Greg I agree that the guidelines should be updated in view of the experience of many, plus the relatively recent inclusion of IT in practice accreditation. The issue of surveyors being competent to judge IT is one that has concerned the RACGP.
In part, this is a legacy of the government removing funding from various components of GP computing. Maybe the RHIMOs can do a bit, but really, not all that much in this area. Peter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Twyford Sent: Monday, 26 March 2007 11:41 AM To: General Practice Computing Group Talk Subject: Re: [GPCG_TALK] backup! Peter Schattner wrote: > Greg > > The GPCG security guidelines do say that when GPs are not sure, they should > get professional IT advice. This is specifically referred to in the section > on practices having IT 'coordinators', i.e. a person who rings for > technician help. > > Do GPs know when they are not sure? Well, do they know if they should be > managing a patient who might possibly have appendicitis? Do they have the > insight to know when to refer to a surgeon? It's the same thing. We have to > rely on people knowing their limitations. Most GPs should know that their > knowledge of IT is VERY limited, and all practices should have professional > IT support. > > Peter Peter, Unfortunately the message wasn't stated very strongly at all, and in a great many cases it hasn't gotten through. This issue is discussed among Division IM&T staff and technical support guys as a matter of routine. A bit like the Help Desk horror stories one sees in the media at times. Very few GPs I know have read the GPCG security manual, a few more have read relevant bits of the college standards, which says very little about skills or training. In the GPCG manual, training of the co-ordinator is recommended, but without any detail or clarification of what that means or where staff would get it. IT degree, tech. course, 10 minutes with the Division IM&T person or the tech. support guy, if they have one? No courses focussed specifically on practice IT management and security exist to my knowledge at TAFE or other levels. In many practices GPs haven't got either the skills or time to do this stuff properly, they are reluctant to pay for it and may not have staff who they could reasonably expect to upskill on this stuff. Professional support is kept to the bare minimum because it costs them money. What the standard lacks is a set of examples about how you might do things. One example should be something like: 'Limited in house IT knowledge or experience - Contract or employ qualified person to manage ongoing practice security - guidelines in appendix A'. A bit like TG I suppose. Many of us in NSW took Richard Smith to task about this at a conference in late 2004, and if you remember I sent you an e-mail along the same lines. Nearly three years later lots of practices haven't still got the skills they need and it needs another effort. The argument might be that this will be an imposte on practices, Medicare, etc., but if the situation of IM security and privacy is to be taken seriously, which it must in the long-run as practices have little choice but to adopt it increasingly, then the house will fall down. Greg > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Greg Twyford > Sent: Monday, 26 March 2007 10:42 AM > To: General Practice Computing Group Talk > Subject: Re: [GPCG_TALK] backup! > > Horst Herb wrote: >> http://www.smh.com.au/articles/2007/03/22/1174153207365.html >> >> Horst > > Horst, > > This is the register's version of events. Much less flattering. > >> http://www.theregister.co.uk/2007/03/21/alaskan_billion_dollar_wipe/ > > I had a GP in distress after her accreditation survey over being taken > to task over not having test backups mentioned in her security manual. > Fine, except they aren't in the RACGP standards, so what is the basis > for the surveyor's view? > > Yes I've had GPs overwriting new data with old, trying to do the right > thing. The real problem is that the GPCG security guidelines, on which > the college's standards are based, didn't say 'And if you don't have > training in IT, pay for someone who does to do these critical tasks'. > > As a result we have lots of practices where GPs try to do things they > know nothing about and corrupt data, break servers, etc. No one wants to > frighten the horses, not the college, not the government, not the late GPCG. > > Nor do the surveyors necessarily know any more about IT than the GPs > whose practices they are surveying. Which makes it all a bit of a joke > in my view. > > Greg -- Greg Twyford Information Management & Technology Program Officer Canterbury Division of General Practice E-mail: [EMAIL PROTECTED] Ph.: 02 9787 9033 Fax: 02 9787 9200 PRIVATE & CONFIDENTIAL *********************************************************************** The information contained in this e-mail and their attached files, including replies and forwarded copies, are confidential and intended solely for the addressee(s) and may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the intended recipient, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication or any action taken or omitted to be taken in reliance upon this message or its attachments is prohibited. All liability for viruses is excluded to the fullest extent permitted by law. *********************************************************************** _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
