Putting the Puzzle Together – The Role of a Product Manager in Software Development

Blog Header Image - Shar

I often get asked what it is that I do for a living. Ordinarily, when I answer that I’m a Product Manager, most people give me a blank look – and I realise that I need to explain the role of a Product Manager – who we are, and what we do.

Product Management is an essential part of the software development process. While we might not be the captains of the ship, we have a hand in the steering of it. If you like puzzles and solving problems, then it’s possible that Product Management is a role you may enjoy.

Most of the time, I find myself trying to figure out how to get the puzzle pieces to fit together to create a viable release. Some days I feel like I am trying to squeeze that last item into the back of the car before a road trip.

Product Manager Car Stack
It can feel a bit like this sometimes.

We are the touch-point between the Commercial, Support and Development teams in our business.  We are listening out for industry news, looking forward to where we can take our product next. We are listening to our customers, looking to see what you need and what we might be able to do to make your working day easier.  Maybe there is a pain point in the software that needs some love. We’re constantly looking to find out if there something new in the marketplace that our users would like to see in our software, or if we can introduce something new to the market.

My favourite part of this job is solving a pain point for our Practice users and making a workflow easier for them to use. We take that pain point and see what is missing, or what we have that can be enhanced to improve outcomes.

Product and Feature Requests

Reviewing enhancement requests that our users send through is another significant part of my role.  On average, I receive 3-5 requests daily for feature enhancements, or for totally new features. Of these requests, some are straightforward, and it is clear as to what the user wants to achieve.  Other times, I know our software does what the user is asking for, so I assist by explaining the process.  Depending on the request, I might organise to speak with a Practice directly to better understand the issue.

Each enhancement request is reviewed by a wider team to see if the work is viable, and to determine how beneficial it would be to our user-base. At this point, the ticket is either accepted, and the feature is added to an upcoming release, or it may be rejected. It might also be bundled with a number of other similar requests to help enhance a feature overall.

From here, I organise meetings with the Development team and break the requested feature down into smaller, more bite-sized tasks.  The Development team look at it and figure out what needs to be done, and how long it will take to do it.

Then I start to arrange the puzzle pieces and work out which features are going to be included in an upcoming release.  A release is generally made up of a number of features – some requested by our users, others driven by government.  They can be time-critical, where we are required to build a feature to a deadline.  They also can be driven by environmental factors – like the current COVID-19 pandemic.

The challenge, then, is to work out the priorities of those items within the release. These are aligned with the following areas of our business:

Product Manager Graphic

I then do some more planning, and then just for something different, I plan some more.

Our development team then take the reins, and they work off the priorities set by the Product Manager.  The work is organised into two-week blocks that we call sprints.  We have a daily stand up meeting to touch base, update the team and look at any immediate priorities that have come up in the interim. There can be any number of sprints in a release.  Historically, we have had larger releases, but we are currently aiming to re-focus on shorter releases.

The Testing Cycle

Once we reach the end of the development period, we send a build out to a group of practices who install it in their Practice and put it through its paces in a live environment. They will let us know if any issues arise from the build.  We call this the Beta cycle.

This cycle can be short or quite extensive, depending on how many issues are identified in the beta build of the release. As we fix each bug in a build, we push a new beta build out to Practices until we’re confident that the release is functioning without issue.

The last stage before public release is to produce what is known as a Release Candidate (or RC for short). The RC process is generally quicker, as by this stage we hope to have all major kinks ironed out. This build is then a candidate for release.

While this is all happening, we are working with other teams within the business to make sure that our internal team is trained in any new features, our marketing for the release is on track, our sales and support teams are ready and our training is organised and documentation prepared.  The role of a Product Manager involves a lot of puzzle pieces.

I keep the team updated on the progress of our Beta/RC builds so that everyone is aware of when a release is scheduled.  Even with the best laid plans, I still need to juggle what makes it into the finished products. I need to balance time and resources to determine what can reasonably be included.  Sometimes, a feature might be more complex to implement than initially thought; other times we’ll have priorities change at very short notice – meaning we may have to bump a feature into our next build.

While this is all happening, I’m constantly looking forward to the next 3-6 months to see what is coming up and what needs to be planned for future releases.

So, what’s the takeaways from all of this?

To fill the role of a Product Manager, you need to be able to balance many different requirements, and be acutely aware of your users to ensure you’re providing them with a product that they are happy to use.  The role of a Product Manager is a challenge, but if you’re cut out for it, a challenge well worth the effort.

Authored by:

Shar Trewben
Product Manager at Best Practice Software

Software Updates: Debunking Myths and Concerns

Debunking Software Myths

As a support team, we understand many of the challenges faced by Practices in order to keep current with software updates. In fact, at time of writing, only 36.4% of Bp Premier customers are running on Jade SP2, the latest version of the software.

All too often we hear similar reasoning as to why Practices aren’t taking the important step of updating their software. Today we’ll go through a few of the common myths and concerns we get surrounding updating Bp software, and provide some insight into why they may not always be correct.

Myth: Software Upgrades Cost Money!

While occasionally true in rare instances, such as a Practice needing an IT professional to assist with an upgrade, the majority of users should be capable of installing an update with the assistance of a simple upgrade document which is available on our Knowledge Base. Our software updates also come at no cost to your Practice – they are completely free!

