I have to agree with Greg, the surveyors step over the mark time and time again and the test restore is just one example. Some might remember my earlier comments on this list about similar episodes where surveyors have asked some of my clients to prove they had done ludicrous tasks as part of their accreditation. So common is this that now when my clients ring with the latest incredible request from a surveyors I simply ask them to ask the surveyors for their request in writing with copies of the relevant part of the standard and then I will help them comply. Funny how the fax never comes through isn't it. (please note; I personally know a surveyor here on the G.Coast and have nothing against them in general)
In regards to offsite backups, very brave Peter backing up to your office. What if you get broken into ? And that break-in leads to clients details being published in the Australian ? Does your business have insurance to cover that ? In regards to a spare PC in the surgery, are you joking ? First they will not believe it is required for test restores. Then if you do convince them to buy it, six months later they will insist using it to expand the reception desk. Andrew.C -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Twyford Sent: Tuesday, 27 March 2007 9:41 AM To: General Practice Computing Group Talk Subject: Re: [GPCG_TALK] backup! Cedric Meyerowitz wrote: > Greg > > Surely if RACGP standards advice we do backups, by implication we > should check if backups work ? In all the years I have had computers, > the supplyers of my hardware, software (yes even 15 years ago) always > advised me to do regular backups. And to also check if backup > actually works. If RACGP standards say: "backups of electronic > information are performed at a frequency consistent with a documented > information disaster recovery plan", I would have thought that it > implies to test your backups - otherwise why do them ? "Disaster > recovery plan" implies one is able to recover data and the only way to recover data is to have backups and see if they work. > > Cedric Cedric, Yes, test backups are good practice and if done by competent people are an important part of data security. But they are also dangerous if done by people who don't have the necessary knowledge and skills, which is unfortunately, a great many GPs, in my experience. I've also heard people at seminars advocating test backups to GPs, when it is clear that the advocate does not understand the potential risks if done on a practice's server. I've also seen GPs overwrite their current data, so its a real problem. But that is not the point of the thread. The first is requiring evidence of test backups as part of the accreditation process, when they aren't in the standard, thereby overreaching the authority as a surveyor, is one point I'm hoping to get clarified. If they have the authority, I haven't seen its source, but would like to. If its a recommendation that's fine, but it's not what I'm hearing. The second is ensuring that practices understand that if they don't have the skills to do these things, they must acquire them by appropriate training or by contracting practice security out. What flows is the need to strengthen that message to practices and to stop the less IT-skilled GPs from either suffering a data loss disaster or being needlessly distressed by accreditation surveyors, because the GP has followed what's in the college standard, which the surveyors seem to be exceeding, on whatever grounds. Unfortunately I've also heard several stories in the last few months of the latter occurring. And it further frustrates me that the surveyors probably know little more about the issues than the GPs concerned, in many cases. Greg -- Greg Twyford Information Management & Technology Program Officer Canterbury Division of General Practice E-mail: [EMAIL PROTECTED] Ph.: 02 9787 9033 Fax: 02 9787 9200 PRIVATE & CONFIDENTIAL *********************************************************************** The information contained in this e-mail and their attached files, including replies and forwarded copies, are confidential and intended solely for the addressee(s) and may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the intended recipient, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication or any action taken or omitted to be taken in reliance upon this message or its attachments is prohibited. All liability for viruses is excluded to the fullest extent permitted by law. *********************************************************************** _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
