Information security in general practice
Information security strategy
Last revised: 21 Apr 2023
It is vital for practice team members to be aware of their roles in information security. All practice team members require a position description clearly defining and documenting their roles and responsibilities and access to clinical and/or business information.
It is recommended that your practice appoints an information security lead to champion and manage information security.
The information security lead does not need to have advanced technical knowledge, but should be comfortable with your practice’s computer operating systems and other relevant software. They should also possess management skills to develop information security policies and to raise awareness of information security governance, help foster a strong security culture and ensure access to adequate and appropriate training for your practice team.
The information security lead will determine what aspects of information security in the practice are outsourced to external technical service providers.
C6.4A Our practice has a team member who has primary responsibility for the electronic systems and computer security.
You must have at least one team member who has primary responsibility for the electronic systems and computer security.
Your practice policy should include the specific information security roles and responsibilities of each practice team member.
Your policy should cover:
Advertising