The Information Security Guide for small healthcare businesses has been developed by the Australian Digital Health Agency (ADHA) and the Australian Government's Stay Smart Online service to assist general practice to safely store confidential patient and other information.
The security of patient information is paramount to providing high quality and safe healthcare. A significant source of data breaches occur due to human error, with nearly half of these data breaches occurring when information is sent to the wrong recipient (OAIC Data Breach Report 2021 - OAIC’s recent data breaches report).
The RACGP has developed Information Security in General Practice to assist practices to meet their legal obligations for information security and the necessary requirements for the accreditation Standards for General Practices (5th edition).
Using email in general practice
General practices must ensure their communication of health information is safe and secure, and only able to be received and read by the intended recipient. Unencrypted and unsecured email can create risks to the privacy and security of personal and sensitive health information.
The RACGP has developed the fact sheet Using Email in General Practice to provide information for general practices about using email to communicate health information with patients, health organisations, and third parties, and to support practices to make an informed decision on whether to use email at their practice.
To support these guidelines the RACGP has developed a risk matrix to assist practices in determining the level of privacy and security required in order to use email in general practice for communication.
Selecting Secure IT products and services
The Australian Digital Health Agency has produced a guide for healthcare providers to assist with selecting secure IT products and services and is a companion to ADHA's Information Security Guide for Healthcare Businesses.