fbpx

Enhanced Secure Messaging – the Path to Interoperability

Secure Messaging

Digital healthcare provides clinicians with fast and reliable access to patient records, in turn, improving efficiencies in coordinated clinical care and ultimately supporting better patient outcomes.

What is Secure Messaging?

Secure messaging enables the encrypted electronic exchange of patient healthcare information between healthcare providers. Point-to-point delivery of messages such as discharge summaries, referrals, requests and results represent the typical use case.

The electronic message is encrypted by the sender and decrypted by the receiver and therefore cannot be read if intercepted in transit.

Software vendors and their solutions, built to facilitate secure message delivery, are well established in Australasia, some with over 25 years in the market.

It’s fair to say that the majority of practices have had some exposure to secure message service providers (eg, Telstra Health Argus, Healthlink, Medical Objects and ReferralNet) and may even have more than one service enabled.

Why Does Secure Messaging Matter?

In a shared care environment, where it is necessary to exchange healthcare information, secure messaging ensures that the highest level of security and privacy is maintained. Protecting a Patient’s sensitive, healthcare information and in alignment with the Privacy Act 1988.

In addition, the benefits of exchanging data electronically and securely include speed, efficiency, lower risk and reduced cost.

Why are Healthcare Providers Still Printing, Faxing, Mailing and Emailing?

Despite the widespread adoption of secure messaging, the individual secure messaging service providers have approached messaging differently. Inherently incompatible, they have been largely unable to exchange information with one another.

Further, messages generated by a Healthcare provider may only be addressed to Healthcare provider recipients listed in their local address book or Directory. The address information available, sometimes being out of date and often restricted to recipients using the same secure messaging delivery service.

What is Changing?

The Australian Digital Health Agency is leading a program of change, to enhance interoperability standards for secure messaging. This initiative is in direct support of the National Digital Health Strategy, to reduce barriers to using secure electronic exchange of health data. Ultimately, ending the dependence on paper-based correspondence and outdated, unsecure technology such as fax machines in healthcare.

Two key things are changing:

First is the introduction of federated provider directory capability, enabling clinical information systems and secure messaging delivery systems to search cross-directory to find accurate, trusted and validated   healthcare provider electronic addresses.

Second, software providers are enhancing the message exchange format to meet an agreed standardized specification for message content – streamlined to improve interoperability across disparate service providers and clinical systems.

How is Best Practice Software Getting Involved?

Best Practice Software has actively participated in the collaboration between software providers and government bodies, to define interoperability standards for secure messaging solutions.

The development to enhance secure messaging and be conformant to the ADHA specification is currently in testing phase and the enhanced functionality will be available in Bp Premier Saffron and VIP.net Ruby SP3 in the coming months.

When Will Enhanced Secure Messaging be Available More Widely?

There are 42 software organisations taking part in the ADHA secure messaging enhancement initiative, the change program is scheduled to conclude this October so there are certainly exciting times ahead for improved data workflows and efficiencies!

Authored by:

Monica Reed
Commercial & Customer Enablement Manager at Best Practice Software

Practice Management and the Imperatives of Cloud Computing

Practice Management Cloud Computing

It might surprise you to know that virtually all major practice management system vendors in Australasia have released, or are planning to release, their next generation solutions on the cloud. This is a trend that is sure to accelerate over time and is a transformation that will have a significant impact on the day-to-day operation of Practices and Practice Managers across all healthcare domains.

As Best Practice Software is undertaking the development of our own cloud-based platform, we are often asked by our clients what cloud computing entails, and what the benefits are over traditional desktop software. The following provides a brief insight into these questions.

What is Cloud Computing?

Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

That’s quite a mouthful and not necessarily easy to understand, but it essentially identifies the five common characteristics of true cloud computing:

  • Broad network access
    This refers to the fact that resources in the cloud are available over multiple device types, ranging from common devices like laptops and workstations, to mobile phones and the like. Providers are no longer tied to the desktop or the location of their data, the benefits of which are becoming increasingly clear in these times.

