Your practice may electronically share information via your practice website or social media channels. Sharing information electronically requires a certain level of security to prevent it from being intercepted, changed during transmission, or received by unintended recipients. Health information is sensitive by nature, so any communication of this information via electronic or other means must adequately protect your patients’ privacy.
Communication of clinical information to and from healthcare providers should be from within your practice’s clinical software using secure electronic messaging.
Secure electronic messaging involves two processes: encryption and authentication. Encryption means data is electronically ‘scrambled’ so it cannot be read unless the information is decrypted using a digital key. Authentication means the sender can be verified using electronic signatures.
eHealth information exchange in the Australian health system relies on and incorporates encrypted, secure messaging techniques. The software programs used will handle this function and are required to meet Australian standards.
C6.4 C Our practice’s clinical software is accessible only via unique individual passwords that give access to information according to the person’s level of authorisation.
Create a policy
Your practice should take reasonable steps to make any electronic communication of health information safe and secure.c
Your policy should cover:
- how patient-related and other confidential information is sent electronically between healthcare providers
- your practice’s approach to using email to communicate patient-related and other confidential information between healthcare providers and patients
- the maintenance of your website to ensure information is current and correct
- encryption for online transactions such as appointment bookings
- who in your practice team is responsible for maintaining the practice website
- use of social media for your general practice.
- Digital certificates for electronic communication software (the original disk and serial numbers) should be stored securely.
- Documentation on where certificates are installed should be maintained, and the expiry of each recorded.
- Some software automatically renews your Public Key Infrastructure (PKI) certificate. Other software will require manual reinstalling, so make sure you know how to keep these current.
Risks of running unsupported software or hardware:
- No security patches or updates – most software vendors will release updates and security patches to protect against new security threats. When your software stops being supported these updates stop for your system. Not using supported hardware and software can place your general practice at risk of data breaches and subsequently of complaints being filed, audits and fines.
- Software incompatibility – software vendors may no longer provide support for their software if other software installed on your system is out of date.
- Loss of functionality – software relies on the hardware it is installed on, so running unsupported software or hardware compromises information security.
- Increased data breach risk – the damage to your practice’s reputation if you lose practice information to a data breach can be detrimental.