Most of the time, the only thing an update requires is a bit of patience, and the following of a step-by-step guide.

Myth: An Update Isn’t a Priority – It Can Wait for a While.

Again, this is true in some cases but it’s important to make an informed decision. By regularly reviewing the Release Notes available on our Knowledge Base, you’ll be able to identify the features, fixes or regulatory changes which may positively benefit your Practice. It’s important to note minor issues may not be listed in our release notes.

Leaving or not prioritising updates can end up burning more time in a variety of ways. You may miss out on things like Medicare adjustments, bug management or new features and functionality. The best course of action is to stay up to date and have the latest drug update installed.

Myth: Only Need to Patch My Software Once.

Patching occurs in a combination of data updates and product updates, and is the fluid process of updating ever-changing security and regulatory requirements, in addition to bug fixes. We suggest patching as often as possible to ensure your system has the latest features, information and fixes.

Myth: It’s Only a Small Update, So It’s No Big Deal If I Miss It.

Small or large, all updates should be reviewed to see how they may benefit your Practice. Remember that an update may look small, but could make a meaningful difference to the day to day functioning of your Practice.

A good example of this is our upcoming Jade SP3 update. While Service Pack (SP) updates are typically fairly small, SP3 includes ePrescribing functionality, which is anything but minor! If you were to dismiss SP3 as ‘only a small update’, you’d be missing out on this crucial functionality.

Myth: Nobody is Available to Help Me Upgrade!

Best Practice Software offers a variety of update documentation on our Knowledge Base. For any additional update queries, our Support team is here to help.

We have 53 Support Specialists spread across three locations that are ready and willing to assist you with updating your software, or to help resolve any issues you encounter along the way. On average, our Support Specialists answer 8,759 enquiries each month, so you’re in very capable hands!

You can contact our Support teams by calling us at 1800 401 111 or emailing support@bpsoftware.net.

What is Sunsetting?

Best Practice Software regularly provides new releases of our software. These new releases include mandated regulatory requirements and a range of software improvements including updates to functionality and security, and fixes to known software issues.

However, regular software releases present an increasing challenge to our Support team who continue to support customers using older versions of Bp Premier.

As a result of this, we have introduced sunsetting – which is ending support for previous versions of our software in an effort to remain knowledgeable on up-to-date versions.

If you have any further questions regarding updating your software, please get in touch.

Have a question? Need assistance with a software update? Call us on 1800 401 111 or email support@bpsoftware.net.

Authored by:

Michael Toulsen
Lead Support Specialist at Best Practice Software

Time to Take Your Blood Pressure Pills!

Blood Pressure Medication

Historically, when single dose blood pressure medications were commenced, patients were advised to take them in the morning. This is because blood pressure follows our natural sleep cycle and dips when we are sleeping and rapidly rises in the morning when we get up. It was thought that taking medication in the morning would provide the most benefit as it would reduce that initial increase in the morning.

At the end of 2019, the results of a large study that looked at bedtime dosing of blood pressure medication were published in the European Journal of Cardiology [1]. The study looked at 19,000 patients in Spain in a primary care setting, and it compared the cardiovascular outcomes between those who took their medication at night and those who took it in the morning, with a mean follow up of just over 6 years. The study found a significant improvement in the outcomes of those who took their medication at bedtime with a reduction in the number of heart attacks, strokes, and heart failure in that group.

The study itself was quite comprehensive and had a good follow up period of 6 years. It is important to note that they only included patients in the study if they did not have any history of pre-existing kidney failure, heart failure, retinopathy, abnormal heart rhythms or alcoholism, and they did not include shift workers. They also did not include pregnant patients or those with secondary hypertension. The authors split the groups in half and had one group take all of their medications in the morning, and the second group take all of their medications before bed. 

Patients’ blood pressure control was monitored during their GP visits in addition to doing an annual 48-hour ambulatory blood pressure test. This test involves wearing a blood pressure monitor for 48 hours with BP check every 20 – 30 minutes to get a good picture of the blood pressure fluctuations over a 48 hour period.

The authors found that those taking their medications at night had overall better control of their blood pressure in addition to needing fewer medications to keep to the recommended targets. The study also found that there was a 45% reduction in cardiovascular events such has heart attacks, angina, strokes and heart failure in the group who took their medications at night. Moreover, they did not find any adverse events to occur in that group.

There have been some other smaller studies that have also looked at morning versus bedtime dosing of blood pressuring lowering medications [2], which showed better blood pressure control without any adverse effects of taking blood pressure medications at night. However, there have been a number of small ophthalmological studies that have shown a detrimental effect for those with certain eye conditions if their night-time blood pressure drops too low [3], or if they take their blood pressure medications at night [4].

To date, there have not been any changes to the current Cardiology or Heart Foundation guidelines to routinely recommend changing patients over to bedtime dosing. However, for some patients the benefits would clearly be substantial.

Before changing over to bed-time blood pressure medication dosing, it would be a good idea to discuss with your GP or Cardiologist if this is suitable for you.

