Medical Centre Health Check
A qualified Logical.IT technician will visit your site to complete the security check.
The 16 steps we cover in our security check
- CHECK all computers with access to health information are running operating systems that are currently supported with security patches.
- CHECK you use a paid third party IT specialist to undertake or have oversight of your IT. Note that people providing this service unpaid, e.g. friends or family don’t meet this requirement.
- CHECK your practice policies cover acceptable use of information and systems by staff.
- CHECK you take at least daily backups of your system.
- CHECK you store backups securely off-site either through a paid online system or through a professional off-site archiving company? Note that staff taking backups home doesn’t count and free online storage e.g. Dropbox doesn’t count.
- CHECK if you have ever tested your backup restoration process.
- CHECK your staff have access to only the information that they need and no more within the PMS (e.g. Reception staff can’t access clinical notes in the PMS).
- CHECK your PMS server is secured against theft.
- CHECK your staff always send patient information using secure means? Note that sending by plain email is almost never secure.
- CHECK your server has critical security updates and patches applied at least every month.
- CHECK all your computers and PMS system (Medtech/MyPractice) require a complex password (e.g. Uppercase and lowercase Letters and a at least one Number) to login.
- CHECK all computers ‘lock’ after no more than 15 minutes of inactivity
- CHECK all computers in your practice have anti-virus software installed, running and updated regularly.
- CHECK your practice has a documented plan for disaster recovery and business continuity that addresses patient health information and the ongoing operation of the practice if your information systems are unavailable for an extended period.
- REVIEW what IT and communications services your practices currently using, and provide comparative industry rates.
- INVESTIGATE if there are new IT and communications services that your practice could be utilising, for example cloud PMS.
The security checklist is based on the Patient First ICT Security checklist (http://www.patientsfirst.org.nz/services-products/general-practice-ict-security-checklist), so can be used towards the privacy and security indicators in foundation and cornerstone accreditation programs.
Terms and conditions apply.