Your browser has 'Cookies' disabled, alert boxes will continue to appear without this feature.

What’s news in eHealth and practice management?

Updating and upgrading practice software: if you think you WannaCry now…

By Nathan Pinskier, Chair, RACGP Expert Committee – eHealth and Practice Systems

Social Media

Be honest: when you receive a prompt to update an app or program, do you usually sigh and click the ‘not now’ button? Updates can be a real distraction and an annoyance. They get in the way of doing what it is you were wanting to do at that moment. And let’s face it, do they really always matter? Maybe yes, maybe no…

What about in your clinical world? How often does your practice run the updates for your management software, clinical information system, secure messaging software and desktop operating systems? Monthly? Weekly? Daily? On-demand? Do you have the latest operating system patches installed right now? Are these patches or updates installed on the server and on every PC in the practice? How do you monitor this? How do you know?

Most organisations either delay these activities or do not have robust systems to monitor the update status. Between the restarts, the install times and data migration requirements, or the cost of purchasing new or updated software and the time it takes to train or monitor staff, updating and upgrading can be a bother. It’s something that can be done later, mañana.

But the consequences of delaying these tasks can be significant and potentially catastrophic.

In 2017, the WannaCry ransomware hit hundreds of thousands of computers across 150 countries. If your computer was infected, you were faced with a nasty choice: pay the hackers a neat little sum within 72 hours, or watch on as they delete all your data. In the UK, the epicentre of the cyberattack, 595 general practices were targeted. Payment is not an option either as the unlock code is rarely provided. Hackers apparently don’t play nice! The Australian Government Stay Smart Online website states, “We recommend that you do not pay the ransom if affected by ransomware. There is no guarantee that paying the ransom will fix your computer, and it could make you vulnerable to further attacks. Restore your files from backup and seek technical advice.”

For businesses affected by attacks like this, there is more at stake than the ransom money. Downtime means lost revenue. For healthcare businesses, patient data may be lost or compromised, a huge issue even before you consider the potential for fines associated with privacy breaches and reputational damage.

The WannaCry hackers preyed on a weakness in old versions of Windows. Microsoft became aware of the problem and released an update to patch it in supported versions of Windows before the hackers unleashed the virus. It spread because many businesses and users hadn’t gotten around to upgrading or updating their systems. Many large companies are still using old and unsupported versions of Windows.

There are other benefits to keeping your software and systems up-to-date. With new releases come new and improved features that can increase operation speed and enhance useability. The latest version of your software will probably have functionality that could improve overall workflow.

Regular maintenance of software and systems is an essential element of practice management. This includes your operating system, clinical information systems, and antivirus or other protective software. An IT consultant can help your practice establish and implement a schedule for updates and upgrades. Your role as a practice owner or manager is to define the terms of the relationship with your IT support consultant and to monitor performance. You don’t need to do it all, but you do need to know that it is being done. The key is to establish a robust and transparent governance process.

In February, the RACGP released Information security in general practice, a guide to assist you to protect your personal information and practice data. It includes information on how to meet relevant requirements for accreditation against the RACGP’s Standards for general practices (5th edition).

Stop delaying those updates, and start thinking about whether it is time to upgrade and how those upgrades can be maintained over time. It might just prevent a major disaster down the line.

Preserve, prevent, protect!

RACGP members can continue the conversation on shareGP


Backups in general practice

Rob Hosking, Deputy Chair, RACGP Expert Committee – eHealth and Practice Systems

Social Media

Imagine walking into your practice tomorrow morning only to discover an overnight power failure has resulted in failure of the server and loss of your practice data. What data would be lost? What data could be retrieved? How quickly could you return to business as usual? What would be the cost to your practice?

Loss of clinical and practice data has the potential to impose significant financial and non-financial costs on a practice. Operational down-time will be dependent on the amount of data lost. Lost bookings can provide for a logistical nightmare. Financial revenue may be affected both short and long term through lack of capacity to operate and reputational loss. Implications for patient safety through loss of complete medical records could be significant and lead to medico-legal risk. Are these risks worth taking?

Emergency response management in general practice is not about laying the sandbags as the flood waters rise or pulling out the garden hose to fight fires. It is about “sandbagging” the infrastructure and resources that allow us to practice by having systems and processes in place that build resilience for such events. In March we celebrated World Backup Day, a timely reminder for us all of the importance of regular and well managed backups in general practice. The RACGP Guide to information back up in general practice provides recommendations, practical advice and checklists, to support general practices achieve secure and reliable information backup and data recovery processes. Well managed data backup is not only sensible, it is a requirement for practices accredited under the RACGP Standards for general practice.