Authored by:

Dr. Fabrina Hossain
Clinical Advisor at Best Practice Software



[1] https://academic.oup.com/eurheartj/advance-article/doi/10.1093/eurheartj/ehz754/5602478
[2] https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4091949/
[3] https://pubmed.ncbi.nlm.nih.gov/8172267/
[4] https://pubmed.ncbi.nlm.nih.gov/22424547/

Enhanced Secure Messaging – the Path to Interoperability

Secure Messaging Interoperability

A core part of healthcare in Australia today is communication between healthcare providers. However many of these sensitive communications are taking place via unsecure channels, or through channels that aren’t compatible, leading to a breakdown of communication, poor health outcomes and inefficiencies.

To solve this challenge, a national initiative has been introduced to transform the way health information is exchanged in Australia. A key goal of the initiative is to equip healthcare providers with the ability to communicate with other professionals utilising secure messaging via their integrated practice management system. This will result in reduced dependency on unsecure channels such as paper-based correspondence, fax machine or post.

Here’s what you need to know about secure messaging – what it is, why it’s important, how it will impact practices and the timeline for implementation.

What is Secure Messaging?

Secure messaging enables the encrypted electronic exchange of patient healthcare information between healthcare providers. Point-to-point delivery of messages such as discharge summaries, referrals, requests and results represent the typical use case.

The electronic message is encrypted by the sender and decrypted by the receiver and therefore cannot be read if intercepted in transit.

Software vendors and their solutions, built to facilitate secure message delivery, are well established in Australasia, some with over 25 years in the market.

It’s fair to say that the majority of practices have had some exposure to secure message service providers (eg, Telstra Health Argus, Healthlink, Medical Objects and ReferralNet) and may even have more than one service enabled.

Why Does Secure Messaging Matter?

In a shared care environment, where it is necessary to exchange healthcare information, secure messaging ensures that the highest level of security and privacy is maintained. Protecting a patient’s sensitive, healthcare information and in alignment with the Privacy Act 1988. In addition, the benefits of exchanging data electronically and securely include speed, efficiency, lower risk and reduced cost.

A collaborative, nationwide approach to unify secure messaging providers is crucial to providing a seamless healthcare journey for patients, and for enabling simple and easy communication amongst healthcare providers.

Isn’t Secure Messaging Already In Place?

Imagine for a moment if our telephone service providers weren’t interoperable, for example your phone network wasn’t able to call someone you know who subscribes to another phone network. How effective would our telephone system be if this were the case? To date, we are in somewhat of a similar situation with secure messaging.

Despite the widespread adoption of secure messaging, the individual secure messaging service providers have approached messaging differently, resulting in incompatibility in many instances. The lack of interoperability has resulted in fragmented systems and communication.

Furthermore, messages and referrals generated by practitioners are often limited to providers listed in their local address book or directory, making it time consuming to locate contact details for providers outside their normal referral network. The above method also relies on the provider information being kept up to date by the practice, often leading to inaccurate information, possibly even providers that are no longer in operation.

What is Changing?

The Australian Digital Health Agency is leading a program of change, to enhance interoperability standards for secure messaging. This initiative is in direct support of the National Digital Health Strategy, to reduce barriers to using secure electronic exchange of health data and ensure interoperability between technologies. Two key changes will take place as part of this initiative.

First is the introduction of a federated provider directory capability, enabling clinical information systems and secure messaging delivery systems to search cross-directory to find accurate, trusted and validated healthcare provider electronic addresses.

Second, software providers are enhancing the message exchange format to meet an agreed standardized specification for message content – streamlined to improve interoperability across disparate service providers and clinical systems.

How is Best Practice Software Getting Involved?

Best Practice Software has actively participated in the collaboration between software providers and government bodies, to define interoperability standards for secure messaging solutions.

The development to enhance secure messaging and be conformant to the ADHA specification is currently in testing phase and the enhanced functionality will be available in Bp Premier Saffron and VIP.net Ruby SP3 in the coming months.

When Will Enhanced Secure Messaging be Available More Widely?

There are 42 software organisations taking part in the ADHA secure messaging enhancement initiative, the change program is scheduled to conclude this October so there are certainly exciting times ahead for improved data workflows and efficiencies!

Authored by:

Monica Reed






Monica Reed
Manager, Commercial & Customer Enablement at Best Practice Software

Practice Management and the Imperatives of Cloud Computing

Practice Management Cloud Computing

It might surprise you to know that virtually all major practice management system vendors in Australasia have released, or are planning to release, their next generation solutions on the cloud. Cloud Computing is a trend that is sure to accelerate over time and is a transformation that will have a significant impact on the day-to-day operation of Practices and Practice Managers across all healthcare domains.

As Best Practice Software is undertaking the development of our own cloud-based platform, we are often asked by our clients what cloud computing entails, and what the benefits are over traditional desktop software. The following provides a brief insight into these questions.

What is Cloud Computing?

Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

That’s quite a mouthful and not necessarily easy to understand, but it essentially identifies the five common characteristics of true cloud computing:

  • Broad network access
    This refers to the fact that resources in the cloud are available over multiple device types, ranging from common devices like laptops and workstations, to mobile phones and the like. Providers are no longer tied to the desktop or the location of their data, the benefits of which are becoming increasingly clear in these times.
  • On-demand self-service
    This refers to capabilities that manage provisioning and back-office functions. In non-cloud or traditional desktop environments, where the end user can self-provision without interacting with the provider, the downstream result has historically been inefficiency and waste. These new technologies now enable us to provide our customers with true self-service without incurring these penalties or service costs.
  • Resource pooling
    The scalability of the cloud is one of its most defining fundamental concepts. Without pooled computing, networks and storage, these services must be provisioned across multiple silos at great cost. Through resource pooling, multiple customers are sharing resources stored in the cloud with their peers, in much the same way as a telephone network operates. Because of this, the cost of resources is also shared between multiple customers.
  • Measured service
    These pooled resources can be easily monitored and reported, providing visibility into rates of resource consumption and the allocation of the costs associated with said consumption.
  • Rapid elasticity
    Elastic resources are critical in reducing costs. When accessing a cloud-based service, you only access the resources as and when you need the capacity. For most practices, a large percentage of costs associated with deploying applications stem from provisioning and maintaining a range of hardware resources. The purchase and rollout of these hardware resources requires forecasting of anticipated demand, rather than actual demand with a fixed capital expenditure commitment. The elasticity of the cloud means that you simply get what you need as and when you need it, and you only pay for what you use, resulting in a significant reduction in costs.

Cloud computing is not a single service fits all model.

There are a number of deployment models to suit different organisations. The two most prevalent deployment models used in the healthcare industry are the private cloud and public cloud.

Private cloud is generally only implemented in larger organisations due to the increased infrastructure costs that can be spread across greater number of users. They are generally designed by and built for a single customer to support specific functions critical for the success of a single line of business, and usually require more technical proficiency to maintain.

Public cloud is what is most people think of when they hear cloud computing system; it is multitenant capable and shared by a number of customers who may have nothing in common. They are typically less expensive to maintain, and leverage infrastructure provided by large tech providers such as Amazon with its AWS service and the competing Microsoft Azure service. This is the deployment model that is generally best suited for small Practices, and the variant that most Practice Managers will deal with and is the deployment model that Best Practice Software has selected for its cloud offering.

In summation, the incremental and exponential advances made in recent years has created a significant shift towards cloud computing adoption. The large number of practice management software and other health software vendors refreshing their products with cloud enablement underscores this.

Vendors benefit through shortening the time to market for new products and features, whilst at the same time delivering drastic cost reductions to customers.

The adoption of these cloud-enabled healthcare platforms will grow as users experience the benefits of a shortened enhancement lifecycle, without the associated operational disruption that comes from frequently installing desktop or client-server-based software solutions. Cloud computing brings the promise of never having to do a manual data update, or to endure the long wait for new releases to introduce new features or defect fixes. This cycle gets compressed from months, to weeks and days.

However, not all platform migrations to the cloud have been successful. Ultimately, the organisations that will be successful are those that understand that a move to the cloud is not merely a porting of technology, but rather a new way of thinking as to providing healthcare as a service, one that maximises all of the components of cloud computing.

Authored by:

Andre Broodryk
Manager of Product Management at Best Practice Software

Transitioning to a Work From Home Business

As the world continues to fight and adapt to this ever-changing situation, many businesses have needed to become more innovative and agile in the way they’re operating. Globally, businesses have had their normal work routines flipped upside down and are now being challenged with navigating the unknown. For many, this involves transitioning to a work from home business. This sudden loss of control is difficult for businesses, and for many, this will be a very scary time.

For businesses who already have systems and processes in place, adaptation to a work from home business will be simple. However, for others who may be less prepared, the ability to adapt won’t come as easily and this will present an enormous challenge in an already stressful time.

When considering what can be done to make this navigation of the unknown less stressful, I would like to share three key points that I think allow a business to easily adapt and continue (with some modification) with business as normal.

Well-considered WFH Policy and Procedures

Having a clear direction and an outline of requirements is important to ensure everybody remains safe and understands what is expected of them.

The introduction of any policy should be necessitated by a business need, or to set a minimum standard for the topic that is being covered. When introducing any policy or procedure, the author should always have the business in mind. A good start would be to ask questions such as, ‘what is the desired result of introducing this policy or procedure?‘, or, ‘what past changes have not gone so smoothly?‘. Also question the why, ‘what is the demographic of our people?‘ or ‘what are the minimum access requirements (role, home environment, etc.) and technology needs?‘.

Some basic inclusions for a work from home business policy should include: 

  • The purpose of the document;
  • Guidelines for request considerations – connectivity, role resources, role suitability and workspace; 
  • The frequency or period of this arrangement;
  • Guidance on the logistical or performance details, which may include attendance while working from home, communication and timeframes, home insurance needs, information privacy and security, safety and well-being and WFH expenses.

Items such as these will not only set a clear business requirements and objectives, it will also make it clear to employees what is expected from them to uphold the arrangement.

Required Documentation

I am not talking about paperwork for the sake of paperwork, but having some simple documentation to assist and protect your business and its people when adjusting to a work from home business. It is very important that, as a business, you understand your obligations when it comes to safety, and it is just as important that your team understands their obligations when entering into a work from home business arrangement.

Both the business and its people need to understand that work from home business arrangements are an extension of the workplace, and therefore all business policies and safety protocols will apply, albeit with some modifications. As a business, you have a few options to ensure that your staff’s WFH environment is safe and that the arrangement will not present additional risk to the business or the team member.

