Cybersecurity Best Practices – Keeping Your Data and Systems Safe

Cybersecurity | Password protection

Cybersecurity is the practice of defending servers, computers, mobile devices, networks, and data from malicious attacks. Cyber threats continue to evolve at a fast pace, with a rising number of data breaches each year. In fact, according to the Australian Cyber Security Centre’s Annual Cyber Threat Report from 2020, between the 1st of July 2019 and 30th of June 2020, the ACSC responded to approximately 164 cybercrime reports per day. That’s roughly one every 10 minutes.

Historically, medical Practices and public entities experience the most breaches. These sectors are more appealing to hackers because they regularly collect lots of personal information, financial records and medical data.

Following simple but effective cybersecurity best practices can ensure your data is safe from unauthorised access.

Different Types of Cybersecurity Threats

There are a wide range of methods that hackers can use to illegitimately gain access to your Practice’s information. Listed below are some of the more common methods which you may have heard of.

  • Ransomware – Ransomware is a type of malicious software designed to hold files or data ‘hostage’. Once a Practice’s computer system has been compromised, patient files are inaccessible until a ransom is paid. Paying the ransom does not guarantee that the data will be recovered.
  • Phishing – This is the practice of sending fraudulent emails that resemble emails from reputable sources. Phishing attacks often target individuals with emails that look like they’re from your bank or financial institution. The aim is to steal sensitive data like credit card numbers or account login information. It is the most common type of cyber-attack.
  • Social Engineering – Social engineering is a tactic that hackers use to trick you into thinking you’re speaking to a representative from a legitimate organisation, and then getting you to reveal sensitive information. Social engineering is often combined with the methods listed above to make you more likely to click on a link or hand over sensitive data.

IT Security Tips for Practices

The first thing you can do is establish a security culture within your Practice.

The weakest link in any computer system is the user. Protecting patient data through good security practices should be second nature, similar to the Practice’s sanitary measures. Ensuring that your staff are familiar with your cybersecurity measures and how to identify a cyber threat makes your Practice more secure.

Keep Your Practice Software Updated

Taking your entire system offline to perform software updates is a daunting prospect.

However, neglecting to get the latest version of your software leaves devices significantly more vulnerable to attack. Furthermore, any security patches that come with an update will be unavailable to you. Hackers will take advantage of complacency and can remain undetected in an out-of-date system far easier than in systems with the latest software updates.

Maintain Secure Access to Patient Data

You may have seen media reports of victims whose private information was stolen by hackers. Failing to keep your patient data secure can be catastrophic. Hackers can use data from your patient records to commit identity theft and access patient bank accounts.

It is important to control access to patient records and only allow authorised personnel to have access to their details. Have a system in place to audit your system, and regularly verify who accessed which patient records, and when. It’s also important to promptly remove system access from staff who have resigned, or have been terminated.

Computer System Maintenance

Over time, operating systems tends to accumulate and catalogue old information and redundant data unless regular maintenance is performed. Just as your medical supplies must be monitored for expiration dates, material that is out of date on a computer system must be discarded or archived.

Some things you can do to ensure you’re following cybersecurity best practices with regards to computer maintenance are:

  • Ensuring user accounts for former employees are disabled.
  • Computers and other storage devices that have had data stored on them are sanitized before disposal.
  • Old data files are archived for storage, or cleaned off the system if not needed, subject to data retention requirements.
  • Software that is no longer required is removed from the computer, this includes trial software and any outdated versions of software.

Installation and Updating of Anti-Virus Software

A common way that hackers can access a computer system in a medical Practice is through viruses or malicious software (malware). In addition, computers can become infected by seemingly innocent sources such as email links, USB drives, and web browser downloads. It is important to use a product that provides continuously updated protection, and ensure your staff know how to recognise when your anti-virus has detected something suspicious.

Controlling Access to Patient Information

Familiarise yourself with role-based access permissions, where a staff member’s role within your Practice (e.g., doctor, practice manager, nurse) determines what information they have access to. Care must be taken to assign staff to the correct role within your Practice. Having well structured role-based permissions ensures that your staff can only access what they’re supposed to, which ultimately improves your Practice’s IT security.

Create Strong Passwords and Change Them Regularly

Passwords are often the first line of defense against unauthorised access to your Practice’s computer systems. Although strong passwords will not prevent attackers from trying to gain access to your network, it can slow them down and even discourage them altogether.

Using easy-to-guess passwords or sharing passwords between applications and logins significantly increases your Practice’s risk and vulnerability. Using the same password for multiple logins presents an incredibly high risk. If a hacker gains access to one account, they gain access to all of them. This can have a devastating flow on effect, not just for your Practice, but your staff’s personal lives as well.

Your staff should be aware that legitimate organisations will never ask for their password over email or messaging service. For maximum password security, employ the use of a reputable password storage system.

Strong passwords are ones that are not easily guessed. Hackers will use automated methods to try to guess a password, and so it is important to choose a password that does not have characteristics that could make it vulnerable.

Strong passwords should not include:

  • Words found in the dictionary.
  • Personal information such as birth date, your name, or pets’ names.

Some examples of strong password characteristics:

  • At least eight characters in length.
  • A combination of upper case and lower-case letters, one number, and at least one special character, such as a punctuation mark.

