Back to Search Start Over

Guidelines for computer security in general practice

Authors :
Peter Schattner
Catherine Pleteshner
Heinz Bhend
Johan Brouns
Source :
Journal of Innovation in Health Informatics, Vol 15, Iss 2, Pp 73-82 (2007)
Publication Year :
2007
Publisher :
BCS, The Chartered Institute for IT, 2007.

Abstract

Background As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. Objective To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Method Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. Results The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. Conclusions This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

Details

Language :
English
ISSN :
20584555 and 20584563
Volume :
15
Issue :
2
Database :
Directory of Open Access Journals
Journal :
Journal of Innovation in Health Informatics
Publication Type :
Academic Journal
Accession number :
edsdoj.54fc6ff6e7724605b82a0f29918194af
Document Type :
article
Full Text :
https://doi.org/10.14236/jhi.v15i2.645