We're aware of a cyber security incident affecting the electronic prescriptions provider MediSecure. The eRX Script Exchange (eRX) and the National Prescription Delivery Service (NPDS) continue to operate as usual and have not been impacted. Find out more and read our statement here.

Information security in general practice

Securing your network and equipment

Cloud computing

        1. Cloud computing

Last revised: 21 Apr 2023

Cloud computing

Cloud computing refers to using a server located outside the practice. Typically, these off-site servers are operated by a provider in contract with the practice or its service company. This relieves the practice from having to own and maintain servers and data storage hardware, and from having to perform and check backups of its data.

Cloud-based services in general practice are more commonly used for data storage or for public services such as website hosting. As cloud-based technology has advanced, a number of clinical software vendors now offer cloud alternatives for general practices and there are new opportunities to move more business functionality into a cloud environment.

Cloud computing services can be an efficient way for practices to manage their IT, as they allow access to practice information from anywhere there is an internet connection.

Moving to cloud-based services can reduce the cost of managing and maintaining your local IT systems. Rather than purchasing expensive hardware for your business, it may be useful to do a cost analysis to see if you can use the resources of your cloud service provider. Doing so may reduce the costs associated with:

  • organising and running system upgrades
  • purchasing and maintaining new hardware and software
  • hiring external IT staff
  • energy consumption, because you no longer have to provide specific environmental conditions for servers and other hardware.

Cloud-based services can improve your practice’s ability to communicate and may increase efficiencies through:

  • the easy sharing of records with third parties
  • the ability to access patient records outside of your practice during home visits or case conferences
  • creating more flexible work practices through the ability to quickly and easily access data
  • regular and automated updates or upgrades included in your contract
  • improved backups and restoration that can be much simpler and timelier.

However, information security in a cloud-based environment requires additional considerations. When patient and practice data is surrendered to a third-party cloud service provider, you may need to consider the increased potential for data breaches, ownership rights to the data and ongoing data access.

If using cloud services, your risk assessment will also need to consider:

  • accessing cloud-based data in the event of an outage or service interruption to your internet connection
  • technical issues with your cloud service provider such as hardware failures, faulty vendor software, lack of software and hardware version control
  • scheduled or unplanned outages from the cloud service provider
  • accessing data stored across multiple locations
  • increased risk of attacks by malicious software for data stored offsite
  • unauthorised access as data travels across networks
  • physical security of offsite cloud storage facilities
  • appropriate data governance concerning privacy and security
  • access to data in the event of changing to another cloud service provider.

For more information on risks refer module on risk management