News
Is your practice prepared against data loss and data theft?
Business as usual can grind to a halt without reliable backup systems in place – and can result in major cost blowouts, writes Dr Rob Hosking.
Backup is critical for general practice data – is your practice protected against data loss and theft?
For years, general practice has led the way with the uptake of new digital health systems and processes, an initiative that has yielded multiple benefits.
As a result, digital health records can now be easily accessed by GPs and securely shared with multidisciplinary teams to streamline the coordination and communication required for delivering high-quality patient care.
However, digital records are not immune to being compromised by cyber threats or natural disasters, such as fires and floods, both of which are now occurring with ever-increasing regularity.
The devasting cost of not testing your practice’s backup systems can be significant – and it happens more often than you would think.
If access to medical records is interrupted, or lost entirely, the costs are not just financial but also include risking the reputation of the entire practice. Not only are backup processes required to meet accreditation, but they also provide business continuity in the case of data loss or data theft.
Patients trust us, as GPs, to keep their data safe and secure.
A lost medical record could certainly compromise a patient’s trusting relationship with their GP, while an event as simple as a loss of power can be enough to corrupt a practice database.
A common mistake I see is when backups are running but are not tested and validated regularly (daily is recommended) for readability, running the risk of discovering unusable data that cannot be recovered.
Backup failures are often only detected when it is too late and necessary to use the backup to restore data. This type of loss to clinical and business data would be both expensive and disruptive for staff and patients involved, and may see your practice’s ability to deliver vital care put on hold for days or even weeks.
At my practice, we also print out a copy of the following day’s appointments each evening and keep this in a secure storage unit in case of an overnight computer failure. It provides us with peace of mind knowing that at least during a data recovery period, my practice has basic details to ensure some level of continuity.
What is ‘backing up’?
Backup involves copying files or databases so they are preserved in the event of equipment failure or other catastrophes.
Practices must have robust backup procedures in place. For practices using cloud-based systems, it is also recommended to consider cloud-to-cloud backup solutions.
It is highly advised to keep separate copies of your critical business data in multiple places in case data loss occurs. This data needs to be kept safe, offsite and, if possible, encrypted.
The more secure copies of data you have, the safer it will be.
These are further detailed in the RACGP’s recently updated Information security in general practice resource. The Information backup module in the resource is a helpful and easy to understand guideline I have relied on for protecting my practice’s data.
What types of data need to be backed up?
All information that is critical to the operation of your general practice should be backed up. This includes:
- clinical information system data, including patient healthcare information
- patient demographic and contact details, billing and financial information, appointments, and practice management
- business management information including staff details, payroll, IT, and any relevant third-party contact details
- web page data.
There are also various types of backup that each come with pros and cons to be considered. These include cloud backup, local backup, offsite backup, and online backup. A combination of these is also recommended.
Surprisingly,
29% of data loss cases are caused by accident. Therefore, it is equally important your practice team is educated and provided training on backups, particularly for those directly involved with backup processes.
We have a practice policy that details backup procedures and how backup data is stored and managed. This policy also outlines which practice team members are trained and authorised to perform backup procedures and how to restore critical practice information.
Storing copies of your business-critical data and backup (both onsite and offsite) are recommended.
You may wish to work with a third-party IT provider to manage your backups. When selecting a provider, I recommend referring to the RACGP
Information backup module for guidance on important questions required to ensure clarity on their roles and accountabilities.
Now is the time to take action and ensure your practice is making backups that are secure, robust and validated. Preparation is key to protecting your valuable practice data.
More information
Log in below to join the conversation.
cloud computing cyber security cyberattack information security risk assessment World Backup Day
newsGP weekly poll
Is it becoming more difficult to access specialist psychiatric support for patients with complex mental presentations?