For many Practices, consistently reviewing and updating IT security measures can sometimes feel a little tedious. However, training your Practice in strong IT security habits is essential when it comes to protecting sensitive patient data.

While it may not be practical to enact all of the above cybersecurity best practices all at once, each of them can be implemented incrementally, and each of them will secure your Practice’s systems as you institute them.

Authored by:

cybersecurity best practices michael porter avatar

Michael Porter
Analyst & Developer at Best Practice Software

2020 Mental Health | COVID-19 – A Year In Review

Mental Health 2020 Blog Article Image

Our mental health is something that we’re all aware of, but far too often we don’t do enough to look after it. Mental health during COVID-19 has been something that deserves far more attention than many of us have given it.

If someone asked you to list five words that described how you feel about the year 2020, what would you say? How different would they be, compared to describing your feelings about previous years? Maybe you cannot settle on five words, you keep swapping out one for another as you go through the extent of what has occurred this year.

Twelve months ago, Australia was in the midst of fighting the most extensive bushfires in recent times, colloquially known as Black Summer. The expanse of devastation and death of one billion wildlife animals generated worldwide support and acknowledgement. Australians and International supporters rallied to raise money to assist those affected by the bushfires and frontline firefighters were the heroes of our nation.  The resilient Australian spirit kicked in and individuals, families and communities faced the mammoth task of rebuilding and hoping to return to a normal life. Towards the end of the bushfires, storms and flooding affected some parts of NSW, which was a relief for those suffering from some of the still-burning fires, but introduced more stress for communities that were already exhausted by the bushfire crisis.

Within a month of the flooding and weeks of the final fires being extinguished, the World Health Organisation declared COVID-19 a global pandemic, and Australia began shutdown measures. Australians began living under strict lockdown rules and restrictions that have not been experienced in more than a century.  International travel to and from Australia was limited with many people still trapped overseas. People were afraid of being locked in their homes without food and supplies so supermarket shelves were stripped bare due to panic-buying.  Non-essential services were closed which led to economic and social stress; this saw the cessation of all forms of entertainment, sport, pubs, cinemas, and houses of worship.

Travel within Australia was restricted by internal domestic border controls which caused distress and further strain on mental health during COVID-19 for people separated from their family and friends. Businesses were encouraged to work remotely where possible, and online commerce escalated. Schools were closed and all students were introduced to eLearning which suited some but caused many students and families additional stress. Frontline health care workers became the new heroes of our nation, while acknowledging the efforts of everyone involved in essential services such as emergency personnel, teachers, food supply chain personnel, and cleaning services.

Healthcare organisations and aged care residences restricted entry to visitors, so much so that children could not visit patients, family could not visit their elderly family and women who had birthed were not allowed visitors, including the other parent of the newborn. Not only did these restrictions heighten the strain on mental health already being felt by those affected, but people were also afraid to go to healthcare organisations, in case they became infected themselves.

The Psychological Consequences on Mental Health during COVID-19

The following emotions and numerous others may be experienced by people during the COVID19 outbreak: anger, annoyance, anxiety, confusion, depression, distress, distrust, fear, frustration, helplessness, hopelessness, isolation, loneliness, panic, sadness, uncertainty, and worry.

  • People:
    • In affected communities following the Black Summer bushfires were in a heightened state of anxiety and struggled with additional uncertainty, and were prone to more stresses on mental health during COVID-19.
    • Are afraid of infection, either getting themselves sick or infecting others, especially the elderly and vulnerable.
    • Worry about not having enough information, or being given the wrong information, therefore high quality, factual information should be accessed from a trusted source.
    • Experience a variety of stressors, such as financial stress from losing or having reduced employment or retirees’ superannuation funds decreasing; limited social contact leads to feeling isolated, lonely, and not socially connected.
    • Who are isolated or quarantined, including the elderly and vulnerable population, feel combinations of any of the emotions, particularly depressed, confusion, frustration, anger, boredom, lonely and become worried about having inadequate supplies.
    • Those with pre-existing anxiety disorders, depression, post-traumatic stress or health anxiety are at risk of experiencing higher anxiety levels and poorer mental health during COVID19, and may require additional psychological support during this time.
  • Health care workers have experienced increased anxiety and can feel overwhelmed due to possible direct contact with affected patients, lack of personal protective equipment, increased workload, and changing their care delivery from in-person to telehealth.
  • Students impacted by changing to and from online learning, as well as individuals working remotely from home can experience distress, anxiety, frustration, uncertainty, confusion, worry and become depressed.
  • Families have faced numerous challenges including working remotely while supervising children and students, being geographically separated, or denied contact with elderly family members. Family events have been impacted such as weddings being postponed and being unable to attend funerals. Family and domestic violence, and child abuse has escalated due to increased household tension, cabin fever, isolation, increased alcohol consumption, and stress. The pandemic is another barrier for people who are exiting abusive relationships, where women and children are forced to remain in violent and unsafe homes.

Think back to those five feelings of 2020 that you identified earlier, and which would you swap out regarding your hopes of 2021? Have you replaced distress with acceptance; fear with determination; isolation with feeling connected; fear with hope; or are you stuck and not optimistic about the future?

