Perioperative Nursing Australia

Cloud based patient information safety issues and how to prevent them.

[fa icon="calendar"] 14-Oct-2015 06:00:00 / by Dion Purnell

Co- written by Dion Purnell with Michael Stanton. 

medical_cloud.jpgSetting up, running and maintaining in house servers that support your patient administration systems is not only costly, it’s inherently risky.

Besides the cost of the hardware and software licenses, you will also need technical support which can be a significant business overhead. One risk associated with office based servers, is potential interruption to business when systems go down. There is however another potentially devastating risk. Loss of patient and business data. 

This post takes a look at what you need to know before moving to a cloud based system.

One of the fundamental benefits of having your medical clinic's data and applications hosted in the cloud is the mitigation of the risks and unexpected costs associated with hosting an in-premise (in house) network and software systems.

Behind the scenes, cloud based hosting providers face exactly the same challenges with their server systems and data storage. They are however better placed as they can pool together the needs of many businesses and provide secure, robust system.

When your office based server goes down, the interruption to your business is instant and can be crippling. Cloud providers on the other hand, have back up servers in place so that if one goes down another one takes over instantly. Most providers offer a 99.99% up time guarantee and you don’t have to worry about scheduling backups and taking them offsite. It’s all done for you.

Once your data is in the cloud, all you really need to maintain is a desktop PC with an internet browser and an internet connection.

Sounds fantastic, so what's the catch? 

Privacy and consumer law

Well, something we haven’t considered yet is patient privacy.

Because we are talking about hosting patient data, health providers still need to comply with Australian Privacy laws (The Privacy Act), Australian consumer law and the data retention requirements for medical records.

Regardless of where your provider is physically hosting your data (locally or overseas), you need to make sure your provider complies with these requirements. It’s the law.

At any rate, when looking at potential providers, it’s always a good idea to ask them where your data will be physically hosted. You may get some comfort from working with a local provider as they must be compliant to local laws. Typically they are a bit more expensive than overseas providers, but you need to weigh up cost v peace of mind.

As far as privacy goes, it is good to know that your data is secure from hackers. You don’t want your patients' data being exposed publicly in any way, that’s bad for business, so encryption is essential. Ask your provider if your data will be encrypted.

Single point of failure

no_wifi.jpgThere’s only one way to access the cloud and that’s an internet connection. This means that your internet connection is your single point of failure. No internet connection means you lose access to your cloud hosted data or applications. 

To hedge against this occurence, we recommend you source a secondary ISP and maintain a second connection to the internet at all times. That way if one ISP goes down, you can simply switch over to the other with minimal interruption to business.

Sure this means more cost, but it’s something you need to weigh up if you want to go to the cloud.

Who owns patient data? 

The data is yours' right? Well not necessarily. Ever noticed how you get emails for products and services you never looked at? 

What happens is that some providers may sell your data to mailing list companies. These type of organisations then can sell the data to list companies who, in turn, will offer that data to marketers who want access you with their (not always relevant) offers. There are a plethora of them on the internet. Just google ‘mailing lists for sale’.

You don’t want patient data being sold. Ever. It is your responsibility to secure the patient data from being passed on for commercial purposes to any third or unauthorised party. 

I found a better internet service provider

What if you want to change providers? Or perhaps your business has grown and you’ve decided you now want to host in premise yourself. The last thing you want is to be locked into something forever.

Your data needs to be portable. You need to be able to take it with you when your agreement with your current ISP terminates.  The data needs to be in format that can be used by your and matches the format used by your medical records applications.

Check List for Moving Medical Records to a Cloud Based Server

We've put together a quick check list of questions to help you get the best from  your cloud hosted experience and secure patient data.

  • Where is the data stored?
  • Does it comply with Privacy and consumer law?
  • Will it be encrypted?
  • Can I get my data back?
  • What format will it be in?
  • Where are my backups stored?

So if you are considering moving your digital medical records to the cloud (and we believe there are some good reasons to do so) consider the above and make sure you know what questions to ask potential providers.

You can find more information about the legislative requirements on the Australian Government Department of Communications and the Arts website.  They also offer a Stay Smart Online guide and a Digital Business guide.


The idea is simple, outsource to a specialist when you either lack in-house expertise or IT infrastructure. The extra cost of this ‘convenience’ is offset by quicker response times, faster problem resolution and, ultimately, less stress for the business manager.




Topics: Paperless Patient Records

Dion Purnell

Written by Dion Purnell