Is Healthcare Compliance Enough?
March 1, 2021
The medical data management system in Australia is not where it should be. According to Dr. Bernard Robertson-Dunn, who chairs the health committee of the Australian Privacy Foundation (APF), says that rather than focusing on improving patient health, or reducing the cost of healthcare, all the government is doing is putting patients data at risk.
Accordingto the Notifiable Data Breaches Scheme (NBDS) report from April 2018 to March2019, there has been a 712% percent increase in data breach notificationsalone.
60percent of those data breaches were recognized as malicious attacks with 28percent off the attacks coming from unknown sources.
55percent of the attacks and notifications were attributed to human error in thehealth sector and 41 percent in the financial sector.
Across all industries, 35 percent of those data breach notifications were set off by human error which can be attributed to the loss of a storage data device or the unintended disclosure of personal information. We wrote about more of these Cybersecurity Statistics here.
All in all, it’s safe to say that between the data storage systems and infrastructure as well as the medical community have failed their patients in terms of information privacy and the management of their security. That is why stronger rules have been put in place to patient’s worries on privacy at ease.
TheDepartment of Health Services (DHS) plays the role of ensuring that healthproviders comply with the requirements of the Medicare Benefits Schedule (MBS)and other programs, including incentive payment programs.
To help maintain the privacy of patients’ personal information, the DHS has adopted new requirements for third-party software providers. It’s a part of their campaign for the Digital Transformation Agency’s (DTA) Secure Cloud Strategy. Under the Secure Cloud Strategy, the DHA requires that all applicable Australian software companies undergo a process of accreditation and compliance of their data management practices.
Thenew policy applies to any party using cloud-hosted services that connect withthe DHS to provide services such as Medicare, PBS, NDIS, DVA, MyHealthRecord,Child Care, and Aged Care.
Theaccreditation process involves earning the Australian Signals DirectorateCertified Cloud Services List (CCSL) certification and can maintain assurancethat all data will remain within the Australian jurisdiction. Additionally, thepolicy encourages the physical separation of the infrastructure as well aslimiting access to patients’ private data to those with Negative Vetting 1(NV1) security clearance.
Failureto comply with the DHS’s rules and policy under the Secure Cloud Strategy bythe deadline on April can result in major consequences. Those consequencescould mean fines, suspended licenses, and ultimately the loss of your practice.
Underthe DHS’s policy, all practices are required to utilize a DHA certifiedinfrastructure to ensure the privacy of their patients. So, how do you managethat and still do work for your practice? —Managed Cloud Services, i.e.,medical hosting.
Medical cloud hosting is private hosting (or, more specifically, private cloud hosting). When we talk about cloud hosting, we’re referring to hundreds of individual servers that work together as one. With cloud hosting, there’s no need for an on-premise infrastructure that costs money, space, and time in maintenance. With cloud hosting, everything is managed and stored for you via a cloud service provider.
Ingeneral, you have the option of public and private cloud hosting. Of course,medical hosting is private, but for your information, here’s the difference:
Public cloud hosting involves a standard cloudcomputing framework consisting of files, storage, applications, and servicesthat are available on a public network. (Think Gmail).
Private cloud hosting is comprised of the samethings—only all of those things are protected by a corporate firewallcontrolled by the corporate IT department. (Think Microsoft Exchange, as itrequires authorized users and a secure VPN connection).
Inother words, private medical cloud hosting equals privacy and protection. Ifyou’ll recall, the DHS policy applies to all third partiesusing cloud services that connect with the department to deliver services suchas Medicare, PBS, DVA, NDIS, and so on. This could only mean that privatehosting is viable.
It’s also a necessity considering the factthat it’s DHS Compliant, ISOCertified, and handled offsite via your service provider but remains within theAustralian jurisdiction.
Cloudcomputing and data management within a compliant industry isn’t going to becheap—but it will become cost-effective in the long run. Ultimately, yourbudget will come down to your industry and the data capacity that you need,managed services, private vs public cloud hosting, and so on.
Ofcourse, sticking with your outdated, on premise hardware, you’re looking atheaps of unnecessary spending in system maintenance, upgrades, equipment—not tomention paying an IT team to take care of it all for you.
If you’re a medical practitioner responsible for running a practice and wondering where to turn for your medical cloud hosting, Greenlight ITC is here to help.
We have one of the few providers of DHA certified cloud infrastructure for medical hosting. We are your ultimate technology solutions partner. Our medical cloud hosting capabilities can make your staff more efficient, and ultimately, your businesses more profitable under its data management practices. Not to mention, we'll keep you safe from phishing scams and serious data breaches so that your patients can rest easy knowing that their private information is safe while they’re getting the care they need.
Greenlight is also a Tier-1 Microsoft Azure Partnerand 2017 Watchguard ANZ Partner of the Year.
If you want to know more about how much switching to private medical hosting is going to cost you and your practice, your best bet is to call Greenlight ITC at 02 8412 000 to get a custom quote today. You’ll get to speak directly with one of our IT experts (aka, Data Doctors) who will walk you through the entire process.