Conducting safety and risk assessments of the work from home business environment is a good place to start, and there are a few ways that this can be done. The first is by employing an external party who will conduct an in-house assessment of your staff’s WFH environment. Alternatively, you can have your staff complete a self-assessment that includes photographic evidence to support their self-assessment outcomes. These self-assessments should include such areas as ergonomics (chair, workstations and set-up); potential hazards (trip and slip); general walkways to common areas and exits; first aid; lighting (natural and artificial); work environment climate (air-conditioning, fans, fresh air); and location of power supplies.

The home working environment needs to be assessed as if it was an area in the workplace.


Communication is the conduit that brings all of this together. It’s the start of the process when the business introduces the work from home business arrangement. It’s the connectivity that the business will have with its people, it’s the checks and balances that managers will use to stay on top of their peoples’ outcomes, and it’s the best way to ensure businesses expectations are met and adequate support is being provided to the team.

The business should have – within its policy or setup within its teams, how people will connect and the frequency of these connections. At the start, this may be more frequent and as time progresses the frequency may become less. Ideally, contact and communication should still occur at least at the start of the day and once during the day, not dissimilar to how you’d greet your team at the start of each workday when you arrive, and chat casually or formally throughout the day. This will help remind staff that support is available if they need it.

There is an incredible variety of technology available to businesses these days. This includes platforms such as email, video conferencing, instant messages, use of collaboration software like MS Teams, Zoom, Skype and alike – and let’s not forget the good old telephone. Although not all of these platforms will be needed, it’s a good idea to review the communication needs of your business, the pros and cons of different software options and the volume of contact that your business will need when communicating with its people.

These three key points mentioned are only a guide to the endless possibilities that are available to assist in navigating the unknown in transitioning to a work from home business. It’s extremely important that organisations implement processes and systems that are right for their business. Take the time to ask questions, research and understand what value these changes will provide your business, especially in these unique times.

Authored by:

Brendon Croft
People, Culture and Capability Manager at Best Practice Softwar

Staying Cyber-Secure: Cyber Security Risks During COVID-19

COVID-19 may not be the only virus health organisations need to worry about.

The current COVID-19 crisis afflicting the world has changed the lives of billions of people. Forced into isolation in both our private and working lives, more employees than ever before are now working from home across most industries. With this major crisis leaving many hospitals and healthcare organisations on the edge of their breaking point and more vulnerable to serious technological disruption, it was almost inevitable that the technological vultures known as cyber criminals would soon be circling, looking to maximise profits against vulnerable, high-value targets.

The following article is intended to shine a light on some of the recent concerns surrounding cyber security during COVID-19 that are occurring around the globe, and will provide readers with some quick safety tips and resources for further information. All information provided is general in nature, as we are not IT security advisers, and recommend specialist consultation where possible.

The Current Situation – Cyber Security During COVID-19

Healthcare organisations have traditionally prioritised spending (and rightly so) on equipment and staff over ICT infrastructure, which has unfortunately led to healthcare organisations often being behind the curve when it comes to cyber security with the perception of being “soft-targets” to cyber criminals.

Australia is no exception, as illustrated by the well-publicised ransomware attack affecting multiple Victorian hospitals in October of last year (ACS, 2019).  Figures released by the Office of the Australian Information Commissioner (OIAC) showed the Healthcare provider sector to have the highest number of reported data breaches for the entirety of 2019 (OAIC, 2019).

A worldwide increase in serious cyber crime attacks against vulnerable health industry targets has prompted a tightening of cyber security during COVID-19. Interpol has released a purple notice to its 194 member countries warning of the increased number of targeted ransomware attacks (Interpol, 2020), and the World Health Organisation has also reported a two-fold increase in attempted cyber attacks; both on their organisation, and other organisations in countries such as Spain, England, America and Thailand.

A particularly severe event in the Czech Republic left a major hospital and COVID-19 testing centre without access to critical equipment, forcing the delay of surgical procedures and relocation of some patients to other institutions (Humanitarian Law & Policy, 2020).

Cyber Attack Vectors

Though ransomware/crypto attacks are often the most publicised methods of attack, increases in multiple attack types have been observed and warned against by numerous security agencies including the FBI, Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) to name a few (www.us-cert, 2020). Some of the more common ways in which attacks happen have been listed below.

Human/Social Engineering Risks

Regardless of the security posture of any organisation, and despite even the most robust IT systems, the weakest point in any infrastructure is always the user. Some common methods used to manipulate users into circumventing security controls are listed below.


There is a reason phishing emails are such a common occurrence, despite “Nigerian Prince” type scams being the “oldest trick in the book”—people are still falling for them, so they’re still being used. In this context, likely scenarios are emails convincing users to open malicious attachments that steal personal information or install remote access trojans (RAT).

Emails can also convince the user to click links to malicious websites that mine the user’s IP address or install Remote Access Trojans.

Several recent phishing campaigns have been observed on our shores, with emails purporting to be from the WHO and Australia Post for the exact reasons listed above.

Business Email Compromise (BEC) Attacks

Closely related to the phishing, several email scams have been reported whereby users are conned into donating money to COVID-19 charities, including some purporting to be from the WHO.

An additional form of a BEC is a spoofed email pretending to be from one of the targeted business’s VIPs, directing an employee to provide passwords or transfer funds to different accounts.


Closely related to the above voice phishing (vishing), is an impersonated phone call attempting to verbally achieve similar goals to phishing, by coercing a user into providing personal details, credit card numbers or browsing malicious web links.


