A toolkit for effective and secure use of mobile technology

Phase 1: Planning an mHealth strategy

Step 1. Map your practice activities against the RACGP’s Computer and information security standards

Step 1. Map your practice activities against the RACGP’s CISS


Mapping practice activities will get you started on the right path creating a strategy and a positive practice culture around mHealth.


You will need to begin by looking at your existing information security policies.

The following table will allow you to determine the state of your practice’s competency and capacity in computer and information security.

Mapping practice activities against CISS
Standard Yes No If answered no
Roles and responsibilities
Our practice has:
  • designated team members who champion and manage computer and information security
  • appropriate position descriptions to document these roles and responsibilities.
  • Include a written policy that is communicated to practice team members.
  • Assign and train a computer security coordinator.
Information security policies and procedures
Our practice has:
  • documented policies and procedures for managing computer and information security.
  • Include a policy that covers practice team and external service provider agreements.
  • Where applicable, include an eHealth records system policy.
Managing access
Our practice:
  • establishes and monitors authorised access to health information.
    Include a clearly defined and communicated policy that contains directions on access rights, password
maintenance and management, remote access controls, auditing and appropriate software configuration.
Business continuity and information recovery
Our practice has:
  • documented and tested plans for business continuity and information recovery.
    Include implementable business continuity and information recovery plans to ensure prompt restoration of clinical and business information systems.
Internet and email use
Our practice has:
  • processes to ensure the safe and proper use of internet and email in accordance with practice policies
  • procedures for managing information security.
  • Include details of configuration and use of internet and email.
  • Provide practice team members with training in appropriate internet, email and social media practices.
Information backup
Our practice has:
  • a reliable information backup system to support timely access to business and clinical information.
    Include information for which systems are to be backed up and how often it must be done.
Malware, viruses and email threats
Our practice has:
  • reliable protection against computer malware, viruses and email threats.
  • Include automatic updating of the virus protection software.
  • Educate the practice team to be aware of risks.
Computer network perimeter controls
Our practice has:
  • reliable computer network perimeter controls.
    Ensure the firewall is correctly configured and the log files examined periodically.
Mobile electronic devices
Our practice has:
  • processes to ensure the safe and proper use of mobile electronic devices in accordance with practice policies
  • procedures for managing information security.
    Define the use and secure management of practice-owned and personal mobile devices used for clinical and business purposes.
Physical facilities
Our practice:
  • manages and maintains its physical facilities and computer hardware, software and operating system with a view to protecting information systems
    Ensure the physical protection of equipment and the use of an uninterruptible power supply ‘UPS’.
Security for information sharing
Our practice has:
  • reliable systems for the secure electronic sharing of confidential information.
    Ensure the appropriate configuration of secure messaging, digital certificate management and the practice website.

From: Computer and information security standards for general practices and other office-based practices. 2nd edn. East Melbourne, Vic: RACGP, 2013. 

The RACGP Digital Business Kit (DBK) can help your practice assess its uptake of eHealth technologies.

The DBK can be accessed at www.racgp.org.au/ digital-business-kits

General practices using webGP to improve practice efficiency and patient outcomes

The Hurley Group consists of 17 general practices across 10 London boroughs, with 100,000 registered patients who are treated for 350,000 minor illnesses and injuries each year at eight of the clinics.

The group began piloting technology services in 2014, building a platform to source frontline peer and specialist advice. Virtual surgeries conduct online consultations with patients, aimed at improving the patient experience and outcomes, and enhancing practice efficiency. The practice website enables patients to email their own GP and select a secure e-consult or 24/7 call back.

A review of 133,000 patient contacts revealed better access, improved health outcomes, practice efficiency and cost savings, as well as less patient overflow in urgent care settings. In addition to empowering patients with access to their medical records, scalable technology solutions are delivered to the frontline of primary care. These solutions have resulted in:

  • 36,000 website hits in six months
  • 83% of patients saying they would recommend this service
  • 95% of interactions rated as very good or excellent
  • one third of patients go on to self- manage.

Other outcomes included patients being more open about their health issues in an online environment (eg in the case of mental health concerns), care starting sooner, fewer GP appointments, shorter waiting times, and more time for complex cases.1

This event attracts CPD points and can be self recorded

Did you know you can now log your CPD with a click of a button?

Create Quick log