Interview

Q&A: Why does information security matter in general practice?


Doug Hendrie


26/04/2019 11:50:34 AM

GP – and former IT systems administrator – Dr David Adam wants GPs to know why information security is so important.

Dr David Adam
Dr David Adam, GP and former IT systems administrator.

Dr Adam, a member of the RACGP Expert Committee – Practice Technology and Management, will be presenting one of the RACGP’s upcoming eHealth webinars, which will take place on Tuesday 30 April and Thursday 2 May.
 
He recently spoke with newsGP about the importance of information security.
 
What do GPs need to know about information security?
As we deal with more and more information in our practice, we need to understand the systems that provide and store this information.
 
Like the human body, we need to know how they work, but also how they can fail and what steps can be taken to avoid harm.
 
You don’t need to have a highly technical understanding, but you do need to know the kind of questions to be asking and policies you should have in place.
 
Why should GPs take this seriously? Why does this matter?
Many of us look after patients with sensitive problems – whether they are public figures, survivors of abuse or violence, or suffering the stigma of particular conditions. Unauthorised or improper access to this information can be devastating.
 
On a broader scale, it is rare for sophisticated hackers to target small healthcare organisations specifically, but we are a target of convenience. We have generally set up our systems to work as quickly and easily as possible, with security a second thought, but there does not always have to be a trade-off between the two.
 
What is the worst that can happen in terms of a practice’s information security?
A number of practices have lost their entire patient record, which has to be reconstructed from backups and is an expensive and time-consuming exercise.
 
A practice in the United States recently decided it was easier to cease trading a few years earlier than planned rather than undergo the process.
 
What are your take-home tips?
Involve everyone in the practice in information security – people need to understand why policies are in place, otherwise they will work around them
 
Use a different password for your work systems than you do anywhere else.
 
Don’t open email attachments you didn’t request.
 
If you have remote access to your systems, ask your practice IT staff about two-factor authentication.
 
Read the RACGP’s guide to Information security in general practice.



data information security patient records practice management security



Login to comment