Electronic sharing of information

Hidden risks

There are a rage of potential information security risk areas that your practice needs to ensure are not overlooked. These include:

• electronic sharing of information
• running unsupported software or hardware
• fax and paper documents
• patient communication via electronic mediums – including email and social media.

Electronic sharing of information

‘Use of electronic communication in the general practice setting is essential, and yet it generates significant medicolegal risk’ .⁹

Your practice may electronically share information via your practice website or social media channels. Sharing information electronically requires a certain level of security to prevent it from being intercepted, changed during transmission or received by unintended recipients. Health information is sensitive by nature, so any communication of this information via electronic or other means must adequately protect your patients’ privacy.

Communication of clinical information to and from healthcare providers should be from within your practice’s clinical software using secure electronic messaging.

Secure electronic messaging involves two processes: encryption and authentication. Encryption means data is electronically ‘scrambled’ so it cannot be read unless the information is decrypted using a digital key. Authentication means the sender can be verified using electronic signatures.

eHealth information exchange in the Australian health system relies on and incorporates encrypted, secure messaging techniques. The software programs used will handle this function and are required to meet Australian standards.

There are two key types of information that your practice may electronically share:

1. information that your practice publishes on your practice’s website or social media channels, accessible by anybody or by restricted groups of people. Your practice should take reasonable steps to prevent others from changing that information.
2. identified clinical information about your patients.

Systems for electronic communication of clinical information are changing with the development of newer technologies, including those that use Fast Health Interoperability Resources (FHIR). Some of the first common uses of FHIR have been to provide two-way communication between GPs’ clinical software and the Australian Immunisation Register and the National Cancer Screening Register.

Currently, the most widely used method of communicating clinical information securely between healthcare providers is secure message delivery, commonly known as SMD.

Providers of SMD are required to meet Australian standards. These SMD packages enable letters and other messages to be sent from within clinical software, and incoming messages to be received into the GP’s electronic clinical inbox, where reports of pathology and medical imaging are received.

Email

In the past, standard email lacked security features, making it susceptible to interception. The security of email has increased as a result of the use of encrypted connections between mail servers.

Some clinical software packages now enable documents to be emailed from within the clinical package to other health professionals and organisations, and to patients. These offer protection via the use of a password to access the email.