Information security in general practice

About this resource

    1. About this resource

Last revised: 21 Apr 2023

About this resource

Information security is essential in general practice. Creating an informed, proactive cyber secure workplace culture requires continuous learning and is essential to the resilience and success of your practice and the provision of safe, high-quality healthcare. This resource is designed to give you and your practice team the confidence to protect your information systems. It will equip you with key tools to: 

  • implement robust information security protocols to protect critical clinical and practice data 
  • manage the ever-evolving cyber security risk landscape 
  • successfully prepare for, respond to and recover from crisis situations (i.e., cyber-attacks, privacy breaches and hardware system failures) 
  • align with requirements and legal obligations of the current health technology environment 
  • keep your patients, staff and business safe.  

The information in this resource will also assist you in meeting the requirements necessary for accreditation against the Royal Australian College of General Practitioners (RACGP) Standards for general practices (5th edition).  

Relevant sections of this resource will:

Standards indicator

These include:
  • C6.4A Our practice has a team member who has primary responsibility for the electronic systems and computer security
  • C6.4B Our practice does not store or temporarily leave the personal health information of patients where members of the public could see or access that information.
  • C6.4C Our practice’s clinical software is accessible only via unique individual identification that gives access to information according to the person’s level of authorisation.
  • C6.4D Our practice has a business continuity and information recovery plan.
  • C6.4E Our practice has appropriate procedures for the storage, retention, and destruction of records.
  • C6.4F Our practice has a policy about the use of email.
  • C6.4G Our practice has a policy about the use of social media.

Create a policy

  • provide specific policy content information

Questions and considerations

  • provide critical questions to consider

Tips and information 

  • offer tips and checklists 

Case studies

  • provide relevant case studies