At our practice, where, prior to our landlord finally fixing our roof, we have been affected by flooding rains on a number of occasions, we protect our data by having a nightly backup to portable hard drives that are removed from the premises by our practice manager daily. Our contracted IT support also checks of the integrity of the backups regularly. We also have a UPS (Uninterruptible Power Supply) connected to the server and the main reception computers to allow gradual shutdown and printing of paper appointments for the day in the event of a power fail. Our practice team are all aware of the protocol in the event of power fail and we had to implement this only a few days ago for an hour or two.

I would love to be able to install a large battery to run the whole practice for a while but the current costs of these, our power system (two meters/circuits and old wiring) and a landlord situation make this too difficult at present. We may also move our data back up to the Cloud in future, but have not yet.

How do you manage your backups?

RACGP members can continue the conversation on shareGP


RACGP Technology Survey – 2017 Report

Social Media

In October 2017, the RACGP released its annual survey to explore the views and attitudes on the use of technology in general practice. A 10-minute online survey was distributed to GPs across Australia. In total, 1014 GPs participated in the survey, and 749 responses were considered for analysis.

Our survey indicates that GPs remain optimistic about the use of eHealth technology and its ability to improve productivity and care coordination. We know more GPs are recommending health apps to their patients, but uncertainty about medico-legal issues means that almost 50% have not adopted the use of apps to support patient care. Participants indicated they would like to engage in professional development opportunities in the use of technology and in how to incorporate eHealth technologies and solutions into patient-related work, including education on the use of My Health Record.

The RACGP hopes the results provide a stimulus to discuss increased adoption of digital technologies in general practice while achieving the best health outcomes for patients.

The RACGP Technology Survey – 2017 Report is available here.


Social Media in General Practice

By Nathan Pinskier, Chair, RACGP Expert Committee – eHealth and Practice Systems

Social Media

Like it or loathe it, social media is now firmly established as a key communication, engagement and information sharing tool.

Many general practices around Australia have embraced social media as a cheap and convenient way to connect with patients and other healthcare providers and as another channel to attract new patients to the practice.

I want to remind GPs and other general practice staff that along with these aforementioned benefits, come several risks.

Information posted and shared in social media forums is difficult (virtually impossible) to permanently delete. Without robust security and user control settings, it is very difficult for practices to control who can see, engage with and comment on posts and information on a social media page. And this is not just about negative interactions and comments. If a patient leaves a positive testimonial on a website, which could also be in the form of a review, it could potentially breach national law about advertising of health services. See the Medical Board of Australia’s Guidelines for advertising regulated health services. Facebook does allow business pages to turn off the review function, which the RACGP strongly recommends. 

Another key consideration is how our use of social media in a private capacity can have unintended consequences for us in a professional capacity. You may recall a story in the medical press last year about a rural GP whose personal Facebook post, joking about the inconvenience of afterhours call outs, landed him in hot water. This goes to show that the boundary between personal and professional when it comes to social media is far from definitive. We must always think before we post, whether on the practice’s or our own social media pages, and revisit our privacy settings routinely.

To counteract these risks, general practices that use social media in any capacity should have a policy about its use. In fact, social media-using practices must have a policy in place if they wish to be accredited against the RACGP 5th edition Standards for General Practices launched in October 2017. The RACGP eHealth team has developed a Guide for the use of social media in general practice which includes an example of a social media policy general practices may wish to use.


Using your data to improve your practice

By Rob Hosking, Deputy Chair, RACGP Expert Committee – eHealth and Practice Systems

Back up

Below is an example of how we used our practice computer system to improve our patient care while also improving our income.

With the Federal Government program to fund Shingles vaccine (Zostavax) for all patients aged 70-79 our nurses have used our database to target these patients with telephone calls advising them this is available and arrange appointments for this at the same time if they were willing.

With dedicated work since inception of the government program in November 2016 we have reached all of our patients in this age group who have not had shingles in the last year and not on an immunosuppressant (these are contraindications) and offered them the vaccination. Our nurses did a simple search in our Best Practice software. With more sophisticated searches we plan to use the PEN-CAT data extraction tool. We started with those who were 79 and about to turn 80 (and then would no longer qualify under this program) and worked backwards to age 70. We have called everyone in this cohort and have successfully vaccinated over 70% of them which we are informed is more than double the average for other practices Australia-wide. With accurate data it has made things much easier. Calling these people also gave us an opportunity to tidy up our database by removing (inactivating) those patients who no longer attend. Fortunately, because we pay strict attention to inactivating deceased patients when we learn of their passing, we did not have any embarrassing calls asking id dead people wanted a vaccination!