Standard 12: Security for information sharing
Our practice has reliable systems for the secure electronic sharing of confidential information
The compliance indicators listed in the matrix identify the specific actions that comprise good security practice for Standard 12.
It is assumed the practice will provide appropriate education and training to facilitate compliance with this Standard.
The compliance indicators at level 4 reflect the minimum level of computer and information security acceptable for this Standard. The compliance indicators for higher levels provide the basis for incremental security improvement.
|Security for information sharing compliance indicators||Level 1 Initial||Level 2 Repeatable||Level 3 Defined||Minimum||Level 5 Optimised|
|Level 4 Managed|
|12.1 Policy content
||No formal policy
||No complete written policy
||Complete written policy
||Complete written policy, periodically reviewed
||Complete written policy, reviewed annually
|12.2 Policy communication
||Policy not communicated to the practice team
||Policy communicated verbally to the practice team
||Policy communicated in written format to relevant practice team members
||Policy communicated in written format, training provided and all practice team members have access to the policy
||Policy available in written format to relevant practice team members
Regular training for the practice team and communication strategy reviewed against policy
All practice team aware of the content and implications of the policy
|12.3 Secure messaging
||Status of certificates unknown
||Certificates expiry recorded
||Medicare and NASH certificates stored securely and the expiry of each recorded
||All certificates stored securely and the expiry of each recorded
||All certificates (Medicare, NASH and commercial) stored securely and the expiry of each recorded
Record kept of which certificate is installed on which computer and device
|12.4 Healthcare identifiers
||No training provided
||Induction training only provided to practice staff members
||Training on the use of healthcare identifiers undertaken ad hoc
||Training on the use of health identifiers undertaken as required when first used or when changes occur in the service
||Regularly updated training for practice team members on the use of healthcare identifiers
|12.5 Practice website safety and security
||Website installed but not updated.
||Website shares server with other practice data
||Website on a separate server to other practice data
||Website hosted externally or on a separate server to practice data, not accessible directly through the practice network
||Website hosted externally or on a separate server to practice data and using a DMZ
|Adapted and reproduced with permission from Dr Patricia Williams
Helpful templates for this Standard
Template 12.1 will assist in achieving compliance. Completion of this template will ensure you have fully documented the requirements of this Standard.
Securing electronic information is essential and requires higher security standards because:
- it can prevent information being intercepted or changed during transmission
- it can prevent information being received by unintended recipients
- it is easier to disseminate electronic information and therefore lose control of the information
- there are better security measures available to protect electronic health information than other methods of communication
- it may be difficult to detect accidental or malicious changes to a record.
12.1 Policy content
Establish written policy and procedures for secure communication. All patient-related information sent electronically between healthcare providers should be sent by secure message delivery (unless there is an overwhelming reason not to, such as putting a patient or healthcare professional at risk). The policy will include the practice policy for electronic communication of patient records and other confidential information with healthcare professionals and patients. This may involve encryption and associated procedures. The policy should also include the processes required when a healthcare professional terminates their contract or employment with a practice.
12.2 Policy communication
The policy should be in written format and communicated to relevant practice team members.
12.3 Secure messaging
There are broadly two types of electronic information transfer that are relevant to general practice: secure message delivery and communication via standard or unencrypted email.
Secure message delivery
Secure message delivery (SMD) involves two processes: encryption and authentication. Encryption means that data is electronically ‘scrambled’ so that it cannot be read unless the information is decrypted. Authentication means that the sender can be verified; this is done using electronic signatures. E-health information exchange in the Australian health system relies on and incorporates encrypted, secure messaging techniques. The software programs used will handle this function and are required to meet Australian standards.
To use SMD both the sending and receiving parties must use compatible encryption processes. SMD is technically complex and does not need to be understood by practices as SMD vendors must conform to Australian standards.
SMD can be either P2P (point-to-point), where information is sent from a specific sender to a specific recipient or recipients, or P2shared (point-to-shared), where information is sent from a specific sender to a shared record such as with the national eHealth record system.
The storage of the digital certificates and recording of expiry dates needs consideration. Store certificates securely – this means the original disk and serial numbers. Further, keep documentation on which computers the certificates are installed.
Communication via standard or unencrypted email – email can be intercepted, retrieved and read by unintended receivers without authorisation
Emails can legally be read by an internet service as messages pass through the provider system. This is in contrast to messages directly transmitted such as telephone calls and faxes, which are subject to interception legislation.
