The standards cover 12 areas of IT and information security for GP practices. The GP clinic CISS Guidelines covers legislation from the Office of the Australian Information Commissioner and legislative requirements for a national eHealth record system. They have been developed to help GPs and other office based health businesses, such as cardiologists and other specialists, physiotherapists and dentists.
Extreme Networks has taken this as a basis for our GP Clinic IT and Security Audit. We use the Second Edition guidelines, which take into account greater use of laptops, remote access devices, Wifi connections, and the increase in broadband usage and secure messaging.
There are 3 parts to the CISS:
- The compliance guidelines – a checklist to be designed as a quick diagnostic to determine areas of priority.
- The twelve standards, each one with a compliance indicator and explanatory notes.
- The templates to assist practices to create and record their own policies.
Our process includes helping key staff gain an understanding of their roles and responsibilities, to gain an understanding of the shortfalls within the practice and to quickly re mediate those policies.
Call 0397857162 or email us now to discuss how the GP Information Systems audit can help you meet the standards set by the RACGP, keep patient data secure and make managing your IT system easier and more cost effective.
Have you detailed who is responsible for the roles required to effectively manage your IT and your information security?
Standard 2 – Risk Assessment
What risks assessments have you conducted and what improvements as a result have been made?
Standard 3 – Information security policies and procedures
Do you have policies and procedures? Are they documented and can people find them?
Standard 4 – Managing Access
Who has access to patient data and how is it monitored.
Standard 5 – Business continuity and information recovery
How would your practice deal with a disaster?
Standard 6 – Internet and email usage
What policies govern the use of email and internet? Are your staff trained on it’s safe use?
Standard 7 – Information backup
Do you have a backup? When was it last tested?
Standard 8 – Malware, viruses and email threats
Is your anti-virus software working? Is it best practice?
Standard 9 – Computer network perimeter controls
Do you have a firewall and how is it configured?
Standard 10 – Mobile electronic devices
iPhones, iPads, and other tablets and phones. Are they properly managed?
Standard 11 – Physical facilities and computer hardware, software and operating system
What is the ongoing maintenance program for your hardware and software?
Standard 12 – Security for information sharing.
How is information shared amongst pathology providers and Medicare?