The Training Management System (TMS) is undergoing scheduled maintenance on Tuesday 3 October 2023 from 8:00pm to 9:00pm AEDT. During this time, the application will be unavailable. We apologise for any inconvenience caused.

A toolkit for effective and secure use of mobile technology

Phase 1: Planning an mHealth strategy

Step 1. Map your practice activities against the RACGP’s Computer and information security standards

Download PDF

A toolkit for effective and secure use of mobile technology

Step 1. Map your practice activities against the RACGP’s CISS

Why?

Mapping practice activities will get you started on the right path creating a strategy and a positive practice culture around mHealth.

How?

You will need to begin by looking at your existing information security policies.

The following table will allow you to determine the state of your practice’s competency and capacity in computer and information security.

Mapping practice activities against CISS
Standard	Yes	No	If answered no
Roles and responsibilities Our practice has: designated team members who champion and manage computer and information security appropriate position descriptions to document these roles and responsibilities.			Include a written policy that is communicated to practice team members. Assign and train a computer security coordinator.
Information security policies and procedures Our practice has: documented policies and procedures for managing computer and information security.			Include a policy that covers practice team and external service provider agreements. Where applicable, include an eHealth records system policy.
Managing access Our practice: establishes and monitors authorised access to health information.			Include a clearly defined and communicated policy that contains directions on access rights, password maintenance and management, remote access controls, auditing and appropriate software configuration.
Business continuity and information recovery Our practice has: documented and tested plans for business continuity and information recovery.			Include implementable business continuity and information recovery plans to ensure prompt restoration of clinical and business information systems.
Internet and email use Our practice has: processes to ensure the safe and proper use of internet and email in accordance with practice policies procedures for managing information security.			Include details of configuration and use of internet and email. Provide practice team members with training in appropriate internet, email and social media practices.
Information backup Our practice has: a reliable information backup system to support timely access to business and clinical information.			Include information for which systems are to be backed up and how often it must be done.
Malware, viruses and email threats Our practice has: reliable protection against computer malware, viruses and email threats.			Include automatic updating of the virus protection software. Educate the practice team to be aware of risks.
Computer network perimeter controls Our practice has: reliable computer network perimeter controls.			Ensure the firewall is correctly configured and the log files examined periodically.
Mobile electronic devices Our practice has: processes to ensure the safe and proper use of mobile electronic devices in accordance with practice policies procedures for managing information security.			Define the use and secure management of practice-owned and personal mobile devices used for clinical and business purposes.
Physical facilities Our practice: manages and maintains its physical facilities and computer hardware, software and operating system with a view to protecting information systems			Ensure the physical protection of equipment and the use of an uninterruptible power supply ‘UPS’.
Security for information sharing Our practice has: reliable systems for the secure electronic sharing of confidential information.			Ensure the appropriate configuration of secure messaging, digital certificate management and the practice website.

From: Computer and information security standards for general practices and other office-based practices. 2nd edn. East Melbourne, Vic: RACGP, 2013.

The RACGP Digital Business Kit (DBK) can help your practice assess its uptake of eHealth technologies.

The DBK can be accessed at www.racgp.org.au/ digital-business-kits

General practices using webGP to improve practice efficiency and patient outcomes

The Hurley Group consists of 17 general practices across 10 London boroughs, with 100,000 registered patients who are treated for 350,000 minor illnesses and injuries each year at eight of the clinics.

The group began piloting technology services in 2014, building a platform to source frontline peer and specialist advice. Virtual surgeries conduct online consultations with patients, aimed at improving the patient experience and outcomes, and enhancing practice efficiency. The practice website enables patients to email their own GP and select a secure e-consult or 24/7 call back.

A review of 133,000 patient contacts revealed better access, improved health outcomes, practice efficiency and cost savings, as well as less patient overflow in urgent care settings. In addition to empowering patients with access to their medical records, scalable technology solutions are delivered to the frontline of primary care. These solutions have resulted in:

36,000 website hits in six months
83% of patients saying they would recommend this service
95% of interactions rated as very good or excellent
one third of patients go on to self- manage.

Other outcomes included patients being more open about their health issues in an online environment (eg in the case of mental health concerns), care starting sooner, fewer GP appointments, shorter waiting times, and more time for complex cases.¹

Reference

Reform. The future of health. London: Reform, 2014 publication/the-future-of-health-2 [Accessed 7 September 2016].

Did you know you can now log your CPD with a click of a button?

Create Quick log

Advertising