  • On-demand self-service
    This refers to capabilities that manage provisioning and back-office functions. In non-cloud or traditional desktop environments, where the end user can self-provision without interacting with the provider, the downstream result has historically been inefficiency and waste. These new technologies now enable us to provide our customers with true self-service without incurring these penalties or service costs.

  • Resource pooling
    The scalability of the cloud is one of its most defining fundamental concepts. Without pooled computing, networks and storage, these services must be provisioned across multiple silos at great cost. Through resource pooling, multiple customers are sharing resources stored in the cloud with their peers, in much the same way as a telephone network operates. Because of this, the cost of resources is also shared between multiple customers.

  • Measured service
    These pooled resources can be easily monitored and reported, providing visibility into rates of resource consumption and the allocation of the costs associated with said consumption.

  • Rapid elasticity
    Elastic resources are critical in reducing costs. When accessing a cloud-based service, you only access the resources as and when you need the capacity. For most practices, a large percentage of costs associated with deploying applications stem from provisioning and maintaining a range of hardware resources. The purchase and rollout of these hardware resources requires forecasting of anticipated demand, rather than actual demand with a fixed capital expenditure commitment. The elasticity of the cloud means that you simply get what you need as and when you need it, and you only pay for what you use, resulting in a significant reduction in costs.

Cloud computing is not a single service fits all model.

There are a number of deployment models to suit different organisations. The two most prevalent deployment models used in the healthcare industry are the private cloud and public cloud.

Private cloud is generally only implemented in larger organisations due to the increased infrastructure costs that can be spread across greater number of users. They are generally designed by and built for a single customer to support specific functions critical for the success of a single line of business, and usually require more technical proficiency to maintain.

Public cloud is what is most people think of when they hear cloud computing system; it is multitenant capable and shared by a number of customers who may have nothing in common. They are typically less expensive to maintain, and leverage infrastructure provided by large tech providers such as Amazon with its AWS service and the competing Microsoft Azure service. This is the deployment model that is generally best suited for small Practices, and the variant that most Practice Managers will deal with and is the deployment model that Best Practice Software has selected for its cloud offering.

In summation, the incremental and exponential advances made in recent years has created a significant shift towards cloud computing adoption. The large number of practice management software and other health software vendors refreshing their products with cloud enablement underscores this.

Vendors benefit through shortening the time to market for new products and features, whilst at the same time delivering drastic cost reductions to customers.

The adoption of these cloud-enabled healthcare platforms will grow as users experience the benefits of a shortened enhancement lifecycle, without the associated operational disruption that comes from frequently installing desktop or client-server-based software solutions. Cloud computing brings the promise of never having to do a manual data update, or to endure the long wait for new releases to introduce new features or defect fixes. This cycle gets compressed from months, to weeks and days.

However, not all platform migrations to the cloud have been successful. Ultimately, the organisations that will be successful are those that understand that a move to the cloud is not merely a porting of technology, but rather a new way of thinking as to providing healthcare as a service, one that maximises all of the components of cloud computing.

Authored by:

Andre Broodryk
Manager of Product Management at Best Practice Software

Transitioning to a Work From Home Business

As the world continues to fight and adapt to this ever-changing situation, many businesses have needed to become more innovative and agile in the way they’re operating. Globally, businesses have had their normal work routines flipped upside down and are now being challenged with navigating the unknown. For many, this involves transitioning to a work from home business. This sudden loss of control is difficult for businesses, and for many, this will be a very scary time.

For businesses who already have systems and processes in place, adaptation to a work from home business will be simple. However, for others who may be less prepared, the ability to adapt won’t come as easily and this will present an enormous challenge in an already stressful time.

When considering what can be done to make this navigation of the unknown less stressful, I would like to share three key points that I think allow a business to easily adapt and continue (with some modification) with business as normal.

Well-considered WFH Policy and Procedures

Having a clear direction and an outline of requirements is important to ensure everybody remains safe and understands what is expected of them.

The introduction of any policy should be necessitated by a business need, or to set a minimum standard for the topic that is being covered. When introducing any policy or procedure, the author should always have the business in mind. A good start would be to ask questions such as, ‘what is the desired result of introducing this policy or procedure?‘, or, ‘what past changes have not gone so smoothly?‘. Also question the why, ‘what is the demographic of our people?‘ or ‘what are the minimum access requirements (role, home environment, etc.) and technology needs?‘.