SMS phishing (Smishing) uses SMS messages for similar purposes to vishing.

Tech Support Scams

Tech support scams may take any of the above forms and usually involve a malicious actor attempting to convince a user that they need to “urgently” access their computer remotely to fix an issue, when in reality they are after computer access to install a RAT or otherwise cause harm.

Obtaining remote access to a target system is particularly effective in circumventing firewalls, as often rules are applied that ignore returning traffic if it was initiated inside the network. Meaning while a malicious actor can’t launch malicious traffic directly from an outside source, they can have a user initiate first contact and then gain access via the reply traffic.

Technical Risks

DDOS Attacks (Distributed Denial of Service)

There have been some minor increases in DDOS-type activities, where malicious individuals try to overwhelm systems with massive traffic volumes for botnet armies etc. Firewall policies can mitigate these as can most ISPs.

Software and Operating Systems

End of life or out of date OS software is always a security risk in organisations. Microsoft ended support for Windows 7 and Server 2008r2  in January of this year, meaning any newly discovered security vulnerabilities will not be patched in these operating systems and they should be upgraded as soon as possible.

Even the latest versions of operating systems are vulnerable without adequate security patching and up to date Anti-malware software.

Remote Access Technologies

The rapid expansion and increased reliance on work from home infrastructure, tools such as VPN appliances/concentrators, RDP endpoints, communications platform (Zoom, Skype) and remote access platforms such as Citrix, have exacerbated security risks and formed threats such as poor network design, configuration mistakes and out of date devices and software.

Several vulnerabilities were found to have been exploited in major vendor products including Citrix, Palo Alto and Fortinet. Likewise, an increase in phishing attacks centred around popular communications software products Zoom and Teams, where in some instances sessions were even hijacked by external sources.

A majority of these issues can be avoided, by merely ensuring OS, hardware and software products are up to date with the latest patches, and by using security controls such as strong passwords and two-factor authentication.

Risk Mitigation

With the increased in aforementioned risks, it is clear organisations and medical Practices should take steps to ensure they do not become victims as a result of lax cyber security during COVID-19.

Though by no means a replacement for specialist cyber security advice, some simple risk mitigation steps for the above threats include:

  • Stay abreast of current threats and trends. Links for some official advisories are included below.
  • Carefully read and ensure emails are from a legitimate source and don’t click on suspicious links or attachments.
  • Never give out account or personal information. Financial institutions will never ask you for passwords or account details.
  • Ensure you only use supported and up to date versions of operating systems and software, with particular emphasis on anti-malware products and communications. Outdated software is more likely to be a target for security vulnerabilities.
  • Ensure all remote access technologies are up to date with patches and monitor the vendor websites for notification of recommended updates.
  • Use strong, hard-to-guess password or better yet “passphrases”. “mydogsnameisspot” is vastly superior to “spot123”. HINT: Password1 (or similar) is not an acceptable password at any time.
  • Use two-factor authentication where ever possible. Though it can be frustrating at times, it is preferable to falling victim to a cyber attack.
  • Always ensure you have backups of critical data and systems, preferably offsite and encrypted. This is particularly important for Best Practice Software users. For details on how best to back up your Best Practice software, contact support.
  • Consult a cyber security specialist for tailored advice on cyber security during COVID-19.

This is a confusing and often daunting time, especially for those new to remote working arrangements, where the security and peace of mind of the office network is no longer present.

However, cyber security during COVID-19 starts with simple, manageable precautions that can and should be undertaken by everyone to ensure security for you and your organisation during this unprecedented time.

Security Advisory Services

Though by no means an exhaustive list, the following links are to official government security advisories for warnings, and should be monitored regularly for advice on cyber security during COVID-19.

Australian Cyber Security Centre
Australian Cyber Security Centre – Protecting Your Small Business
Department of Homeland Security – Risk Management for Novel Coronavirus

Authored by:

Mark Dexter Best Practice Software

Mark Dexter | Technical Operations Analyst
Best Practice Software

Mental Health in the Age of COVID-19

It is 3:00am and I am awake. Again.

This is the third time this week. I reach for my phone and open up my social media app where I scroll through the latest COVID-19 updates in a group of doctors that is 13,000-strong. My eyes frantically try to keep up with numerous graphs, projections, news stories and the impacts of compromised mental health during COVID-19. Scattered in between these are personal stories of frustration, anger or even complete denial of the scale of the problem.

By the time I manage to get to work and see my first patient at 8:00, my mind has already spent 5 hours ruminating about COVID-19. My eyes are dry and my shoulders already feel heavy. Surely this behaviour is unsustainable? A chat in the tearoom with my colleagues, sitting 1.5m away from me, reveal this phenomenon to be common.

As we find ourselves in the midst of a one in 100-year event that has upheaved our daily schedules, it is normal to feel stressed, worried or anxious. With rapidly changing government policies regarding work and play, isolation and uncertainty prevails over consistency, routine and social interactions. Many of us in the healthcare and technology industries, who are still able to work and have a steady income, watch in fear as those in the hospitality, retail and tourism industries lose their jobs and livelihoods. We worry about the future and about the economy.

Is the government doing enough?
Why did they let all those people off the Ruby Princess?
Are we doing enough to look after mental health during COVID-19?
Will there be a global economic recession or a depression on the other side of this pandemic?