Looking After Yourself and Coping With the Rest of 2020

1. Look after yourself physically and mentally
After a year of challenges and uncertainty as to when the pandemic will end, current life in Australia is the new normal. At any time, restrictions and health directions may be lifted or imposed so here are some practical things that you can do to help your mood and reduce stress levels. You’ll cope better if you place importance on getting quality sleep, eating healthy, exercising daily, attending to physical health issues, having regular periods of relaxation, ensuring regular self-care and reducing alcohol consumption.

2. Live in the present
The uncertainty of the future and concerns whether life will return to pre-COVID normal, can cause varying levels of distress. Focusing on living in the present and taking each day as it comes will reduce the distress about the future and increase appreciation for current activities.

A simple mindfulness exercise is to notice what you are experiencing right now, whether it is doing a task or doing nothing, and using all of your five senses: sound, sight, touch, taste, and smell.

Take a few slow breaths and ask yourself:

What can I hear? (for example, clock on the wall, car going by, music in the next room, my breath)

What can I see? (for example, this table, that sign, that person walking by)

What can I feel? (for example, the chair under me, the floor under my feet, my phone in my pocket)

What can I smell? (for example, flowers in the room, air freshener, the soap on my hands)

What can I taste? (for example, my tea, a cracker, a grape, nothing)

Think of these answers to yourself slowly, one sense at a time and you will be mindfully present.

3. Allow yourself to grieve for what has been lost or what you wish you had
Border closures, restrictions on gatherings and physical distancing requirements mean a lack of freedoms that we took for granted pre-COVID. For many, this means separation from family and friends, an inability to travel, being unable to celebrate events how you would like, and feel lonely, isolated and disconnected.  It is normal to feel sad during this time as grieving for the loss of something or someone confirms that it, or they, are important to you.

4. Be flexible and creative
This year the Christmas and holiday period will not be the same as previous years due to COVID restrictions. At any time, restrictions and new health directions are enacted so expectations need to be flexible, which may be difficult to accept. Identify what is the most significant aspect of this time or event and find a way to maintain it. This might require some creative problem-solving such as moving an event outside, have multiple smaller gatherings or include a digital option.

Everyone has been affected by the challenges of 2020, either directly or indirectly, so people need to acknowledge that everyone is feeling a degree of stress. It is important to not expect too much and be kind to yourself, also, think about what you value in life. Be kind and tolerant of others as you do not know how they have been affected by this year. If you maintain good physical and mental health during COVID-19, and accept the future for what is, the resilient Australian spirit will cope with adversity.

If at any point you feel overwhelmed and unable to cope, please contact Lifeline (13 11 14), Beyond Blue (1300 22 4636), your local GP, or a mental health professional for support and assistance.

Authored by:

Gina Clement Avatar Picture

Gina Clement (MProfPsych, MMid, BNsgInform, DipHlthSc(Nsg)
Provisional Psychologist and Product Manager at Best Practice Software

Active Areas of Implementation for ePrescribing

ADHA Active Implementation Areas ePrescribing

UPDATE: Please note as of January 2020, all Practices can begin using ePrescribing. ePrescribing has been turned on by default with our latest release, Saffron.

In partnership with the Australian Digital Health Agency (ADHA), Best Practice Software has been gradually rolling out Active Areas of Implementation for ePrescribing since August.

The table below provides a comprehensive list of all suburbs that have been deemed Active Implementation Areas for ePrescribing by the ADHA, as of 15 October.

This means that Practices within these areas are able to download the ePrescribing Utility File from our download page  and begin using eScripts within your Practice.

Active Areas of Implementation for ePrescribing

ion Region Definition of Active Geography Population
 Victoria n/a  All of Victoria  6,460,675 
Australian Capital Territory n/a  All of ACT  420,960 
New South Wales Armidale  The Armidale Regional Local Government Area  29,059
Newcastle  The suburb of Mayfield in Northern Newcastle  9,314
South Coast

The suburbs of: Bomaderry, North Nowra, Nowra, South Nowra, Terara and West Nowra. The suburb of Moss Vale & The Municipality of Kiama. 

 Sydney The LGAs of: Bayside, Blacktown, Burwood, Camden, Campbelltown, Canada Bay, Canterbury-Bankstown, Cumberland, Fairfield, Georges River, Hornsby, Hunters Hill, Inner West,
Ku-ring-gai, Lane Cove, Liverpool, Mosman, North Sydney, Northern Beaches, Parramatta, Penrith, Randwick, Ryde, Strathfield, Sutherland Shire, Sydney, The Hills Shire, Waverley, Willoughby, Woollahra.
 Queensland Central Highlands The Central Highlands Regional Local Government Area  29,650
 Brisbane  The suburbs of Camp Hill and Inala  31,669
 Bundaberg  The suburb of Bargara  7,485
Central Highlands The Central Highlands Regional Local Government Area 29,650
Brisbane The suburbs of Camp Hill and Inala 31,669
Bundaberg The suburb of Bargara 7,485
Townsille The suburb of Garbutt, Rowes Bay and Belgian Gardens 7,107
Hervey Bay and Marborough The postcodes of 4655, 4650, 4662 and 4659 79,355
 Townsville The suburbs of Garbutt, Rowes Bay and Belgian Gardens  7,107
South Australia  N/A  All of South Australia  73,836
Western Australia Metro Perth  The suburbs of Port Kennedy and Woodlands  17,922
Country WA The Kalgoorlie/Boulder Local Government Area and the Shire of Denmark  35,904
 Tasmania  Northern Tasmania The Central Coast,
Launceston and Devonport Local Government Areas
Northern Territory Northern NT Palmerston City  33,695