Some basic inclusions for a work from home business policy should include: 

  • The purpose of the document;
  • Guidelines for request considerations – connectivity, role resources, role suitability and workspace; 
  • The frequency or period of this arrangement;
  • Guidance on the logistical or performance details, which may include attendance while working from home, communication and timeframes, home insurance needs, information privacy and security, safety and well-being and WFH expenses.

Items such as these will not only set a clear business requirements and objectives, it will also make it clear to employees what is expected from them to uphold the arrangement.

Required Documentation

I am not talking about paperwork for the sake of paperwork, but having some simple documentation to assist and protect your business and its people when adjusting to a work from home business. It is very important that, as a business, you understand your obligations when it comes to safety, and it is just as important that your team understands their obligations when entering into a work from home business arrangement.

Both the business and its people need to understand that work from home business arrangements are an extension of the workplace, and therefore all business policies and safety protocols will apply, albeit with some modifications. As a business, you have a few options to ensure that your staff’s WFH environment is safe and that the arrangement will not present additional risk to the business or the team member.

Conducting safety and risk assessments of the work from home business environment is a good place to start, and there are a few ways that this can be done. The first is by employing an external party who will conduct an in-house assessment of your staff’s WFH environment. Alternatively, you can have your staff complete a self-assessment that includes photographic evidence to support their self-assessment outcomes. These self-assessments should include such areas as ergonomics (chair, workstations and set-up); potential hazards (trip and slip); general walkways to common areas and exits; first aid; lighting (natural and artificial); work environment climate (air-conditioning, fans, fresh air); and location of power supplies.

The home working environment needs to be assessed as if it was an area in the workplace.

Communication

Communication is the conduit that brings all of this together. It’s the start of the process when the business introduces the work from home business arrangement. It’s the connectivity that the business will have with its people, it’s the checks and balances that managers will use to stay on top of their peoples’ outcomes, and it’s the best way to ensure businesses expectations are met and adequate support is being provided to the team.

The business should have – within its policy or setup within its teams, how people will connect and the frequency of these connections. At the start, this may be more frequent and as time progresses the frequency may become less. Ideally, contact and communication should still occur at least at the start of the day and once during the day, not dissimilar to how you’d greet your team at the start of each workday when you arrive, and chat casually or formally throughout the day. This will help remind staff that support is available if they need it.

There is an incredible variety of technology available to businesses these days. This includes platforms such as email, video conferencing, instant messages, use of collaboration software like MS Teams, Zoom, Skype and alike – and let’s not forget the good old telephone. Although not all of these platforms will be needed, it’s a good idea to review the communication needs of your business, the pros and cons of different software options and the volume of contact that your business will need when communicating with its people.

These three key points mentioned are only a guide to the endless possibilities that are available to assist in navigating the unknown in transitioning to a work from home business. It’s extremely important that organisations implement processes and systems that are right for their business. Take the time to ask questions, research and understand what value these changes will provide your business, especially in these unique times.

Authored by:


Brendon Croft
People, Culture and Capability Manager at Best Practice Softwar

Staying Cyber-Secure: Cyber Security Risks During COVID-19

COVID-19 may not be the only virus health organisations need to worry about.

The current COVID-19 crisis afflicting the world has changed the lives of billions of people. Forced into isolation in both our private and working lives, more employees than ever before are now working from home across most industries. With this major crisis leaving many hospitals and healthcare organisations on the edge of their breaking point and more vulnerable to serious technological disruption, it was almost inevitable that the technological vultures known as cyber criminals would soon be circling, looking to maximise profits against vulnerable, high-value targets.

The following article is intended to shine a light on some of the recent concerns surrounding cyber security during COVID-19 that are occurring around the globe, and will provide readers with some quick safety tips and resources for further information. All information provided is general in nature, as we are not IT security advisers, and recommend specialist consultation where possible.