Stress occurs when there is a perceived threat that is beyond our ability to control. When we are are stressed, there are physiological changes within our body that cause us to be more alert and vigilant. This is commonly known as the ‘fight or flight’ response. If the threat is continuous or persistent, those physiological changes can affect our emotional health and well-being in the form of anxiety.

Anxiety, much like a chameleon, can manifest in many ways. It can be as subtle as mild irritability and a reduction in concentration, to a more noticeable insomnia, early morning rising or reduced appetite, to full blown panic attacks with physical symptoms. This can be compounded by our current situation of physical and social isolation, that has become an mandated part of life today.

How Can We Deal With the Constant Strain on Mental Health during COVID-19?

The first step to coping is to accept that there are many variables that are completely out of our control, such as the duration of this pandemic; how many people will be affected; how others are responding to the situation and if there is enough toilet paper at the shops.

The second step is focusing on the variables we do have control over – such as our daily routine, finding enjoyable things to do at home, connecting with and supporting our friends, families and colleagues. Practically this may involve simple things like going for daily exercise in the morning, getting ready everyday, going to ‘work’ in a dedicated room and clearing it away when work has finished, having breaks, doing activities with the family, debriefing with friends and colleagues and switching off the news and social media. Some workplaces have created virtual ‘tea rooms’ or ‘water coolers’ in their respective meeting applications where staff can drop in at random times, as they would if in an office, and catch up with other colleagues whom they may not interact with regularly.

Of the above, daily exercise is proven to be the most effective intervention for stress at a population level. This is likely because sunlight and the natural hormones that get released during exercise can elevate the mood. For me personally, limiting social media and the news has also helped significantly as my brain gets a break from the constant negative stimulus after 7pm every night. Re-discovering the myriad of enjoyable things to do at home such as gardening, board games and reading, to finally getting through the decade old to-do list of sorting travel photos and decluttering, these activities have provided a welcome sense of achievement.

The link below is a great resource that explains how our normal worries can become excessive, and it provides some methods on how we can stop ourselves from progressing through a negative chain of thoughts that can lead to heightened risk to our mental health during COVID-19. There are also some practical tools included, such as an Activity Menu to keep occupied and a Decision Tree about how to prevent ourselves from overthinking things which are out of our control.

Click here to download a helpful PDF on managing stress and anxiety during this difficult time.

If these simple measures do not help to improve how you are feeling, then it may be time to check-in with your GP.

Authored by:

Dr. Fabrina Hossain
Clinical Advisor at Best Practice Software

Living the App Life – Our Journey Developing the Best Health App

Building the Best Health App has certainly been a journey. It’s progressed from an initial idea to countless workshops, engaging with our customers at the 2017 Bp Summit for feedback on desired features and functionality, a bit of external consulting, creating our own internal app team, starting a multiple stage testing process, and live beta sites, all before the public release.

Our journey started with an idea and vision to bring a patient’s health record right into their own pocket empowering them to take control of their health care journey. So, no matter where a person is travelling, they can always access their clinical information to improve the care that they receive.

This idea quickly gained traction as it also provides a completely new way for Practices and Doctors to engage with their patients and improve their overall relationships. It opens the door to the concept of Patient Experience (PX) and the first consumer facing product for Best Practice Software.

We engaged an external agency, experienced in app design, to ensure our technical design followed the latest industry standards, security models and technologies.

We then put together our own internal team which grew to six dedicated developers as well as additional supporting technical staff. The team works across both the Best Health App and Bp Premier Practice Management System ensuring a seamless integration between the two products. Our subject matter experts (SMEs) and the broader team across the business also played a pivotal role in identifying the product requirements for each feature.

Getting to public release required a highly collaborative approach across all areas of our organisation to ensure that we were ready to give practices the best possible customer experience. Training, sales, marketing, support and legal all had to come together for us to make the public release a reality.

Yeah Nah, Not So Simple…

Things are always more complex than they seem initially, and we have faced many challenges along the way that have required significant effort and collaboration by the team to resolve.

Challenges are opportunities and we welcome them.

One of the ongoing challenges is balancing out the integrated feature work between the Best Health App and Bp Premier. This required cross-team coordination to ensure the two products worked seamlessly together. As an example, we created a Patient Check-In feature in the app, which required substantial integration work to ensure we adhered to the patient identification criteria outlined by the RACGP and meets the standards of patient identification in Australia.

The messaging component between the Best Health App and Bp Premier provided many challenges. We started with a straightforward requirement for doctors to be able to send messages to patients that soon morphed into a complex exception management framework with identified points of failure and defined recovery methods. The result being a streamlined experience driven by preferred communication based on patient preferences. The Best Health App includes many types of messages such as appointment and clinical reminders, patient education material and practice notifications. This solution decreases overall messaging costs and creates savings for practices.

Privacy & Security

Security, privacy and storage of patient’s sensitive data is critical and forms the architectural backbone of the Best Health App.  The team engaged with security experts to solution a framework that met the security and privacy guidelines necessary for this type of patient app. The outcome is a platform that enforces Australian data sovereignty and ensures we are using the latest encryption methods and tools available. As testimony to all this hard work, we received a very high security score for the penetration testing that was conducted by an external party.