Work From Home Arrangements: How to Effectively Manage Your Practice Team

Working From Home Arrangement Blog Image

You may never have contemplated work from home arrangements until 2020 – and all its challenges – arrived and interrupted our lives.  Businesses like ours – whether it be medical practice, allied health providers, medical specialists, or those businesses (like Best Practice Software) who support these medical professionals – haven’t traditionally embraced work from home options, but many are now exploring its benefits.  Well before the COVID-19 pandemic, though, members of the Best Practice team were well rehearsed to effectively work from home and prepared for a quick and seamless transition when it was no longer an option but a business requirement.

If you’re planning to shift your Practice team to work from home arrangements – due to responsible COVID-19 response planning, or for any other reason – you might find it helpful to have a simple, clear, and documented approach to how and why your team can shift to home-based work. I preface this with my opinion that good policy is not designed to help you find a way to say ‘no’ – instead, it’s there to help you protect your business by managing your risk so you can (responsibly) say ‘yes’ more often.

Here are five quick policy ideas to support a successful transition to work from home arrangements: 

  1. Acknowledge which roles are suited, and which are not.
    Your policy might identify that some patient-facing, team/product/project-leading, clinical, and executive roles are not suited to work from home arrangements due to the nature of the duties and the need to participate within, and contribute to, the clinic/work environment. But it should identify your process in assessing the nature of the work to be undertaken, the role priorities and required project outputs, the likely effects on work teams, patients, customers, product, and support services, and the skills/abilities of the employee to support a successful work from home arrangement. 
  1. Ensure a review of the suitability of the home-base environment.
    Your policy should identify that the home-base is an extension of work, and your process should enable the employee to self-assess and submit (for your approval) a documented review of the appropriateness of their home office – ensuring it’s a safe, healthy, and productive work environment. Provide your employees with a checklist of minimum requirements, including a dedicated private workspace, appropriate chair, minimum internet speed, safe environment free from trip and electrical hazards, etc. This is not an administrative or record-keeping exercise – but a way to extend your sensible business approach to employee health, safety, and wellbeing. 
  1. Outline the expectations and responsibilities of the home-based employee. 
    Working from home responsibly requires both parties cooperating fully, and your policy should identify the responsibilities of the employee to make this arrangement work. I believe it all starts with good communication. Clearly outline your requirements for regular (preferably sunrise/sunset) briefings, forward work plans, escalation protocols, and mechanisms to support productivity and accountability, and your expectation that people regularly engage with their leader on important work matters. Ensure your people understand your expectations on the submission of project updates and timesheets, and their connectivity to your network, and their availability for your patient/customer/vendor enquiries, and for active participation in regular team meetings. 
  1. … but also outline your responsibilities as a sensible employer. 
    That two-way commitment to making working from home a success also means your policy should outline the appropriate business and connectivity tools you’ll provide the home-based worker, including the minimum standard PC and peripherals, hardware, software, and network connectivity according to the role type. You should also outline your approach to reimbursing reasonable employee expenses incurred in the arrangement – for instance, whether you’ll reimburse internet service fees and data use. Also consider how you’ll support their printing, copying, and shredding costs, and your expectations on minimum home contents insurance to cover your PC equipment. 
  1. Protect your existing security, privacy, and data protection commitments. 
    If you already adopt a strict security, privacy, and data protection approach across your Practice/business (which you should), I’d ensure you extend this approach to approved home-bases. That is, your policy should apply your data privacy principles which might govern steps to protect records of a restricted, sensitive, proprietary, or confidential nature to extend to the home office, and outline your requirement that PC equipment has an activated firewall and anti-virus definitions up to date before leaving your building, and sensitive records are kept locked and protected if away from the office. It’s a good idea to also stipulate that any breaches of your security, privacy, and data protection policies and procedures should be reported/escalated immediately to ensure appropriate business response.

Above all, I believe that effective work from home arrangements are based on mutual trust between employer and employee, and good communication. However, if you’re questioning whether an employee will be productive while working from home, you probably need to question whether they’re just as productive while at work and sitting outside your office.

You’re very welcome to connect with or follow me at https://www.linkedin.com/in/craigahodges/, where I share my insights on organisational governance, leadership, engagement, and business strategy.

Authored by:

Craig Hodges
Chief Corporate Officer at Best Practice Software

Putting the Puzzle Together – The Role of a Product Manager in Software Development

Blog Header Image - Shar

I often get asked what it is that I do for a living. Ordinarily, when I answer that I’m a Product Manager, most people give me a blank look – and I realise that I need to explain the role of a Product Manager – who we are, and what we do.

Product Management is an essential part of the software development process. While we might not be the captains of the ship, we have a hand in the steering of it. If you like puzzles and solving problems, then it’s possible that Product Management is a role you may enjoy.

