Available at: is data backup? Well, the simple answer is this – data backup is the process of making copies of your data and storing those copies in a separate location to the originals. For more information see the Office of the Australian Information Commissioner. APP8 – Cross-border Disclosure of Personal Information.
Available at: /publications/protect/cloud-security-tenants.htm
Department of Defence, Australian Signals Directorate. Available at: /news//hackers-target-gold-coast-medical-centre/4418676 Russian Hackers Hold Gold Coast Doctors to Ransom. More information available on the website of the Office of the Australian Information Commissioner: /agencies-and-organisations/app-guidelines/chapter-11-app-11-security-of-personal-information APP11 – Security of Personal Information. Available at: /news//your-health-information-is-neither-safe-nor-secure/8005338 Your Health Information is Neither Safe Nor Secure. Royal Australian College of General PractitionersĬomputer and Information Security Standards: References Guide to Information Security: /privacy/privacy-resources/privacy-guides/guide-to-information-security Office of the Australian Information Commissioner Useful information on information security Seek further information and legal advice before embarking on any of these options. get consent from patients to disclose their information to the cloud service provider. enter into a contract with the cloud service provider requiring them not to breach the APPs. If you believe the country where the servers are located has similar privacy laws to Australia, you should obtain documentation such as independent legal advice to support this. Australian privacy law requires that before personal information is disclosed overseas, a practice must take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles. Some well-known cloud services have servers located overseas. The location of servers is a vital consideration in choosing a cloud service provider – servers in Australia are recommended. 
Your contract with a cloud provider must address mitigations to security risks, persons who can access your data, and the security measures used to protect your data.
contractually retaining legal ownership of your data. having adequate bandwidth for reliable network connectivity. encrypted backup stored off-line or with another cloud provider. annually testing an incident response plan. using a cloud service with particular accreditation (some providers may abide by the international standard for cloud privacy – ISO27018). External assistance is recommended.Ī useful document is the Defence Department’s Cloud Computing Security for Tenants 4 which aims to help a cloud user’s cyber security team, cloud architects and business representatives to work together to perform a risk assessment and use cloud services securely. The fast pace of cloud development and the technical nature of data security may be daunting for doctors without extensive IT knowledge. 
In a well-publicised case in 2012, Russian hackers demanded a ransom after encrypting and disabling a Gold Coast GP clinic’s medical records. A cloud-based system may offer better security than a self-hosted system in a practice without security processes or qualified maintenance staff. 2Įach practice’s circumstances must be taken into account. Under Australian privacy law, a practice must take reasonable steps to protect personal information it holds from misuse, interference or loss and from unauthorised access, modification or disclosure. Loss of security of your medical records could breach privacy law, harm patients, damage your practice’s reputation, or affect the practice’s ability to function. They are also extremely vulnerable to theft, because the information they contain has “street value” – it could be used for identity theft, to falsify drug prescriptions, claim false health benefit payments, and even enable stalking. Medical records contain data that is sensitive and subject to strict legal requirements. Security is the big risk of handing over control of your data to an external vendor. Benefits for businesses can include cost savings, access by multiple users, and data compatibility across different machines and browsers. You must have connection to the internet to access the stored information. The data files are stored on a server owned by a cloud service provider such as Google Drive or Dropbox.
0 kommentar(er)
