The Royal Australian College of General Practitioners has set a series of Standards for the managing of Computer and Information Security Standards to help GPS better manage their IT infrastructure, minimise the risk to patient data, and enable practices to run more efficiently with standards based IT procedures that make practices more efficient.
Extreme Networks has been providing IT support, advice and thought leadership for GP clinics, Hospitals and Specialist practices for over 15 years.

Extreme Networks has been providing IT support, advice and thought leadership for GP clinics, Hospitals and Specialist practices for over 15 years.

The standards cover 12 areas of IT and information security for GP practices.  The GP clinic CISS Guidelines covers legislation from the Office of the Australian Information Commissioner and legislative requirements for a national eHealth record system.  They have been developed to help GPs and other office based health businesses, such as cardiologists and other specialists, physiotherapists and dentists.

Extreme Networks has taken this as a basis for our GP Clinic IT and Security Audit.  We use the Second Edition guidelines, which take into account greater use of laptops, remote access devices, Wifi connections, and the increase in broadband usage and secure messaging.

There are 3 parts to the CISS:

  1. The compliance guidelines – a checklist to be designed as a quick diagnostic to determine areas of priority.
  2. The twelve standards, each one with a compliance indicator and explanatory notes.
  3. The templates to assist practices to create and record their own policies.

Our process includes helping key staff gain an understanding of their roles and responsibilities, to gain an understanding of the shortfalls within the practice and to quickly re mediate those policies.

 Call  0397857162 or email us now to discuss how the GP Information Systems audit can help you meet the standards set by the RACGP, keep patient data secure and make managing your IT system easier and more cost effective.

Standard 1 – Roles and responsibilities

Have you detailed who is responsible for the roles required to effectively manage your IT and your information security?

Standard 2 – Risk Assessment

What risks assessments have you conducted and what improvements as a result have been made?

Standard 3 – Information security policies and procedures

Do you have policies and procedures?  Are they documented and can people find them?

Standard 4 – Managing Access

Who has access to patient data and how is it monitored.

Standard 5 – Business continuity and information recovery

How would your practice deal with a disaster?

Standard 6 – Internet and email usage

What policies govern the use of email and internet?  Are your staff trained on it’s safe use?

Standard 7 – Information backup

Do you have a backup?  When was it last tested?

Standard 8 – Malware, viruses and email threats

Is your anti-virus software working?  Is it best practice?

Standard 9 – Computer network perimeter controls

Do you have a firewall and how is it configured?

Standard 10 – Mobile electronic devices

iPhones, iPads, and other tablets and phones.  Are they properly managed?

Standard 11 – Physical facilities and computer hardware, software and operating system

What is the ongoing maintenance program for your hardware and software?

Standard 12 – Security for information sharing.

How is information shared amongst pathology providers and Medicare?