Most of the time, I find myself trying to figure out how to get the puzzle pieces to fit together to create a viable release. Some days I feel like I am trying to squeeze that last item into the back of the car before a road trip.

Product Manager Car Stack
It can feel a bit like this sometimes.

We are the touch-point between the Commercial, Support and Development teams in our business.  We are listening out for industry news, looking forward to where we can take our product next. We are listening to our customers, looking to see what you need and what we might be able to do to make your working day easier.  Maybe there is a pain point in the software that needs some love. We’re constantly looking to find out if there something new in the marketplace that our users would like to see in our software, or if we can introduce something new to the market.

My favourite part of this job is solving a pain point for our Practice users and making a workflow easier for them to use. We take that pain point and see what is missing, or what we have that can be enhanced to improve outcomes.

Product and Feature Requests

Reviewing enhancement requests that our users send through is another significant part of my role.  On average, I receive 3-5 requests daily for feature enhancements, or for totally new features. Of these requests, some are straightforward, and it is clear as to what the user wants to achieve.  Other times, I know our software does what the user is asking for, so I assist by explaining the process.  Depending on the request, I might organise to speak with a Practice directly to better understand the issue.

Each enhancement request is reviewed by a wider team to see if the work is viable, and to determine how beneficial it would be to our user-base. At this point, the ticket is either accepted, and the feature is added to an upcoming release, or it may be rejected. It might also be bundled with a number of other similar requests to help enhance a feature overall.

From here, I organise meetings with the Development team and break the requested feature down into smaller, more bite-sized tasks.  The Development team look at it and figure out what needs to be done, and how long it will take to do it.

Then I start to arrange the puzzle pieces and work out which features are going to be included in an upcoming release.  A release is generally made up of a number of features – some requested by our users, others driven by government.  They can be time-critical, where we are required to build a feature to a deadline.  They also can be driven by environmental factors – like the current COVID-19 pandemic.

The challenge, then, is to work out the priorities of those items within the release. These are aligned with the following areas of our business:

Product Manager Graphic

I then do some more planning, and then just for something different, I plan some more.

Our development team then take the reins, and they work off the priorities set by the Product Manager.  The work is organised into two-week blocks that we call sprints.  We have a daily stand up meeting to touch base, update the team and look at any immediate priorities that have come up in the interim. There can be any number of sprints in a release.  Historically, we have had larger releases, but we are currently aiming to re-focus on shorter releases.

The Testing Cycle

Once we reach the end of the development period, we send a build out to a group of practices who install it in their Practice and put it through its paces in a live environment. They will let us know if any issues arise from the build.  We call this the Beta cycle.

This cycle can be short or quite extensive, depending on how many issues are identified in the beta build of the release. As we fix each bug in a build, we push a new beta build out to Practices until we’re confident that the release is functioning without issue.

The last stage before public release is to produce what is known as a Release Candidate (or RC for short). The RC process is generally quicker, as by this stage we hope to have all major kinks ironed out. This build is then a candidate for release.

While this is all happening, we are working with other teams within the business to make sure that our internal team is trained in any new features, our marketing for the release is on track, our sales and support teams are ready and our training is organised and documentation prepared.  The role of a Product Manager involves a lot of puzzle pieces.

I keep the team updated on the progress of our Beta/RC builds so that everyone is aware of when a release is scheduled.  Even with the best laid plans, I still need to juggle what makes it into the finished products. I need to balance time and resources to determine what can reasonably be included.  Sometimes, a feature might be more complex to implement than initially thought; other times we’ll have priorities change at very short notice – meaning we may have to bump a feature into our next build.

While this is all happening, I’m constantly looking forward to the next 3-6 months to see what is coming up and what needs to be planned for future releases.

So, what’s the takeaways from all of this?

To fill the role of a Product Manager, you need to be able to balance many different requirements, and be acutely aware of your users to ensure you’re providing them with a product that they are happy to use.  The role of a Product Manager is a challenge, but if you’re cut out for it, a challenge well worth the effort.

Authored by:

Shar Trewben
Product Manager at Best Practice Software

Software Updates: Debunking Myths and Concerns

Debunking Software Myths

As a support team, we understand many of the challenges faced by Practices in order to keep current with software updates. In fact, at time of writing, only 36.4% of Bp Premier customers are running on Jade SP2, the latest version of the software.

All too often we hear similar reasoning as to why Practices aren’t taking the important step of updating their software. Today we’ll go through a few of the common myths and concerns we get surrounding updating Bp software, and provide some insight into why they may not always be correct.

Myth: Software Upgrades Cost Money!

While occasionally true in rare instances, such as a Practice needing an IT professional to assist with an upgrade, the majority of users should be capable of installing an update with the assistance of a simple upgrade document which is available on our Knowledge Base. Our software updates also come at no cost to your Practice – they are completely free!

Most of the time, the only thing an update requires is a bit of patience, and the following of a step-by-step guide.

Myth: An Update Isn’t a Priority – It Can Wait for a While.

Again, this is true in some cases but it’s important to make an informed decision. By regularly reviewing the Release Notes available on our Knowledge Base, you’ll be able to identify the features, fixes or regulatory changes which may positively benefit your Practice. It’s important to note minor issues may not be listed in our release notes.

