At Nookal we are often asked about the security of our practice management system over the cloud. I guess it's because we are a completely cloud-based system, as compared to alternative server-based systems, purchasing a system that stores data on a local computer, within the confounds of a clinic.
I think it's great that our potential clients are asking about security and I wish more practitioners would focus on this. In many countries around the world, clinicians are the one held accountable for the security of their clinical notes and client information, they just don’t always realise it.
Many people believe that cloud-based computing is less secure than storing your information on your computer locally. So the purpose of this article is to bring your attention to some aspects of information security and the responsibility you have if you choose to store it locally.
When discussing cloud-based security I am referring to –
- Confidentiality: ensuring only authorised staff members have appropriate access and can only view aspects of the program according to their access level.
- Loss of Data: guaranteeing that no information or data will be lost in the event of unexpected circumstances (ie. fire, burglary, computer crashing etc.).
Is your current system cloud-based?
If you are currently using cloud-based software, that’s great but consider the following -
- Does your current provider have substantial security around the information?
- Does the system have three fields/level of requirements to login the system (for example at Nookal we run 3 MySQL servers all in different locations, and data is constantly replicated between these machines so that they all have an up to date copy of the current data. As well as that, we back up each client database up to 14 times per day (hourly during business hours). These backups are also then copied to two other different secure locations)
- Are the passwords secured?
If you are in doubt or not sure of the answer to the above questions, consider asking yourself “Am I choosing the most appropriate system for my practice?”
Are you currently storing your client information locally?
Commonly clinics in the past have installed a windows or Microsoft software application locally on their computers/servers to retain client information. This could also refer to paper files in a filing cabinet (your server/database).
So have you ever considered by doing this there are a number of variables/factors to consider that are your responsibility when storing the information locally? These are -
1. Anti-virus software
- Do you maintain the security of your servers/computer anti-virus system?
- Do you undertake virus scans on a regular basis?
- Is the virus software up to date?
- Is every computer in the network covered?
- Does it protect your email system?
2. Operating system
- Is the operating system you are currently using stable (e.g. windows, Lion/Mac osx etc)? Are your aware of its weaknesses?
- Is there a firewall for your server?
- Do you back-up the data on a regular basis?
- Are they stored off site? Is that site secure?
- Do you test the back-up – is the information on them recoverable?
5. Remote access – Do you access your clinic database remotely?
- Is the connection secure?
- Is it over a Virtual Private Network (VPN)?
6. Is your clinic secure?
- Do you have an alarm system?
- What steps have you put in place to prevent your computers from being stolen? If they are stolen would you be able to practice the next day? (With a cloud system you could purchase a new computer and plug into the internet and be up and running within minutes).
7. Is your Practice management software up to date?
- Have you installed the latest version of your practice management software with security features?
- Do you have to do this manually every time?
- Do you have to pay for this upgrade?
- Is it a hassle to undertake – does an IT nerd have to login remotely and do this for you? (With cloud (e.g. Nookal) all this is done for you).
So there are probably a few things going through your mind right now that you might not have considered?
Did you answer “no” to any of the above questions? Then I would recommend getting in touch with your IT professional and finding out the status of your current software environment.
As you can see with a completely cloud-based system, they should take care of many of the hassles for you to allow you to focus on managing your clients care.
So ask yourself – Are you an IT security expert?
I’m not sure about you but I am not security expert (I’m actually a physiotherapist). SO if IT security is not your field why would you want to take on the responsibility (and legal obligations) of securing your data. Please don’t misunderstand me, it can be done (i.e. securing your data locally), I’m just not 100% convinced that every healthcare practitioner in Australia is currently meeting their obligations to secure the data.
If this is the case then why not leave it to the experts who spend copious amounts of time backing-up and securing the data on not only a daily basis but hourly.
Ask yourself why waste your time, when you could be treating a client and consider the amount of money required to secure your database even half as much as Nookal?
Ask yourself are you doing everything possible to secure your local data that contains your clients information. As stated above a sophisticated and secure cloud-based practice management system (like Nookal) is, in many facets, more secure that a locally based system.
Please ensure that you do your due diligence and ask the appropriate questions of your software provider to ensure that your software system is secure.
Nookal is a provider of Practice Management Software for the allied health industry. They offer practice management solutions to help health clinics streamline their administration systems, effectively manage their business and improve efficiency and productivity.