Third party software security

Third party software security

Third-party software, including ‘add-on’ programs, are commonly used in general practice to enhance practice and clinical systems and to transfer clinical information. For example, data extraction tools, administrative products, and online medical appointment scheduling applications are used to analyse and improve business and clinical performance. Third-party software is also used for electronic prescription exchange and to send secure communications.

Using third-party software can expose your general practice system to threats. Using this software without appropriate information security processes in place can result in core database integrity compromise, unauthorised access into your practice system and data breaches.

Your practice may be using multiple software packages from different vendors that access clinical and/or administrative data to perform a range of functions. It is important to consider how these packages send or store data outside the practice and its systems. This includes for 'comprehensive clinical packages'.

Third-party software often uses practice data to complete functions and produce reports. For example, it can be used to provide health information to external organisations for research or population health planning. Your practice team needs to know what the third-party software is doing with any practice data, as consent should be sought for any secondary use of data – that is, information used for purposes other than for what it was originally collected.

See section on secondary use of data for more information.