In addition, we completely remodelled the Patient Consent process to help manage Patient Privacy, giving patients the choice of communication types, they wish to receive. The Patient Consent process was part of the Bp Premier Indigo SP1 release and received a significant amount of positive feedback from external parties.

Exciting Times Ahead

It has taken us close to three years to get to this point where we are confident that we have the right architectural framework to ensure all bases are covered in respect to Practice and patient confidentiality and the security of all personal and clinical data. We have a solid foundational product that is clinically and technically safe and effective, upon which we can confidently build more features for Practices and patients to meet the growing need in the community to have greater flexibility and control over their time and access to clinical information.

With an ever growing percentage of people accustomed to doing almost everything online at a time that fits in with a hectic lifestyle, having a trusted app that connects patients to their Practices, where they can manage medical appointments, reminders and other clinical information in the one place can provide peace of mind and empower people to take control of their health care journey.

This is an exciting time for everyone involved and we cannot wait to release more features and continue to enhance patient experience for our industry.

Co-authored by:
Henry Vesander
Product Manager
Meg Gugenberger
Product Manager, Best Health App

Human-Centred Software Design – Why Does It Matter?

Human-Centred Software Design

Human-centred design and co-design are becoming the standard terms used when designing customer focused solutions. In fact, co-design is no longer used as tech company lingo, but it’s an approach increasingly used in the public sector. Just go to any medical industry conference and it’s difficult to avoid seeing a presentation that hasn’t been derived from a co-design approach.

So why is a human-centred design approach so important? One of the key mottos at Best Practice Software is ‘designed by a doctor, for a doctor’. This is a key pillar of our organisation. The key purpose of these design concepts is to better understand the evolving needs of your customers and the new challenges that come along with it. We strive to ensure that we address the correct needs of our customers as we build our next generation product, Titanium.

Medical software is an industry that has experienced rapid technological advancement. This transformation is only going to accelerate as we not only adopt cloud-based technology but all the latest advancements that come along with it such as mobile applications, shared health records, e-prescriptions, artificial intelligence, virtual reality, augmented reality and virtual health care services.

Speaking to Our Customers

In software development it is easy to become too feature focused instead of stopping for a moment to re-evaluate the problems we want to solve. Customers have always been at the heart of what we do at Best Practice Software and it has always been important to us to take our user-centered approach to another level with the development of our next generation of products, code-named “Titanium”. So, we decided to go out, speak to customers and listen to what they had to say about the challenges, problems and pain points that they face day-in and day-out in their practices.

We invited customers to a roadshow called “Connect and Evolve” and the purpose was literally to connect with our customers and discuss the evolving needs of their practices. In these sessions it was important to not start with designing solutions and features but to begin by listing out all daily, tasks, activities and routine work. We then started to establish problem statements and listing out time consuming tasks. After that we started to figure out ideal workflows and solutions to address these issues by putting all limitations aside in the technology that we use today.

We ended up with a tremendous amount of insight and feedback not only on the current needs of practices but also on the desired future state of working whether you are a provider, receptionist, a nurse or a practice manager. We are using this feedback in our product roadmap for Titanium and we have continued to speak to even more of our customers by showing prototypes and possible solutions to improve our day to day working life.

Understanding the Real Problems

One of the unique aspects in medical software is that users spend the entire day using the product. As a comparison, if you use marketing software, you only use it for parts of the day or in increments throughout a working day. In medical software you might not leave your screen all day, so designing a solution that understands these needs is absolutely critical.

As our industry and working environments continue to evolve rapidly, we also need to recognise and understand the changing needs and challenges that come with change. This may sound like an obvious statement but in order to drive innovation, it’s necessary to find a way to break the norm by introducing new ways of doing things. This is not an easy task when you speak to users that understandably do not want a disruption in their workflows. The last thing you want to do is force features down the throats of customers whether they like them or not. You need to give them value by delivering better usability, saving time, solving problems and ultimately helping them in improving patient care.

Applying New Technology and Prototyping

Does new technology solve old problems or does new technology create new problems? The reality is probably a bit of both. For instance, moving into cloud-based technology solves a lot of problems. It offers always-on technology available to any location you want to work out of and usually for any device you want to use it with, whether desktop, laptop, tablet or mobile. However, it also introduces a whole layer of complexity with the unknowns of having a stable internet connection, data security and using a browser instead of an application built for an operating system.

We help address these things through rapid prototyping, user testing, and agile development methodologies in our product design. We also conduct a significant amount of market research and learn from our mistakes and the mistakes of others in the industry. There are usually several different solutions or approaches to address a problem. The key is figuring out which is the most appropriate or most promising option to take or technology to choose from. We then prototype, speak to users, test with users, refine the solution, do the development work and complete the feature. For instance, the architecture of Titanium has been completely built from scratch using the latest API-agnostic platform structure to improve development time, scalability, cost efficiency and enabling more third party integrations for Practices.

Gathering feedback from our customers is a job that is never done. We are continuing to ramp up our development work on Titanium with a strong focus on customer experience (CX) and user experience (UX) by actively involving our Practice customers throughout the product design process. It’s a process that starts with the users and ends in a product built to address the current and future needs of our customers.

We value the input of our customers. If you have suggestions for functionality within Titanium, please share your feedback in our Forum, which can be found in the top menu bar of this website.

Authored by: 
Henry Vesander
Henry Vesander
Product Manager at Best Practice Software