DHS Gives The Latest Mandatory Policy on Medical Data Management in Australia for 2020

The medical data management system in Australia is not where it should be. According to Dr. Bernard Robertson-Dunn, who chairs the health committee of the Australian Privacy Foundation (APF), says that rather than focusing on improving patient health, or reducing the cost of healthcare, all the government is doing is putting patients data at risk.

According to the Notifiable Data Breaches Scheme (NBDS) report from April 2018 to March 2019, there has been a 712% percent increase in data breach notifications alone.

60 percent of those data breaches were recognized as malicious attacks with 28 percent off the attacks coming from unknown sources.

55 percent of the attacks and notifications were attributed to human error in the health sector and 41 percent in the financial sector.

Across all industries, 35 percent of those data breach notifications were set off by human error which can be attributed to the loss of a storage data device or the unintended disclosure of personal information. We wrote about more of these Cybersecurity Statistics here.

All in all, it’s safe to say that between the data storage systems and infrastructure as well as the medical community have failed their patients in terms of information privacy and the management of their security. That is why stronger rules have been put in place to patient’s worries on privacy at ease.

Mandatory DHS Rules, Requirements and Consequences

The Department of Health Services (DHS) plays the role of ensuring that health providers comply with the requirements of the Medicare Benefits Schedule (MBS) and other programs, including incentive payment programs.

To help maintain the privacy of patients’ personal information, the DHS has adopted new requirements for third-party software providers. It’s a part of their campaign for the Digital Transformation Agency’s (DTA) Secure Cloud Strategy. Under the Secure Cloud Strategy, the DHA requires that all applicable Australian software companies undergo a process of accreditation and compliance of their data management practices.

The new policy applies to any party using cloud-hosted services that connect with the DHS to provide services such as Medicare, PBS, NDIS, DVA, MyHealthRecord, Child Care, and Aged Care.

The accreditation process involves earning the Australian Signals Directorate Certified Cloud Services List (CCSL) certification and can maintain assurance that all data will remain within the Australian jurisdiction. Additionally, the policy encourages the physical separation of the infrastructure as well as limiting access to patients’ private data to those with Negative Vetting 1 (NV1) security clearance. 

Failure to comply with the DHS’s rules and policy under the Secure Cloud Strategy by the deadline on April can result in major consequences. Those consequences could mean fines, suspended licenses, and ultimately the loss of your practice.

Managing DHS Requirements and Running Your Practice

Under the DHS’s policy, all practices are required to utilize a DHA certified infrastructure to ensure the privacy of their patients. So, how do you manage that and still do work for your practice? —Managed Cloud Services, i.e., medical hosting.

What is Medical Cloud Hosting?

Medical cloud hosting is private hosting (or, more specifically, private cloud hosting). When we talk about cloud hosting, we’re referring to hundreds of individual servers that work together as one. With cloud hosting, there’s no need for an on-premise infrastructure that costs money, space, and time in maintenance. With cloud hosting, everything is managed and stored for you via a cloud service provider.

In general, you have the option of public and private cloud hosting. Of course, medical hosting is private, but for your information, here’s the difference:

Public cloud hosting involves a standard cloud computing framework consisting of files, storage, applications, and services that are available on a public network. (Think Gmail).

Private cloud hosting is comprised of the same things—only all of those things are protected by a corporate firewall controlled by the corporate IT department. (Think Microsoft Exchange, as it requires authorized users and a secure VPN connection).

In other words, private medical cloud hosting equals privacy and protection. If you’ll recall, the DHS policy applies to all third parties using cloud services that connect with the department to deliver services such as Medicare, PBS, DVA, NDIS, and so on. This could only mean that private hosting is viable.

It’s also a necessity considering the fact that it’s DHS Compliant, ISO Certified, and handled offsite via your service provider but remains within the Australian jurisdiction.

How much Should I budget for Cloud Hosting?

Cloud computing and data management within a compliant industry isn’t going to be cheap—but it will become cost-effective in the long run. Ultimately, your budget will come down to your industry and the data capacity that you need, managed services, private vs public cloud hosting, and so on.

Of course, sticking with your outdated, on premise hardware, you’re looking at heaps of unnecessary spending in system maintenance, upgrades, equipment—not to mention paying an IT team to take care of it all for you.

Is you current provider DHS compliant?

If you’re a medical practitioner responsible for running a practice and wondering where to turn for your medical cloud hosting, Greenlight ITC is here to help.

We have one of the few providers of DHA certified cloud infrastructure for medical hosting. We are your ultimate technology solutions partner. Our medical cloud hosting capabilities can make your staff more efficient, and ultimately, your businesses more profitable under its data management practices. Not to mention, we’ll keep you safe from phishing scams and serious data breaches so that your patients can rest easy knowing that their private information is safe while they’re getting the care they need.

Greenlight is also a Tier-1 Microsoft Azure Partner and 2017 Watchguard ANZ Partner of the Year.

If you want to know more about how much switching to private medical hosting is going to cost you and your practice, your best bet is to call Greenlight ITC at 02 8412 000 to get a custom quote today. You’ll get to speak directly with one of our IT experts (aka, Data Doctors) who will walk you through the entire process.