Leaving or not prioritising updates can end up burning more time in a variety of ways. You may miss out on things like Medicare adjustments, bug management or new features and functionality. The best course of action is to stay up to date and have the latest drug update installed.

Myth: Only Need to Patch My Software Once.

Patching occurs in a combination of data updates and product updates, and is the fluid process of updating ever-changing security and regulatory requirements, in addition to bug fixes. We suggest patching as often as possible to ensure your system has the latest features, information and fixes.

Myth: It’s Only a Small Update, So It’s No Big Deal If I Miss It.

Small or large, all updates should be reviewed to see how they may benefit your Practice. Remember that an update may look small, but could make a meaningful difference to the day to day functioning of your Practice.

A good example of this is our upcoming Jade SP3 update. While Service Pack (SP) updates are typically fairly small, SP3 includes ePrescribing functionality, which is anything but minor! If you were to dismiss SP3 as ‘only a small update’, you’d be missing out on this crucial functionality.

Myth: Nobody is Available to Help Me Upgrade!

Best Practice Software offers a variety of update documentation on our Knowledge Base. For any additional update queries, our Support team is here to help.

We have 53 Support Specialists spread across three locations that are ready and willing to assist you with updating your software, or to help resolve any issues you encounter along the way. On average, our Support Specialists answer 8,759 enquiries each month, so you’re in very capable hands!

You can contact our Support teams by calling us at 1800 401 111 or emailing support@bpsoftware.net.

What is Sunsetting?

Best Practice Software regularly provides new releases of our software. These new releases include mandated regulatory requirements and a range of software improvements including updates to functionality and security, and fixes to known software issues.

However, regular software releases present an increasing challenge to our Support team who continue to support customers using older versions of Bp Premier.

As a result of this, we have introduced sunsetting – which is ending support for previous versions of our software in an effort to remain knowledgeable on up-to-date versions.

If you have any further questions regarding updating your software, please get in touch.

Have a question? Need assistance with a software update? Call us on 1800 401 111 or email support@bpsoftware.net.

Authored by:

Michael Toulsen
Lead Support Specialist at Best Practice Software

Time to Take Your Blood Pressure Pills!

Blood Pressure Medication

Historically, when single dose blood pressure medications were commenced, patients were advised to take them in the morning. This is because blood pressure follows our natural sleep cycle and dips when we are sleeping and rapidly rises in the morning when we get up. It was thought that taking medication in the morning would provide the most benefit as it would reduce that initial increase in the morning.

At the end of 2019, the results of a large study that looked at bedtime dosing of blood pressure medication were published in the European Journal of Cardiology [1]. The study looked at 19,000 patients in Spain in a primary care setting, and it compared the cardiovascular outcomes between those who took their medication at night and those who took it in the morning, with a mean follow up of just over 6 years. The study found a significant improvement in the outcomes of those who took their medication at bedtime with a reduction in the number of heart attacks, strokes, and heart failure in that group.

The study itself was quite comprehensive and had a good follow up period of 6 years. It is important to note that they only included patients in the study if they did not have any history of pre-existing kidney failure, heart failure, retinopathy, abnormal heart rhythms or alcoholism, and they did not include shift workers. They also did not include pregnant patients or those with secondary hypertension. The authors split the groups in half and had one group take all of their medications in the morning, and the second group take all of their medications before bed. 

Patients’ blood pressure control was monitored during their GP visits in addition to doing an annual 48-hour ambulatory blood pressure test. This test involves wearing a blood pressure monitor for 48 hours with BP check every 20 – 30 minutes to get a good picture of the blood pressure fluctuations over a 48 hour period.

The authors found that those taking their medications at night had overall better control of their blood pressure in addition to needing fewer medications to keep to the recommended targets. The study also found that there was a 45% reduction in cardiovascular events such has heart attacks, angina, strokes and heart failure in the group who took their medications at night. Moreover, they did not find any adverse events to occur in that group.

There have been some other smaller studies that have also looked at morning versus bedtime dosing of blood pressuring lowering medications [2], which showed better blood pressure control without any adverse effects of taking blood pressure medications at night. However, there have been a number of small ophthalmological studies that have shown a detrimental effect for those with certain eye conditions if their night-time blood pressure drops too low [3], or if they take their blood pressure medications at night [4].

To date, there have not been any changes to the current Cardiology or Heart Foundation guidelines to routinely recommend changing patients over to bedtime dosing. However, for some patients the benefits would clearly be substantial.

Before changing over to bed-time blood pressure medication dosing, it would be a good idea to discuss with your GP or Cardiologist if this is suitable for you.

Authored by:

Dr. Fabrina Hossain
Clinical Advisor at Best Practice Software



[1] https://academic.oup.com/eurheartj/advance-article/doi/10.1093/eurheartj/ehz754/5602478
[2] https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4091949/
[3] https://pubmed.ncbi.nlm.nih.gov/8172267/
[4] https://pubmed.ncbi.nlm.nih.gov/22424547/

Enhanced Secure Messaging – the Path to Interoperability

Secure Messaging Interoperability

A core part of healthcare in Australia today is communication between healthcare providers. However many of these sensitive communications are taking place via unsecure channels, or through channels that aren’t compatible, leading to a breakdown of communication, poor health outcomes and inefficiencies.

