Computer and information security standards for general practices and other office-based practices
The Computer and information security standards provide guidance to assist general practices comply with professional and legal obligations and are designed to make compliance with best practice information security easier.
In Australian general practice, the use of clinical desktop systems and the electronic management of information have become vital tools in the delivery of safe and high-quality healthcare and good practice management. Secure computer and information management systems are essential for the necessary protection of business and clinical information and are therefore critical to the provision of safe, high-quality healthcare and the efficient running of a general practice.
Implementing appropriate computer and information security can be challenging and general practice has specific requirements to consider. Finding the right IT support and a technical service provider with appropriate security expertise who understands the business of delivering healthcare in the general practice environment can be difficult. To help general practices meetthese challenges, the RACGP developed the first edition of the Computer and information security standards in 2011.
This second edition of the RACGP Computer and information security standards (CISS) takes into account developments such as:
- increased use of laptops, remote access devices (e.g. personal digital assistants [PDA], tablet devices, USB flash drives and removable hard drives) and wireless (Wi-Fi) connections
- widespread uptake of broadband internet and secure messaging, and particularly the implementation of the national eHealth record system and the Healthcare Identifier Service, which underpin many of the e-health initiatives.
Improving computer and information security in your practice requires adapting to an evolving technical environment, fostering awareness of contemporary security issues, and monitoring and improving your security protection processes.
Computer and information security is not optional, it is essential. It should be considered a fixed cost of doing business that requires financial and human resources being allocated to ensure the protection of information assets.
You can access the document by clicking here.
There are also some templates available for download here.
