Information security in general practice
Trina: I think most practices these days have external I.T. providers that do their upgrades, their maintenance, their perimeter controls, their security and stuff. Anybody that has any access to the servers, the information, or the equipment must have a confidentiality agreement that is signed, sealed, and witnessed. These need to be updated at regular intervals and I.T. providers also need to be part of the training that takes place within the practice team, because even though they're not on-site a lot of the time, and they’re not actually clinical, they are a very integral part of your practice team. So ‘network perimeter controls’ are really important and it's important to understand what they are. So they’re what separates your private network, your practice, from the great outside… from the public. So they're not usually just one layer like a fence, they’re usually a multi-layered buffer zone a bit like a Babushka doll or onion skins with lots of layers around it. What it does, it actually traps and stops unwanted traffic in, so that Intruders can't get in and steal your information or look at it. But it also acts as a barrier to what can be taken out of your private network. So only stuff can be taken out when it’s adequately encrypted with certificates or identifiable. So it's a bit like the demilitarized zone, so it stops intruders coming in and it stops stuff escaping that you don't want to, and it's controllable. And one of the most important things is that you have to keep auditing it and do tests on it to make sure that the perimeter is still secure.
Steven: General practice, like all databases, needs to be backed up. There needs to be a copy made that's available when needed and securely stored. Most General practices will have a database and that will be backed up internally as well as potentially externally. So the external residence for that backup can either be on a portable hard drive (the thing can be can be removed) or it can be on another computer which is off-site, or it can be within the clouds. Cloud storage enables really top security to be developed that allows the data itself to be secure and hence the information to be retained and available at any time in its original state. The data itself is still owned by the general practice. The cloud service provider is just doing that - it's providing a service of storing the data, it does not own the practice data.