IT security & data privacy in aged care – Top 5 ways to protect from cyber crime

March 23, 2018 | Aged Care Management

Australian aged care facilities have access to extensive personal information about their residents and their families and staff. This information can put providers at increased risk of cyber crime. It is the aged care provider’s responsibility to protect this information, thus it is vital to develop effective safe data practices to prevent this information from falling into the wrong hands.

So what can you do to protect yourself, your organisation, and your residents and staff?

Luke Coe, our Director of Technology at Mirus Australia, recommends five strategies that aged care providers should consider when managing the data security and privacy of their residents.

1. Data sovereignty
Mr Coe stressed the importance of ensuring client data is stored on servers located on Australian soil. This ensures that personal information and Medicare data is not accessible offshore.

“Tech giant, Salesforce, moved all Australian-based client information and data from Singapore-based data centres to Australian based data centres to ensure data sovereignty,” he said.

2. User Access Policy
Develop and implement a User Access Policy for all IT systems. This means assigning appropriate usage levels to users to ensure that access to information is regulated and granted only to those who require it to perform their role. i.e.: Assigning “Administrator, User or Read Only” access to staff.

3. Password Protection Policy
Each facility should adhere to a rigorous Password Protection Policy. This means regularly changing user passwords and access to key IT systems. Mr Coe also highlighted the management of the staff off-boarding process.

“By this, we mean removing systems access for staff who leave the facility, whether it be a team member who has recently resigned or contract staff concluding their contract. This can be particularly important when dealing with agency staff, as widely used in the aged care industry,” he said.

4. Mobile Device Manager (MDM)
A Mobile Device Manager (MDM) is an app which allows you to track, control and restrict potential data breaches. An MDM allows you to manage mobile devices that have access to business or resident information via the cloud. This is particularly relevant when staff members use mobile devices such as PCs, smart phones or tablets.

“The MDM allows “remote wipe”, “remote disable” or “remote delete” where appropriate,” Mr Coe said.

“This is particularly relevant should a staff member leave an iPhone on a bus, or if their PC is stolen from their car. An MDM effectively stops a third party from accessing important information such as email, personal or client information that may be kept on the device.”

5. Engage an expert
Aged care providers can engage a security expert or organisation to conduct an IT and data security audit. This includes checking all IT systems, practices and procedures used by the facility to ensure best practice. From the audit, the security expert can highlight potential risk areas and ways to mitigate these risks.

Partnering with Mirus Australia
Ensuring data security is managed correctly is vital for the success of a residential aged care home, as well as the financial safety and wellbeing of residents at these facilities and their families.

Mirus Australia follows best practice policy and procedures and partners with best of breed suppliers who maintain the same rigorous approach to IT security and data privacy.


You may also be interested in:

IT security & data privacy in aged care – What you need to know about the Notifiable Data Breaches Scheme.