Feature

Protecting practices against the potential threat of cybercrime


Morgan Liotta


18/05/2018 3:05:32 PM

Following Privacy Awareness Week (13–19 May), the RACGP has a number of resources to guide health organisations in the right direction to protecting patients’ private data.

The RACGP has a number of resources that relate to data privacy and protection.
The RACGP has a number of resources that relate to data privacy and protection.

A recent cyber attack on a NSW family planning clinic’s website, which breached the privacy of around 8000 patients, has prompted the chief executive of the organisation to issue an apology and the state’s Health Minister to request confirmation that all health-funded government organisations comply with relevant privacy and data standards.
 
So what can health organisations do to avoid these types of cyber attacks, where patients’ private information is compromised – presenting risk to both the organisation and its clients?
 
‘It has to be a general consideration of the culture of the practice to be aware of patient privacy,’ Dr Rob Hosking, GP and Deputy Chair of the RACGP Expert Committee – eHealth and Practice Systems, told newsGP earlier this week.
 
Dr Hosking believes following basic ‘physical’ measures can help, such as locking computer screens if leaving the room so people cannot see the previous patients’ records, and having screens not visible at the front desk when patients check in and out.

The RACGP’s Information security in general practice covers the increasing threat of cybercrime and the effect this is having on general practices.
 
The guide states that general practices and other small businesses are at particular risk of cybercrime, as ‘their information security defences are more easily breached in contrast to larger businesses that often dedicate more resources to digital information security’.
 
Information security in general practice provides guidance for clinics to securely protect their patients’ data, including legal obligations, management processes, risk analysis and security governance. It also promotes the prevention of inappropriate access, protection of personal information, and preservation of data.
 
RACGP resources



cybercrime data eHealth information-security privacy





Comments



 Security code