To solve this challenge, a national initiative has been introduced to transform the way health information is exchanged in Australia. A key goal of the initiative is to equip healthcare providers with the ability to communicate with other professionals utilising secure messaging via their integrated practice management system. This will result in reduced dependency on unsecure channels such as paper-based correspondence, fax machine or post.

Here’s what you need to know about secure messaging – what it is, why it’s important, how it will impact practices and the timeline for implementation.

What is Secure Messaging?

Secure messaging enables the encrypted electronic exchange of patient healthcare information between healthcare providers. Point-to-point delivery of messages such as discharge summaries, referrals, requests and results represent the typical use case.

The electronic message is encrypted by the sender and decrypted by the receiver and therefore cannot be read if intercepted in transit.

Software vendors and their solutions, built to facilitate secure message delivery, are well established in Australasia, some with over 25 years in the market.

It’s fair to say that the majority of practices have had some exposure to secure message service providers (eg, Telstra Health Argus, Healthlink, Medical Objects and ReferralNet) and may even have more than one service enabled.

Why Does Secure Messaging Matter?

In a shared care environment, where it is necessary to exchange healthcare information, secure messaging ensures that the highest level of security and privacy is maintained. Protecting a patient’s sensitive, healthcare information and in alignment with the Privacy Act 1988. In addition, the benefits of exchanging data electronically and securely include speed, efficiency, lower risk and reduced cost.

A collaborative, nationwide approach to unify secure messaging providers is crucial to providing a seamless healthcare journey for patients, and for enabling simple and easy communication amongst healthcare providers.

Isn’t Secure Messaging Already In Place?

Imagine for a moment if our telephone service providers weren’t interoperable, for example your phone network wasn’t able to call someone you know who subscribes to another phone network. How effective would our telephone system be if this were the case? To date, we are in somewhat of a similar situation with secure messaging.

Despite the widespread adoption of secure messaging, the individual secure messaging service providers have approached messaging differently, resulting in incompatibility in many instances. The lack of interoperability has resulted in fragmented systems and communication.

Furthermore, messages and referrals generated by practitioners are often limited to providers listed in their local address book or directory, making it time consuming to locate contact details for providers outside their normal referral network. The above method also relies on the provider information being kept up to date by the practice, often leading to inaccurate information, possibly even providers that are no longer in operation.

What is Changing?

The Australian Digital Health Agency is leading a program of change, to enhance interoperability standards for secure messaging. This initiative is in direct support of the National Digital Health Strategy, to reduce barriers to using secure electronic exchange of health data and ensure interoperability between technologies. Two key changes will take place as part of this initiative.

First is the introduction of a federated provider directory capability, enabling clinical information systems and secure messaging delivery systems to search cross-directory to find accurate, trusted and validated healthcare provider electronic addresses.

Second, software providers are enhancing the message exchange format to meet an agreed standardized specification for message content – streamlined to improve interoperability across disparate service providers and clinical systems.

How is Best Practice Software Getting Involved?

Best Practice Software has actively participated in the collaboration between software providers and government bodies, to define interoperability standards for secure messaging solutions.

The development to enhance secure messaging and be conformant to the ADHA specification is currently in testing phase and the enhanced functionality will be available in Bp Premier Saffron and VIP.net Ruby SP3 in the coming months.

When Will Enhanced Secure Messaging be Available More Widely?

There are 42 software organisations taking part in the ADHA secure messaging enhancement initiative, the change program is scheduled to conclude this October so there are certainly exciting times ahead for improved data workflows and efficiencies!

Authored by:

Monica Reed






Monica Reed
Manager, Commercial & Customer Enablement at Best Practice Software

Practice Management and the Imperatives of Cloud Computing

Practice Management Cloud Computing

It might surprise you to know that virtually all major practice management system vendors in Australasia have released, or are planning to release, their next generation solutions on the cloud. Cloud Computing is a trend that is sure to accelerate over time and is a transformation that will have a significant impact on the day-to-day operation of Practices and Practice Managers across all healthcare domains.

As Best Practice Software is undertaking the development of our own cloud-based platform, we are often asked by our clients what cloud computing entails, and what the benefits are over traditional desktop software. The following provides a brief insight into these questions.

What is Cloud Computing?

Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

That’s quite a mouthful and not necessarily easy to understand, but it essentially identifies the five common characteristics of true cloud computing:

  • Broad network access
    This refers to the fact that resources in the cloud are available over multiple device types, ranging from common devices like laptops and workstations, to mobile phones and the like. Providers are no longer tied to the desktop or the location of their data, the benefits of which are becoming increasingly clear in these times.
  • On-demand self-service
    This refers to capabilities that manage provisioning and back-office functions. In non-cloud or traditional desktop environments, where the end user can self-provision without interacting with the provider, the downstream result has historically been inefficiency and waste. These new technologies now enable us to provide our customers with true self-service without incurring these penalties or service costs.
  • Resource pooling
    The scalability of the cloud is one of its most defining fundamental concepts. Without pooled computing, networks and storage, these services must be provisioned across multiple silos at great cost. Through resource pooling, multiple customers are sharing resources stored in the cloud with their peers, in much the same way as a telephone network operates. Because of this, the cost of resources is also shared between multiple customers.
  • Measured service
    These pooled resources can be easily monitored and reported, providing visibility into rates of resource consumption and the allocation of the costs associated with said consumption.
  • Rapid elasticity
    Elastic resources are critical in reducing costs. When accessing a cloud-based service, you only access the resources as and when you need the capacity. For most practices, a large percentage of costs associated with deploying applications stem from provisioning and maintaining a range of hardware resources. The purchase and rollout of these hardware resources requires forecasting of anticipated demand, rather than actual demand with a fixed capital expenditure commitment. The elasticity of the cloud means that you simply get what you need as and when you need it, and you only pay for what you use, resulting in a significant reduction in costs.