What constitutes appropriate electronic messaging with patients is a question that every practice must address. Whether communicating via email or via social networking sites (if the practice permits this), practices should ensure that data security remains paramount. Practices need to adopt a policy on the appropriate and safe use of email to ensure no privacy breaches – for both the practice and the patients. Given that most patients do not use encryption programs, emails between practices and patients need to be cautious and limited in scope, for both security and clinical safety reasons.
Providers/practices should not send confidential data via email or the internet. A suggested email and internet policy, which includes security and safety considerations, can be found in Section 6. In addition, a template for recording secure electronic communication systems and purposes is included in Template 12.1.
12.4 Healthcare identifiers
Healthcare identifiers underpin secure transmission of data and patient and healthcare provider identification. Healthcare identifiers are unique 16 digit numbers that comply with international identification standards. They are non-sequential, randomly allocated and not searchable. The identifiers are administered through the national Healthcare Identifiers Service (HI Service). The use of healthcare identifiers ensures better identification of individuals and healthcare providers and means individuals and healthcare providers have increased confidence that the right health information is associated with the right individual at the right place and time. The use of and access to healthcare identifiers are governed by the Healthcare Identifiers Act 2010 (Cwlth).
Four types of healthcare identifiers are assigned by the HI Service:
- individual healthcare identifier (IHI): every Australian has an IHI whether are receiving healthcare or not. An IHI is to electronically link healthcare information about the individual.
- healthcare provider identifier – individual (HPI–I): for healthcare providers registered under the Australian Health Practitioner Regulation Agency
- healthcare provider identifier – organisation (HPI–O): healthcare provider organisations (e.g. a hospital or general practice)
- contracted service provider.
Healthcare providers who are identified with an HPI–I or HPI–O or an authorised employee can access the HI Service to obtain the IHI of a patient receiving healthcare. This means practice team members will require education and training on the implications and use of healthcare identifiers.
The Healthcare Identifiers Act (Division 5, 27 Protection of healthcare identifiers) stipulates that reasonable steps must be taken to protect the identifiers from misuse, loss and unauthorised access, modification or disclosure. Further, the healthcare identifier for an individual is taken to be personal information and therefore is also subject to the Australian Privacy Act 1988 Para 28(1) (h).
To participate in the Australian national eHealth record system, healthcare organisations and healthcare providers need to obtain nationally trusted digital credentials (public key infrastructure [PKI] certificates). These certificates authenticate, encrypt and seal the message and can also be used to connect to national repositories.
Healthcare organisations will need to install two PKI certificates: a Medicare claims and payments certificate (location or site certificate) for HI Service access and a National Authentications Services for Health (NASH) PKI certificate to access the national eHealth record system and for secure message delivery.
Healthcare providers and other authorised staff may also require digital certificates issued on tokens (smart cards or USB) for individual access to national repositories.
In addition, a range of commercial certificates are used for a variety of purposes, such as laboratory results.
Message system record
If more than one electronic communication method is used (for communication with different health organisations), each one should be documented separately. Template 12.1 provides a form for recording the messaging systems used in the practice.
12.5 Practice website safety and security
It is important that the information on practice websites is up to date and does not invite unsafe practices. For example, patients might wish to contact the practice via their website, but they need to be advised that sensitive clinical information should not be transferred in this way, and that there might be a delay in obtaining a response to their queries if they send a request in this way. The practice must abide by the Guidelines for Advertising of Regulated Health Services set by the Medical Board of Australia (www.medicalboard.gov.au/ Codes-Guidelines-Policies.aspx).
There are additional security risks if the practice website is hosted on the same computer that holds the practice data. It is strongly advised not to have patient data on the same computer as your web server. If there is a security breach through the practice website there is a potential risk that the practice data will be vulnerable. In addition, if your practice allows appointments to be made through the website, then no patient names should be stored in the web server database. Your technical service provider will be able to advise on the best methods to secure your website as this may require the use of a demilitarised zone (DMZ), which separates the website and services that patients may access from the main practice systems.
The general practice website is a communication method that requires maintenance to ensure that the information held within the site is current and correct. The documentation includes identifying the timeframe for regular review of the website. If using the website for information transactions of any sort, for example online appointment bookings, these transactions should be encrypted. The practice will need to identify which practice team member is responsible for the practice website and document this in the practice team member’s position description.
Email and internet policies including practice websites help to ensure that confidential information is kept secure and private.