The Current Situation – Cyber Security During COVID-19

Healthcare organisations have traditionally prioritised spending (and rightly so) on equipment and staff over ICT infrastructure, which has unfortunately led to healthcare organisations often being behind the curve when it comes to cyber security with the perception of being “soft-targets” to cyber criminals.

Australia is no exception, as illustrated by the well-publicised ransomware attack affecting multiple Victorian hospitals in October of last year (ACS, 2019).  Figures released by the Office of the Australian Information Commissioner (OIAC) showed the Healthcare provider sector to have the highest number of reported data breaches for the entirety of 2019 (OAIC, 2019).

A worldwide increase in serious cyber crime attacks against vulnerable health industry targets has prompted a tightening of cyber security during COVID-19. Interpol has released a purple notice to its 194 member countries warning of the increased number of targeted ransomware attacks (Interpol, 2020), and the World Health Organisation has also reported a two-fold increase in attempted cyber attacks; both on their organisation, and other organisations in countries such as Spain, England, America and Thailand.

A particularly severe event in the Czech Republic left a major hospital and COVID-19 testing centre without access to critical equipment, forcing the delay of surgical procedures and relocation of some patients to other institutions (Humanitarian Law & Policy, 2020).

Cyber Attack Vectors

Though ransomware/crypto attacks are often the most publicised methods of attack, increases in multiple attack types have been observed and warned against by numerous security agencies including the FBI, Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) to name a few (www.us-cert, 2020). Some of the more common ways in which attacks happen have been listed below.

Human/Social Engineering Risks

Regardless of the security posture of any organisation, and despite even the most robust IT systems, the weakest point in any infrastructure is always the user. Some common methods used to manipulate users into circumventing security controls are listed below.

Phishing

There is a reason phishing emails are such a common occurrence, despite “Nigerian Prince” type scams being the “oldest trick in the book”—people are still falling for them, so they’re still being used. In this context, likely scenarios are emails convincing users to open malicious attachments that steal personal information or install remote access trojans (RAT).

Emails can also convince the user to click links to malicious websites that mine the user’s IP address or install Remote Access Trojans.

Several recent phishing campaigns have been observed on our shores, with emails purporting to be from the WHO and Australia Post for the exact reasons listed above.

Business Email Compromise (BEC) Attacks

Closely related to the phishing, several email scams have been reported whereby users are conned into donating money to COVID-19 charities, including some purporting to be from the WHO.

An additional form of a BEC is a spoofed email pretending to be from one of the targeted business’s VIPs, directing an employee to provide passwords or transfer funds to different accounts.

Vishing

Closely related to the above voice phishing (vishing), is an impersonated phone call attempting to verbally achieve similar goals to phishing, by coercing a user into providing personal details, credit card numbers or browsing malicious web links.

Smishing

SMS phishing (Smishing) uses SMS messages for similar purposes to vishing.

Tech Support Scams

Tech support scams may take any of the above forms and usually involve a malicious actor attempting to convince a user that they need to “urgently” access their computer remotely to fix an issue, when in reality they are after computer access to install a RAT or otherwise cause harm.

Obtaining remote access to a target system is particularly effective in circumventing firewalls, as often rules are applied that ignore returning traffic if it was initiated inside the network. Meaning while a malicious actor can’t launch malicious traffic directly from an outside source, they can have a user initiate first contact and then gain access via the reply traffic.

Technical Risks

DDOS Attacks (Distributed Denial of Service)

There have been some minor increases in DDOS-type activities, where malicious individuals try to overwhelm systems with massive traffic volumes for botnet armies etc. Firewall policies can mitigate these as can most ISPs.

Software and Operating Systems

End of life or out of date OS software is always a security risk in organisations. Microsoft ended support for Windows 7 and Server 2008r2  in January of this year, meaning any newly discovered security vulnerabilities will not be patched in these operating systems and they should be upgraded as soon as possible.

Even the latest versions of operating systems are vulnerable without adequate security patching and up to date Anti-malware software.

Remote Access Technologies

The rapid expansion and increased reliance on work from home infrastructure, tools such as VPN appliances/concentrators, RDP endpoints, communications platform (Zoom, Skype) and remote access platforms such as Citrix, have exacerbated security risks and formed threats such as poor network design, configuration mistakes and out of date devices and software.

