Information Management

General Practice Computing Group Resources

The GPCG has developed these Security Guidelines for use in General Practice, including a simple Computer Security Check-list for implementation. The guidelines will assist practices in maintaining the security and privacy of electronic patient and practice records which is critical for both health record systems and the operation of a general practice. Free and dowmloadable resources on www.gpcg.org.au include:

Practice Incentive Payments IT & IM

Changes to the PIP IM/IT Incentive in November 2006.

http://www.medicareaustralia.gov.au/providers/incentives_allowances/pip/new_incentives/im_it.htm

The new arrangements apply from November 2006 and aim to encourage practices to implement more secure IT practice systems and electronic patient health records to facilitate efficient and widespread information transfer and storage. Accurate and complete medical documentation is essential for supporting good clinical care and ensuring good communication between health providers, allowing them to respond quickly to patient needs to benefit both consumers and providers.

The PIP is designed to encourage change that supports quality care, and reward general practices which are implementing such strategies. The revised PIP IM/IT arrangements, developed and agreed in close consultation with the general practice profession, aim to encourage and reward general practices to take the next step towards enhanced use of electronic patient records.

To enable practices to organise their systems to meet the new requirements, the changes will not be implemented until November 2006. In the meantime, eligible practices will continue to receive IM/IT incentive payments under the existing arrangements.

From November 2006, there will be two levels of activity recognised under the PIP IM/IT Incentive, Basic and Enhanced.

Tier 1 - Basic
The practice maintains electronic patient records, which include clinical data on allergies/sensitivities for the majority of active patients. In addition, the practice implements appropriate information security measures (e.g. virus protection, firewall, backup and recovery, access control and practice procedures/processes to support/maintain appropriate information security). The practice also uses appropriate security (e.g. encryption systems) when patient information and/or clinical data are transferred electronically.
Tier 2 - Enhanced
The practice qualifies for Tier 1 and uses electronic patient records to record and store clinical information on patients, including current and past major diagnoses and current medications for the majority of active patients.
Payments
Payments will be made to PIP practices on a quarterly basis with other PIP practice payments. Practices which do not meet either of these tiers will not receive PIP IM/IT payments from November 2006. Payments for the new IM/IT tiers will be:
- Tier 1: $4 per SWPE per annum
- Tier 2: $3 per SWPE per annum
Further information and resources go to The Australian Government Department of Health and Ageing website on http://www.medicareaustralia.gov.au/providers/incentives_allowances/pip/new_incentives/im_it.htm

Broadband for Health Initiative

Broadband can support activities such as: clinical messaging; Online claiming; online banking; clinical decision support; e-ordering/requests; secure email; HealthConnect electronic health records; online knowledge bases and secure online government transactions.

Funded by the Australian Government Depratment of Health and Ageing the Broadband for Health Programme including information on current providers, incentive levels and services:

Contact:

For technical, provider and policy advice: broadband@health.gov.au
For UIN, RRMA, eligibility and payment advice: bfhp@hic.gov.au
Phone: 1800 818 111

Postal Address:
Health Insurance Commission
Broadband for Health Programme
PO Box 1001
Tuggeranong DC ACT 2901

For further support or assistance contact:
NSW - Alberto Tinazzi:
email : albertotinazzi@answd.com.au
Phone: 02 92392900

Free Resource for Practices - Information Security Management-Implementation Guide for the Health Sector

Free to download from the Standard Australia's website. This guideline provides health service providers with specific best-practice strategies to secure health related information. To download the guideline visit http://www.standards.com.au/catalogue/script/search.asp and type HB 174-2003 in the search box. In order to download the guideline you will have to register and go through an online purchasing process but you will not be asked to pay anything or to provide any credit card information. The guideline is a very comprehensive document including information on:

risk analysis and business continuity
worked examples of security situations
example of a confidentiality agreement
checklist for outsourcing contracts, secure disposal methods,need for PKI etc.

NEW Privacy Regulations

From 1st September 2004, NSW Health Records and Information Privacy Act 2002 commenced. If your practice is already complying with the existing privacy laws the NSW Health Records and Information Act (HRIP) should not impose any significant additional obligations. However the HRIP Act does provide more detailed rules on the way your practice must handle health information, as from 1st September 2004.

It is a requirement that patients are informed that the practice complies with both the NSW Health Records Information Privacy Act (HRIP) and the National Health Privacy Principles Act (HPPs).

For more information on the HRIP Act go to website:
http://www.lawlink.nsw.gov.au/lawlink/privacynsw/ll_pnsw.nsf/pages/PNSW_03_hripact#1
A downloadable handbook is available at this website. http://www.lawlink.nsw.gov.au/lawlink/privacynsw/ll_pnsw.nsf/pages/PNSW_03_hriphdbkind
For more information regarding National Health Privacy Principles, go to:
http://www.privacy.gov.au/publications/npps01.html#j

Access the latest news on privacy from the Privacy Commissioner's website

The Division has a Privacy Information Kit developed by Central Sydney Division, which is available, if you would like a kit sent to your practice contact Dawn McBlain at the Division on (02) 9525 4011 or email info@shiregps.org.au

Is your Data Secure?

Data security has never been more of a concern until these past few years, with the increase of computerised practices, virus attacks, hackers and spy wear. Practices should make sure that the practice has adequate computer security.

A Firewall installed on computers that access the internet, do regular back ups of data and taken off site, have a disaster recovery plan, that is if your computer crashes or you have a power failure; have anti-virus protection software and keep it regularly updated. This means to visit the anti-virus website and check and install new updates, mostly this can be programmed to happen automatically but you would be surprised how often this is not done. Manufacturers of anti virus software will develop additional patches to be downloaded whenever there is a major global virus attack. Virus attacks can occur through email, spam and accessing the Internet.

Do not open an attachment from someone you do not know or starts with Hi, Important, I Love, etc. Delete it from your system or run your anti-virus software. Our advice is to have one designated practice staff to be the IM/IT person to do the regular housekeeping chores on the computer and have the services of an IT technician. For more information on security guidelines and checklist go to www.gpcg.org

PKI or Public Key Infrastructure

PKI is a secure method of transmitting business information over the Internet and is an enabler for an increasing number of health-related applications. Health eSignature Authority (HeSA) acts as a Registration Authority for the provision of digital keys and certificates within the Australian healthcare sector.

PKI Website Links:

PKI Contact Numbers:

PKI Customer Service Centre: 1300 660 035
TTY: 1800 552 152 (hearing impaired)
Translating and Interpretation Service: 131 450