[EMAIL PROTECTED] wrote:
It has to be part of the Disaster Recovery Plan - Criterion 4.2.2 D
It doesnt seem to be whatever the accreditation companies decided, it is
probably what has been added to RACGP 3rd Standards book after GPCG recommended
it but it is definitely there.
fee
Fee,
If you can't see it in print from the standards, then it doesn't exist!
This is from the RACGP website to-day.
Indicators
1. Patient health information in our practice is neither stored nor left
visible in areas where members of the public have unrestricted access, or where
constant staff supervision is not easily provided (interview, direct
observation).
2. our facsimile machines, printers and other communication devices are only
accessible to authorised staff (direct observation).
3. our GP(s) and staff can describe how they ensure security of patient
health records (interview).
4. if our practice uses computers to store patient health information, our
practice ensures that:
* our GP(s) and staff have personal passwords to authorise
appropriate levels of access to health information
* screensavers or other automated privacy protection devices are
enabled
* backups of electronic information are performed at a frequency
consistent with a documented information disaster recovery plan
* backups of electronic information are stored in a secure offsite
environment
* antivirus software is installed and updated
* all internet connected computers have hardware/software firewalls
installed (document review).
5. if our practice uses computers to store personal health information, our
practice has an information disaster recovery plan that has been developed,
tested and is documented (document review).
It does NOT specify what should be in the disaster plan. It advises GPs
to use the following resources, and it notes that these resources
contain 'suggestions for additional security procedures'. That's NOT the
same as a requirement.
Again from the RACGP website to-day:
The RACGP Handbook for the management of health information in private medical
practice (www.racgp.org.au), and the General Practice Computing Group's (GPCG)
Computer security self assessment guide and checklist for general practitioners
(www.gpcg.org) provide information and explanations on the safeguards and
procedures that need to be followed by general practices in order to meet
appropriate legal and ethical standards concerning privacy and security of
patient health information. These documents also contain suggestions for
additional security procedures.
What happens when you let human beings loose to measure the performance
of other human beings is the problem. People change suggestions into
requirements. In the absence of any clear authority on the accreditation
bodies' part to 'improve' on the college's standards, I strongly suspect
that this has happened in the case of your survey and others.
I prefer my keyboards to be black, so you'll have black ones too.
Everyone knows that black ones go faster.
Sorry, not part of the standard, it shouldn't be happening like that.
Greg
-- Original Message --
Date: Mon, 26 Mar 2007 15:18:22 +1000
From: Greg Twyford <[EMAIL PROTECTED]>
To: General Practice Computing Group Talk <[email protected]>
Subject: Re: [GPCG_TALK] backup!
Reply-To: General Practice Computing Group Talk <[email protected]>
[EMAIL PROTECTED] wrote:
-- Original Message --
Date: Mon, 26 Mar 2007 11:49:55 +1000
From: Greg Twyford <[EMAIL PROTECTED]>
I'd suggest that you read 4.2.2 again. Test restores aren't mentioned.
Try passing accreditation without being able to prove that test restores
are being done!
We passed 3rd Standards in Nov and it was definitely a question. Yes it
is
a requirement, and staff ARE meant to understand how, when, where and
how
often this is done. It is meant to be documented and surveyors take this
subject VERY seriously.
fee
Fee,
I don't doubt what you say, as it's exactly what the GP I referred to
experienced. However, all this tells me is that the accreditation bodies
themselves decide what is required.
If they don't follow the College standards, what do they decide to
follow? And where do they get the right to pick and choose what they
include?
Particularly if the surveyors have no particular IT knowledge.
Moreover, how do practices know what they expect if it isn't in the
college's standards? Do the accreditation bodies send out their own
lists of requirements to practices beforehand?
Greg
--
Greg Twyford
Information Management & Technology Program Officer
Canterbury Division of General Practice
E-mail: [EMAIL PROTECTED]
Ph.: 02 9787 9033
Fax: 02 9787 9200
PRIVATE & CONFIDENTIAL
***********************************************************************
The information contained in this e-mail and their attached files,
including replies and forwarded copies, are confidential and intended
solely for the addressee(s) and may be legally privileged or prohibited
from disclosure and unauthorised use. If you are not the intended
recipient, any form of reproduction, dissemination, copying, disclosure,
modification, distribution and/or publication or any action taken or
omitted to be taken in reliance upon this message or its attachments is
prohibited.
All liability for viruses is excluded to the fullest extent permitted by
law.
***********************************************************************
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
--
Greg Twyford
Information Management & Technology Program Officer
Canterbury Division of General Practice
E-mail: [EMAIL PROTECTED]
Ph.: 02 9787 9033
Fax: 02 9787 9200
PRIVATE & CONFIDENTIAL
***********************************************************************
The information contained in this e-mail and their attached files,
including replies and forwarded copies, are confidential and intended
solely for the addressee(s) and may be legally privileged or prohibited
from disclosure and unauthorised use. If you are not the intended
recipient, any form of reproduction, dissemination, copying, disclosure,
modification, distribution and/or publication or any action taken or
omitted to be taken in reliance upon this message or its attachments is
prohibited.
All liability for viruses is excluded to the fullest extent permitted by
law.
***********************************************************************
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
