I think we should ENCOURAGE any timely communication from hospitals.
When the shit hits the fan, it will then make them spend the resources
to do it properly as it will be THEIR business problem.
As long as GP's are not receiving any electronic messages about patient
care the business problem remains OURS.
Don't opt out of the unencrypted emails.
Rob Hosking wrote:
Dear All
I would be interested in other people's ideas to respond to this e-mail
from Pail Oppy at Austin Health.( The Austin is one of the major
hospitals in Melbourne for those who don't know).
I have asked to be removed from their e-mail list suggesting that I will
only receive encrypted e-mail regarding my patients. It concerns me that
such a large public institution is going down the track of using plain
e-mail for this communication with GPs. They also appear to have sought
advice from the Privacy Commissioner which is at odds to the advice the
GPCG received during the Security Project.Like most things, I suspect
that people will interpret things the way they want until it is
challenged legally.
I have referred him to the GPCG Security Guidelines and I am going to
inform him that future GP practice accreditation standards are likely to
be enforcing that communication be encrypted or secure in some other form.
Does anyone have any other thoughts that we can use to implore them to
not proceed in this way? Are there any other major public hospitals
around Australia taking this stance?
Regards
Rob Hosking
GPCG Privacy and Security Standing Committee (?still standing)
Dear Dr Hosking,
Wendy has probably responded to you by now, letting you know that she
will remove your email address from her list, so that you don't receive
unencrypted email from Austin.
I'm responding to you, as Chairman of the Privacy and Security Committee
of the GPCG, on the wider issue of email encryption as it affects all
GP’s with whom Austin communicates via email.
As Director of Information Technology at Austin, I respect and share the
concern of the GPCG about the confidentiality of email messages.
However, I'd like to explain why Austin persists with unencrypted email
and ask your advice.
This issue was considered very seriously by Austin's Privacy Committee
before our current policy was adopted. The recommendations of the
Privacy Commissioner were considered. On balance, the Committee decided
that the benefit of rapid and reliable email communication to GP’s
outweighed the risks to patient confidentiality. Hence, GP’s were
offered the option of receiving messages via unencrypted email if they
preferred that to faxed messages. About 10% of GP's took up that offer.
Recently, Austin consulted the Health Commissioner's Office on this
issue. In brief, the response was:
The law does not state that you_ cannot_ email without
encryption, although we are required to take reasonable
steps to prevent patient information from being lost or
misused and we need to weigh up the benefits of emailing
information against the risks.
Reasonable steps could include:
+ Have an email audit trail of emails that fail – Austin
has this.
+ Ensure that information on patients who have opted out
is not sent out – Austin also has this in place.
+ Have email guidelines that list certain precautions,
e.g. check email addresses, do not use distribution
lists to send patient information, etc. Austin’s
Privacy Committee approved our emailing guidelines
last year.
+ Ask GP’s if they prefer their patient information by
fax or email. We currently do this and our GP database
reflects their preferences.
The Commissioner’s Office thought that emailing is not
necessarily any more dangerous than faxing. It could even be
argued as safer and the risk of fraud or identity theft of
health information is low.
At about the time Austin offered GP’s unencrypted email, the hospital
also put considerable effort into setting up a PKI encryption service
for GP's who wanted to transmit outpatient referrals via encrypted
email. This service was promoted to GP's by the Northern Division of
General Practice and the North East Valley Division of General Practice.
The outcome was that three GP's took up the encryption offer, a minute
percentage.
Austin would have to invest substantial funds in software and
administration to extend encryption to admission and discharge notices.
With very little prospect of significant up-take by GP's, it's
impossible to justify this expense. So, for now, the hospital offers
only unencrypted email, fax or post as GP communication options.
There's a wide range of encryption options available but the hospital is
reluctant to pursue any of these options until it sees where GP
preferences lie. We simply can't afford to introduce multiple solutions,
or solutions which are adopted by only a very small percentage of GP's.
And, presumably, GP's will favour a solution which is common to all the
hospitals and other service providers with whom they communicate
electronically. I'd appreciate your Committee's advice on which
encryption/decryption mechanism would most likely attract a significant
proportion of GP's.
Paul Oppy
Director of Information Technology
*/Austin Health/*
Heidelberg 3084
(03) 9496 3391
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