Several vulnerabilities were found to have been exploited in major vendor products including Citrix, Palo Alto and Fortinet. Likewise, an increase in phishing attacks centred around popular communications software products Zoom and Teams, where in some instances sessions were even hijacked by external sources.

A majority of these issues can be avoided, by merely ensuring OS, hardware and software products are up to date with the latest patches, and by using security controls such as strong passwords and two-factor authentication.

Risk Mitigation

With the increased in aforementioned risks, it is clear organisations and medical Practices should take steps to ensure they do not become victims as a result of lax cyber security during COVID-19.

Though by no means a replacement for specialist cyber security advice, some simple risk mitigation steps for the above threats include:

  • Stay abreast of current threats and trends. Links for some official advisories are included below.
  • Carefully read and ensure emails are from a legitimate source and don’t click on suspicious links or attachments.
  • Never give out account or personal information. Financial institutions will never ask you for passwords or account details.
  • Ensure you only use supported and up to date versions of operating systems and software, with particular emphasis on anti-malware products and communications. Outdated software is more likely to be a target for security vulnerabilities.
  • Ensure all remote access technologies are up to date with patches and monitor the vendor websites for notification of recommended updates.
  • Use strong, hard-to-guess password or better yet “passphrases”. “mydogsnameisspot” is vastly superior to “spot123”. HINT: Password1 (or similar) is not an acceptable password at any time.
  • Use two-factor authentication where ever possible. Though it can be frustrating at times, it is preferable to falling victim to a cyber attack.
  • Always ensure you have backups of critical data and systems, preferably offsite and encrypted. This is particularly important for Best Practice Software users. For details on how best to back up your Best Practice software, contact support.
  • Consult a cyber security specialist for tailored advice on cyber security during COVID-19.

This is a confusing and often daunting time, especially for those new to remote working arrangements, where the security and peace of mind of the office network is no longer present.

However, cyber security during COVID-19 starts with simple, manageable precautions that can and should be undertaken by everyone to ensure security for you and your organisation during this unprecedented time.

Security Advisory Services

Though by no means an exhaustive list, the following links are to official government security advisories for warnings, and should be monitored regularly for advice on cyber security during COVID-19.

Australian Cyber Security Centre
Australian Cyber Security Centre – Protecting Your Small Business
Department of Homeland Security – Risk Management for Novel Coronavirus

Authored by:

Mark Dexter Best Practice Software

Mark Dexter | Technical Operations Analyst
Best Practice Software

Mental Health in the Age of COVID-19

It is 3:00am and I am awake. Again.

This is the third time this week. I reach for my phone and open up my social media app where I scroll through the latest COVID-19 updates in a group of doctors that is 13,000-strong. My eyes frantically try to keep up with numerous graphs, projections, news stories and the impacts of compromised mental health during COVID-19. Scattered in between these are personal stories of frustration, anger or even complete denial of the scale of the problem.

By the time I manage to get to work and see my first patient at 8:00, my mind has already spent 5 hours ruminating about COVID-19. My eyes are dry and my shoulders already feel heavy. Surely this behaviour is unsustainable? A chat in the tearoom with my colleagues, sitting 1.5m away from me, reveal this phenomenon to be common.

As we find ourselves in the midst of a one in 100-year event that has upheaved our daily schedules, it is normal to feel stressed, worried or anxious. With rapidly changing government policies regarding work and play, isolation and uncertainty prevails over consistency, routine and social interactions. Many of us in the healthcare and technology industries, who are still able to work and have a steady income, watch in fear as those in the hospitality, retail and tourism industries lose their jobs and livelihoods. We worry about the future and about the economy.

Is the government doing enough?
Why did they let all those people off the Ruby Princess?
Are we doing enough to look after mental health during COVID-19?
Will there be a global economic recession or a depression on the other side of this pandemic?

Stress occurs when there is a perceived threat that is beyond our ability to control. When we are are stressed, there are physiological changes within our body that cause us to be more alert and vigilant. This is commonly known as the ‘fight or flight’ response. If the threat is continuous or persistent, those physiological changes can affect our emotional health and well-being in the form of anxiety.

