Richard Doctors should ask if they don't know. Most if not all GP's has a PC at home (or their kids has one). Install your software at home & test backup-restore there. Otherwise employ an IT person that will do it for you.
Cedric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Hosking Sent: Tuesday, 27 March 2007 9:43 AM To: General Practice Computing Group Talk Subject: Re: [GPCG_TALK] backup! But the problem is - how to test a backup without touching the data on the server already? It is a potentailly dangerous process, particularly if only rarely done. This isue is not addressed because so few practices actually know they have a complete backup loop by testing it. Ideally you should have a redundant system - maybe this is what the standard should be? What about some sort of offsite service? This could provide backup services for many practices R Cedric Meyerowitz wrote: >Greg > >Surely if RACGP standards advice we do backups, by implication we >should check if backups work ? In all the years I have had computers, >the supplyers of my hardware, software (yes even 15 years ago) always >advised me to do regular backups. And to also check if backup actually >works. If RACGP standards say: "backups of electronic information are >performed at a frequency consistent with a documented information >disaster recovery plan", I would have thought that it implies to test >your backups - otherwise why do them ? "Disaster recovery plan" >implies one is able to recover data and the only way to recover data is >to have backups and see if they work. > >Cedric > > >----------------------------------------------------------------------- >----- >------------ >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >On Behalf Of Greg Twyford >Sent: Monday, 26 March 2007 5:00 PM >To: General Practice Computing Group Talk >Subject: Re: [GPCG_TALK] backup! > > >[EMAIL PROTECTED] wrote: > > >>It has to be part of the Disaster Recovery Plan - Criterion 4.2.2 D It >>doesnt seem to be whatever the accreditation companies decided, it is >>probably what has been added to RACGP 3rd Standards book after GPCG >>recommended it but it is definitely there. >> >>fee >> >> > >Fee, > >If you can't see it in print from the standards, then it doesn't exist! > >This is from the RACGP website to-day. > > > >>Indicators >> >> 1. Patient health information in our practice is neither stored nor >> >> >left visible in areas where members of the public have unrestricted >access, or where constant staff supervision is not easily provided >(interview, direct observation). > > >> 2. our facsimile machines, printers and other communication devices >> are >> >> >only accessible to authorised staff (direct observation). > > >> 3. our GP(s) and staff can describe how they ensure security of >> patient >> >> >health records (interview). > > >> 4. if our practice uses computers to store patient health >> information, >> >> >our practice ensures that: > > >> * our GP(s) and staff have personal passwords to authorise >> >> >appropriate levels of access to health information > > >> * screensavers or other automated privacy protection devices >> are >> >> >enabled > > >> * backups of electronic information are performed at a >> frequency >> >> >consistent with a documented information disaster recovery plan > > >> * backups of electronic information are stored in a secure >> >> >offsite environment > > >> * antivirus software is installed and updated >> * all internet connected computers have hardware/software >> >> >firewalls installed (document review). > > >> 5. if our practice uses computers to store personal health >>information, our practice has an information disaster recovery plan >>that has been developed, tested and is documented (document review). >> >> > >It does NOT specify what should be in the disaster plan. It advises GPs >to use the following resources, and it notes that these resources >contain 'suggestions for additional security procedures'. That's NOT the >same as a requirement. > >Again from the RACGP website to-day: > > > >>The RACGP Handbook for the management of health information in private >>medical practice (www.racgp.org.au), and the General Practice >>Computing Group's (GPCG) Computer security self assessment guide and >>checklist for general practitioners (www.gpcg.org) provide information >>and explanations on the safeguards and procedures that need to be >>followed by general practices in order to meet appropriate legal and >>ethical standards concerning privacy and security of patient health >>information. These documents also contain suggestions for additional >>security procedures. >> >> > >What happens when you let human beings loose to measure the performance >of other human beings is the problem. People change suggestions into >requirements. In the absence of any clear authority on the accreditation >bodies' part to 'improve' on the college's standards, I strongly suspect >that this has happened in the case of your survey and others. > >I prefer my keyboards to be black, so you'll have black ones too. >Everyone knows that black ones go faster. > >Sorry, not part of the standard, it shouldn't be happening like that. > >Greg > > > >>>-- Original Message -- >>>Date: Mon, 26 Mar 2007 15:18:22 +1000 >>>From: Greg Twyford <[EMAIL PROTECTED]> >>>To: General Practice Computing Group Talk <[email protected]> >>>Subject: Re: [GPCG_TALK] backup! >>>Reply-To: General Practice Computing Group Talk >>><[email protected]> >>> >>> >>>[EMAIL PROTECTED] wrote: >>> >>> >>>>>-- Original Message -- >>>>>Date: Mon, 26 Mar 2007 11:49:55 +1000 >>>>>From: Greg Twyford <[EMAIL PROTECTED]> >>>>>I'd suggest that you read 4.2.2 again. Test restores aren't >>>>>mentioned. >>>>> >>>>> >>>>> >>>>Try passing accreditation without being able to prove that test >>>>restores are being done! >>>> >>>>We passed 3rd Standards in Nov and it was definitely a question. Yes >>>>it >>>> >>>> >>>is >>> >>> >>>>a requirement, and staff ARE meant to understand how, when, where >>>>and >>>> >>>> >>how >> >> >>>>often this is done. It is meant to be documented and surveyors take >>>>this subject VERY seriously. >>>> >>>>fee >>>> >>>> >>>Fee, >>> >>>I don't doubt what you say, as it's exactly what the GP I referred to >>>experienced. However, all this tells me is that the accreditation >>>bodies >>> >>>themselves decide what is required. >>> >>>If they don't follow the College standards, what do they decide to >>>follow? And where do they get the right to pick and choose what they >>>include? >>> >>>Particularly if the surveyors have no particular IT knowledge. >>> >>>Moreover, how do practices know what they expect if it isn't in the >>>college's standards? Do the accreditation bodies send out their own >>>lists of requirements to practices beforehand? >>> >>>Greg >>>-- >>>Greg Twyford >>>Information Management & Technology Program Officer Canterbury >>>Division of General Practice >>>E-mail: [EMAIL PROTECTED] >>>Ph.: 02 9787 9033 >>>Fax: 02 9787 9200 >>> >>>PRIVATE & CONFIDENTIAL >>> >>>********************************************************************* >>>** >>>The information contained in this e-mail and their attached files, >>>including replies and forwarded copies, are confidential and intended >>>solely for the addressee(s) and may be legally privileged or prohibited >>> >>> >>>from disclosure and unauthorised use. If you are not the intended >> >> >>>recipient, any form of reproduction, dissemination, copying, >>>disclosure, modification, distribution and/or publication or any >>>action taken or omitted to be taken in reliance upon this message or >>>its attachments is prohibited. >>> >>>All liability for viruses is excluded to the fullest extent permitted >>>by law. >>>********************************************************************* >>>** >>>_______________________________________________ >>>Gpcg_talk mailing list >>>[email protected] >>>http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk >>> >>> >>_______________________________________________ >>Gpcg_talk mailing list >>[email protected] >>http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk >> >> >> >> > > > > _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
