i.e. do you test restore regularly?)
  • How far back do you keep archives of critical data and system configuration?
  • Can you really restore your systems when disaster strikes? Can you prove it?
  • How long will it take to recover? Is Rapid Disaster Recovery possible?
  • Do you have timely access to business and clinical information? UPS? High Availability?
  • Is physical, hardware, software and OS up to date, managed and regularly maintained? Really? By whom?

3. Network, internet and remote access security?

  • Are you really protected from external and internal threats?
  • Are you protected from Mobile devices? Are your Mobile devices protected? 

4. Is your sharing of confidential information secure?

  • Is Secure Messaging correctly configured and tested?
  • Are digital certificates managed?
  • Is your Practice website secure?

In summary 

An IT system you can be confident in includes;

Designed for business continuity:

  1. Compliant IT policy and procedures
  2. Continuous staff training
  3. Redundant systems design = no single point of failure
  4. High availability systems with automatic fallover via virtualisation
  5. Data backup and rapid disaster recovery systems
  6. Fully managed endpoint and internet security
  7. Fully managed and automated IT services, with real time monitoring and alerting