Anxiety, much like a chameleon, can manifest in many ways. It can be as subtle as mild irritability and a reduction in concentration, to a more noticeable insomnia, early morning rising or reduced appetite, to full blown panic attacks with physical symptoms. This can be compounded by our current situation of physical and social isolation, that has become an mandated part of life today.

How Can We Deal With the Constant Strain on Mental Health during COVID-19?

The first step to coping is to accept that there are many variables that are completely out of our control, such as the duration of this pandemic; how many people will be affected; how others are responding to the situation and if there is enough toilet paper at the shops.

The second step is focusing on the variables we do have control over – such as our daily routine, finding enjoyable things to do at home, connecting with and supporting our friends, families and colleagues. Practically this may involve simple things like going for daily exercise in the morning, getting ready everyday, going to ‘work’ in a dedicated room and clearing it away when work has finished, having breaks, doing activities with the family, debriefing with friends and colleagues and switching off the news and social media. Some workplaces have created virtual ‘tea rooms’ or ‘water coolers’ in their respective meeting applications where staff can drop in at random times, as they would if in an office, and catch up with other colleagues whom they may not interact with regularly.

Of the above, daily exercise is proven to be the most effective intervention for stress at a population level. This is likely because sunlight and the natural hormones that get released during exercise can elevate the mood. For me personally, limiting social media and the news has also helped significantly as my brain gets a break from the constant negative stimulus after 7pm every night. Re-discovering the myriad of enjoyable things to do at home such as gardening, board games and reading, to finally getting through the decade old to-do list of sorting travel photos and decluttering, these activities have provided a welcome sense of achievement.

The link below is a great resource that explains how our normal worries can become excessive, and it provides some methods on how we can stop ourselves from progressing through a negative chain of thoughts that can lead to heightened risk to our mental health during COVID-19. There are also some practical tools included, such as an Activity Menu to keep occupied and a Decision Tree about how to prevent ourselves from overthinking things which are out of our control.

Click here to download a helpful PDF on managing stress and anxiety during this difficult time.

If these simple measures do not help to improve how you are feeling, then it may be time to check-in with your GP.

Authored by:


Dr. Fabrina Hossain
Clinical Advisor at Best Practice Software

Living the App Life – Our Journey Developing the Best Health App

Building the Best Health App has certainly been a journey. It’s progressed from an initial idea to countless workshops, engaging with our customers at the 2017 Bp Summit for feedback on desired features and functionality, a bit of external consulting, creating our own internal app team, starting a multiple stage testing process, and live beta sites, all before the public release.

Our journey started with an idea and vision to bring a patient’s health record right into their own pocket empowering them to take control of their health care journey. So, no matter where a person is travelling, they can always access their clinical information to improve the care that they receive.

This idea quickly gained traction as it also provides a completely new way for Practices and Doctors to engage with their patients and improve their overall relationships. It opens the door to the concept of Patient Experience (PX) and the first consumer facing product for Best Practice Software.

We engaged an external agency, experienced in app design, to ensure our technical design followed the latest industry standards, security models and technologies.

We then put together our own internal team which grew to six dedicated developers as well as additional supporting technical staff. The team works across both the Best Health App and Bp Premier Practice Management System ensuring a seamless integration between the two products. Our subject matter experts (SMEs) and the broader team across the business also played a pivotal role in identifying the product requirements for each feature.

Getting to public release required a highly collaborative approach across all areas of our organisation to ensure that we were ready to give practices the best possible customer experience. Training, sales, marketing, support and legal all had to come together for us to make the public release a reality.

Yeah Nah, Not So Simple…

Things are always more complex than they seem initially, and we have faced many challenges along the way that have required significant effort and collaboration by the team to resolve.

Challenges are opportunities and we welcome them.

One of the ongoing challenges is balancing out the integrated feature work between the Best Health App and Bp Premier. This required cross-team coordination to ensure the two products worked seamlessly together. As an example, we created a Patient Check-In feature in the app, which required substantial integration work to ensure we adhered to the patient identification criteria outlined by the RACGP and meets the standards of patient identification in Australia.

