The Royal Australian College of General Practitioners (RACGP) has released its revised Computer and information security standards (CISS) (2nd edition) providing general practices with information and recommendations that will raise awareness of contemporary security issues and help protect against potential loss of sensitive data.
The intent of the 2nd edition CISS is to provide a framework, accompanied by practical templates and workbook, to protect electronic business and clinical information within a healthcare setting.
The new edition incorporates participation and legislative requirements for the National eHealth Records System (NEHRS), a compliance indicator ‘quick check’ checklist, and a compliance indicator matrix and explanatory notes for each of the 12 computer and information security Standards.
Dr John Bennett, Chair of the National Standard Committee – eHealth, said general practices have moved away from paper-based records and towards online systems. In light of this shift, it is absolutely essential that GPs and their practice teams implement computer security measures to protect business and clinical information.
“Computer and information security is not optional; it is an essential professional and legal requirement for using computer systems in the delivery of safe quality healthcare,” Dr Bennett said.
“By securing content held in practice information systems, the practice not only maintains professional responsibilities to patients and ensures practice information remains accessible and accurate, it lessens the risk of greater security breaches and the negative effects these create,” Dr Bennett said.
The CISS provides a record of the 12 basic computer and information securities that should be undertaken across all general practices.
The accompanying workbook, when completed by practice staff, forms part of the general practice’s policies and procedures manual and is becoming more of an integral component of practice life as the profession moves towards the shared management of patient records with the NEHRS.
The CISS has been developed to meet recognised best practices and is aligned with international and Australian standards, current Australian legislation and meets the National Privacy Principles and the national standards in health information security.
“Improving computer and information security in general practice requires adapting to an evolving technological environment, fostering awareness of security and monitoring and improving protection processes. The CISS also continues to reflect changes within eHealth,” said Dr Bennett.
General practice staff and other healthcare professionals can download the 2nd edition CISS.