Peter Schattner wrote:
Greg
I agree that the guidelines should be updated in view of the experience of
many, plus the relatively recent inclusion of IT in practice accreditation.
The issue of surveyors being competent to judge IT is one that has concerned
the RACGP.
In part, this is a legacy of the government removing funding from various
components of GP computing. Maybe the RHIMOs can do a bit, but really, not
all that much in this area.
Peter
Peter,
Sadly, this is the same problem, lack of money and will.
I'm glad the college is concerned about the surveyor situation, but it
is only part of the whole practice IT security story.
I'm not sure AGPN recognises the problems, however.
Maybe we should review the situation again after October?
Greg
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Greg Twyford
Sent: Monday, 26 March 2007 11:41 AM
To: General Practice Computing Group Talk
Subject: Re: [GPCG_TALK] backup!
Peter Schattner wrote:
Greg
The GPCG security guidelines do say that when GPs are not sure, they
should
get professional IT advice. This is specifically referred to in the
section
on practices having IT 'coordinators', i.e. a person who rings for
technician help.
Do GPs know when they are not sure? Well, do they know if they should be
managing a patient who might possibly have appendicitis? Do they have the
insight to know when to refer to a surgeon? It's the same thing. We have
to
rely on people knowing their limitations. Most GPs should know that their
knowledge of IT is VERY limited, and all practices should have
professional
IT support.
Peter
Peter,
Unfortunately the message wasn't stated very strongly at all, and in a
great many cases it hasn't gotten through. This issue is discussed among
Division IM&T staff and technical support guys as a matter of routine. A
bit like the Help Desk horror stories one sees in the media at times.
Very few GPs I know have read the GPCG security manual, a few more have
read relevant bits of the college standards, which says very little
about skills or training.
In the GPCG manual, training of the co-ordinator is recommended, but
without any detail or clarification of what that means or where staff
would get it. IT degree, tech. course, 10 minutes with the Division IM&T
person or the tech. support guy, if they have one? No courses focussed
specifically on practice IT management and security exist to my
knowledge at TAFE or other levels.
In many practices GPs haven't got either the skills or time to do this
stuff properly, they are reluctant to pay for it and may not have staff
who they could reasonably expect to upskill on this stuff. Professional
support is kept to the bare minimum because it costs them money.
What the standard lacks is a set of examples about how you might do
things. One example should be something like: 'Limited in house IT
knowledge or experience - Contract or employ qualified person to manage
ongoing practice security - guidelines in appendix A'. A bit like TG I
suppose.
Many of us in NSW took Richard Smith to task about this at a conference
in late 2004, and if you remember I sent you an e-mail along the same
lines. Nearly three years later lots of practices haven't still got the
skills they need and it needs another effort.
The argument might be that this will be an imposte on practices,
Medicare, etc., but if the situation of IM security and privacy is to be
taken seriously, which it must in the long-run as practices have little
choice but to adopt it increasingly, then the house will fall down.
Greg
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Greg Twyford
Sent: Monday, 26 March 2007 10:42 AM
To: General Practice Computing Group Talk
Subject: Re: [GPCG_TALK] backup!
Horst Herb wrote:
http://www.smh.com.au/articles/2007/03/22/1174153207365.html
Horst
Horst,
This is the register's version of events. Much less flattering.
http://www.theregister.co.uk/2007/03/21/alaskan_billion_dollar_wipe/
I had a GP in distress after her accreditation survey over being taken
to task over not having test backups mentioned in her security manual.
Fine, except they aren't in the RACGP standards, so what is the basis
for the surveyor's view?
Yes I've had GPs overwriting new data with old, trying to do the right
thing. The real problem is that the GPCG security guidelines, on which
the college's standards are based, didn't say 'And if you don't have
training in IT, pay for someone who does to do these critical tasks'.
As a result we have lots of practices where GPs try to do things they
know nothing about and corrupt data, break servers, etc. No one wants to
frighten the horses, not the college, not the government, not the late
GPCG.
Nor do the surveyors necessarily know any more about IT than the GPs
whose practices they are surveying. Which makes it all a bit of a joke
in my view.
Greg
--
Greg Twyford
Information Management & Technology Program Officer
Canterbury Division of General Practice
E-mail: [EMAIL PROTECTED]
Ph.: 02 9787 9033
Fax: 02 9787 9200
PRIVATE & CONFIDENTIAL
***********************************************************************
The information contained in this e-mail and their attached files,
including replies and forwarded copies, are confidential and intended
solely for the addressee(s) and may be legally privileged or prohibited
from disclosure and unauthorised use. If you are not the intended
recipient, any form of reproduction, dissemination, copying, disclosure,
modification, distribution and/or publication or any action taken or
omitted to be taken in reliance upon this message or its attachments is
prohibited.
All liability for viruses is excluded to the fullest extent permitted by
law.
***********************************************************************
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