The messaging component between the Best Health App and Bp Premier provided many challenges. We started with a straightforward requirement for doctors to be able to send messages to patients that soon morphed into a complex exception management framework with identified points of failure and defined recovery methods. The result being a streamlined experience driven by preferred communication based on patient preferences. The Best Health App includes many types of messages such as appointment and clinical reminders, patient education material and practice notifications. This solution decreases overall messaging costs and creates savings for practices.

Privacy & Security

Security, privacy and storage of patient’s sensitive data is critical and forms the architectural backbone of the Best Health App.  The team engaged with security experts to solution a framework that met the security and privacy guidelines necessary for this type of patient app. The outcome is a platform that enforces Australian data sovereignty and ensures we are using the latest encryption methods and tools available. As testimony to all this hard work, we received a very high security score for the penetration testing that was conducted by an external party.

In addition, we completely remodelled the Patient Consent process to help manage Patient Privacy, giving patients the choice of communication types, they wish to receive. The Patient Consent process was part of the Bp Premier Indigo SP1 release and received a significant amount of positive feedback from external parties.

Exciting Times Ahead

It has taken us close to three years to get to this point where we are confident that we have the right architectural framework to ensure all bases are covered in respect to Practice and patient confidentiality and the security of all personal and clinical data. We have a solid foundational product that is clinically and technically safe and effective, upon which we can confidently build more features for Practices and patients to meet the growing need in the community to have greater flexibility and control over their time and access to clinical information.

With an ever growing percentage of people accustomed to doing almost everything online at a time that fits in with a hectic lifestyle, having a trusted app that connects patients to their Practices, where they can manage medical appointments, reminders and other clinical information in the one place can provide peace of mind and empower people to take control of their health care journey.

This is an exciting time for everyone involved and we cannot wait to release more features and continue to enhance patient experience for our industry.

Co-authored by:
Henry Vesander
Product Manager
Meg Gugenberger
Product Manager, Best Health App

Human-Centred Software Design – Why Does It Matter?

Human-Centred Software Design

Human-centred design and co-design are becoming the standard terms used when designing customer focused solutions. In fact, co-design is no longer used as tech company lingo, but it’s an approach increasingly used in the public sector. Just go to any medical industry conference and it’s difficult to avoid seeing a presentation that hasn’t been derived from a co-design approach.

So why is a human-centred design approach so important? One of the key mottos at Best Practice Software is ‘designed by a doctor, for a doctor’. This is a key pillar of our organisation. The key purpose of these design concepts is to better understand the evolving needs of your customers and the new challenges that come along with it. We strive to ensure that we address the correct needs of our customers as we build our next generation product, Titanium.

Medical software is an industry that has experienced rapid technological advancement. This transformation is only going to accelerate as we not only adopt cloud-based technology but all the latest advancements that come along with it such as mobile applications, shared health records, e-prescriptions, artificial intelligence, virtual reality, augmented reality and virtual health care services.

Speaking to Our Customers

In software development it is easy to become too feature focused instead of stopping for a moment to re-evaluate the problems we want to solve. Customers have always been at the heart of what we do at Best Practice Software and it has always been important to us to take our user-centered approach to another level with the development of our next generation of products, code-named “Titanium”. So, we decided to go out, speak to customers and listen to what they had to say about the challenges, problems and pain points that they face day-in and day-out in their practices.

We invited customers to a roadshow called “Connect and Evolve” and the purpose was literally to connect with our customers and discuss the evolving needs of their practices. In these sessions it was important to not start with designing solutions and features but to begin by listing out all daily, tasks, activities and routine work. We then started to establish problem statements and listing out time consuming tasks. After that we started to figure out ideal workflows and solutions to address these issues by putting all limitations aside in the technology that we use today.

We ended up with a tremendous amount of insight and feedback not only on the current needs of practices but also on the desired future state of working whether you are a provider, receptionist, a nurse or a practice manager. We are using this feedback in our product roadmap for Titanium and we have continued to speak to even more of our customers by showing prototypes and possible solutions to improve our day to day working life.

Understanding the Real Problems

One of the unique aspects in medical software is that users spend the entire day using the product. As a comparison, if you use marketing software, you only use it for parts of the day or in increments throughout a working day. In medical software you might not leave your screen all day, so designing a solution that understands these needs is absolutely critical.

As our industry and working environments continue to evolve rapidly, we also need to recognise and understand the changing needs and challenges that come with change. This may sound like an obvious statement but in order to drive innovation, it’s necessary to find a way to break the norm by introducing new ways of doing things. This is not an easy task when you speak to users that understandably do not want a disruption in their workflows. The last thing you want to do is force features down the throats of customers whether they like them or not. You need to give them value by delivering better usability, saving time, solving problems and ultimately helping them in improving patient care.

Applying New Technology and Prototyping

Does new technology solve old problems or does new technology create new problems? The reality is probably a bit of both. For instance, moving into cloud-based technology solves a lot of problems. It offers always-on technology available to any location you want to work out of and usually for any device you want to use it with, whether desktop, laptop, tablet or mobile. However, it also introduces a whole layer of complexity with the unknowns of having a stable internet connection, data security and using a browser instead of an application built for an operating system.

We help address these things through rapid prototyping, user testing, and agile development methodologies in our product design. We also conduct a significant amount of market research and learn from our mistakes and the mistakes of others in the industry. There are usually several different solutions or approaches to address a problem. The key is figuring out which is the most appropriate or most promising option to take or technology to choose from. We then prototype, speak to users, test with users, refine the solution, do the development work and complete the feature. For instance, the architecture of Titanium has been completely built from scratch using the latest API-agnostic platform structure to improve development time, scalability, cost efficiency and enabling more third party integrations for Practices.

Gathering feedback from our customers is a job that is never done. We are continuing to ramp up our development work on Titanium with a strong focus on customer experience (CX) and user experience (UX) by actively involving our Practice customers throughout the product design process. It’s a process that starts with the users and ends in a product built to address the current and future needs of our customers.

We value the input of our customers. If you have suggestions for functionality within Titanium, please share your feedback in our Forum, which can be found in the top menu bar of this website.

Authored by: 
Henry Vesander
Henry Vesander
Product Manager at Best Practice Software

Opinion: Supporting GPs & Health Professionals During Disasters

Aussies and Kiwis have endured a very challenging and distressing summer with the extremes of widespread drought, bushfire, volcanoes and flooding causing havoc and heartache to many communities.  We have witnessed greats acts of heroism and outpouring of support to those affected.  While debate rages about why our climate is changing, it is increasingly obvious that our community must prepare and learn to cope and recover from the inevitable and intensifying natural disasters.

Affected individuals and communities will need ongoing support for many years. I am in full support of RACGP President, Dr Harry Nespolon’s recent lobbying for health professionals to be involved in emergency planning and response at both state and federal levels, and to receive better support during the long recovery phase as they provide support to those impacted by disasters.

Here at Best Practice Software, we have a long history of helping where we can during the disaster recovery phase of major events.  For example, immediately following the 2013 major floods in Bundaberg, we loaned laptops and software to a local GP who was assisting local residents through the provision of healthcare to more than 2000 residents who had been evacuated from north Bundaberg.  This enabled the GP to send electronic summaries of consultations to the evacuees’ regular doctor to ensure a safe clinical handover of information.

But it is the long-term impact of disasters that cannot be understated.  And everyone in the healthcare industry will at one point interact with someone who has been impacted. 

It is welcome news that the Department of Human Services recently announced several new Medicare item numbers specifically for providing mental health services to individuals affected by the bushfires. These new item numbers have been added to the February Data Update for Bp Premier which will be available in the next week.

 Our partner Train IT Medical has also developed some timely and relevant FREE training, aimed at helping medical receptionists support patients affected by bushfires. 

These events are a timely reminder to all practices to ensure disaster management plans are up to date, and that all team members understand what to do to ensure the practice, team and most importantly, your patient’s precious health data is safe and protected. 

For more information, the RACGP has a range of relevant guides, or consult our Bp Knowledge Base for additional help.

       
Lorraine Pyefinch | Director
Best Practice Software