Cloud computing is not a single service fits all model.

There are a number of deployment models to suit different organisations. The two most prevalent deployment models used in the healthcare industry are the private cloud and public cloud.

Private cloud is generally only implemented in larger organisations due to the increased infrastructure costs that can be spread across greater number of users. They are generally designed by and built for a single customer to support specific functions critical for the success of a single line of business, and usually require more technical proficiency to maintain.

Public cloud is what is most people think of when they hear cloud computing system; it is multitenant capable and shared by a number of customers who may have nothing in common. They are typically less expensive to maintain, and leverage infrastructure provided by large tech providers such as Amazon with its AWS service and the competing Microsoft Azure service. This is the deployment model that is generally best suited for small Practices, and the variant that most Practice Managers will deal with and is the deployment model that Best Practice Software has selected for its cloud offering.

In summation, the incremental and exponential advances made in recent years has created a significant shift towards cloud computing adoption. The large number of practice management software and other health software vendors refreshing their products with cloud enablement underscores this.

Vendors benefit through shortening the time to market for new products and features, whilst at the same time delivering drastic cost reductions to customers.

The adoption of these cloud-enabled healthcare platforms will grow as users experience the benefits of a shortened enhancement lifecycle, without the associated operational disruption that comes from frequently installing desktop or client-server-based software solutions. Cloud computing brings the promise of never having to do a manual data update, or to endure the long wait for new releases to introduce new features or defect fixes. This cycle gets compressed from months, to weeks and days.

However, not all platform migrations to the cloud have been successful. Ultimately, the organisations that will be successful are those that understand that a move to the cloud is not merely a porting of technology, but rather a new way of thinking as to providing healthcare as a service, one that maximises all of the components of cloud computing.

Authored by:

Andre Broodryk
Manager of Product Management at Best Practice Software

Transitioning to a Work From Home Business

As the world continues to fight and adapt to this ever-changing situation, many businesses have needed to become more innovative and agile in the way they’re operating. Globally, businesses have had their normal work routines flipped upside down and are now being challenged with navigating the unknown. For many, this involves transitioning to a work from home business. This sudden loss of control is difficult for businesses, and for many, this will be a very scary time.

For businesses who already have systems and processes in place, adaptation to a work from home business will be simple. However, for others who may be less prepared, the ability to adapt won’t come as easily and this will present an enormous challenge in an already stressful time.

When considering what can be done to make this navigation of the unknown less stressful, I would like to share three key points that I think allow a business to easily adapt and continue (with some modification) with business as normal.

Well-considered WFH Policy and Procedures

Having a clear direction and an outline of requirements is important to ensure everybody remains safe and understands what is expected of them.

The introduction of any policy should be necessitated by a business need, or to set a minimum standard for the topic that is being covered. When introducing any policy or procedure, the author should always have the business in mind. A good start would be to ask questions such as, ‘what is the desired result of introducing this policy or procedure?‘, or, ‘what past changes have not gone so smoothly?‘. Also question the why, ‘what is the demographic of our people?‘ or ‘what are the minimum access requirements (role, home environment, etc.) and technology needs?‘.

Some basic inclusions for a work from home business policy should include: 

  • The purpose of the document;
  • Guidelines for request considerations – connectivity, role resources, role suitability and workspace; 
  • The frequency or period of this arrangement;
  • Guidance on the logistical or performance details, which may include attendance while working from home, communication and timeframes, home insurance needs, information privacy and security, safety and well-being and WFH expenses.

Items such as these will not only set a clear business requirements and objectives, it will also make it clear to employees what is expected from them to uphold the arrangement.

Required Documentation

I am not talking about paperwork for the sake of paperwork, but having some simple documentation to assist and protect your business and its people when adjusting to a work from home business. It is very important that, as a business, you understand your obligations when it comes to safety, and it is just as important that your team understands their obligations when entering into a work from home business arrangement.

Both the business and its people need to understand that work from home business arrangements are an extension of the workplace, and therefore all business policies and safety protocols will apply, albeit with some modifications. As a business, you have a few options to ensure that your staff’s WFH environment is safe and that the arrangement will not present additional risk to the business or the team member.

Conducting safety and risk assessments of the work from home business environment is a good place to start, and there are a few ways that this can be done. The first is by employing an external party who will conduct an in-house assessment of your staff’s WFH environment. Alternatively, you can have your staff complete a self-assessment that includes photographic evidence to support their self-assessment outcomes. These self-assessments should include such areas as ergonomics (chair, workstations and set-up); potential hazards (trip and slip); general walkways to common areas and exits; first aid; lighting (natural and artificial); work environment climate (air-conditioning, fans, fresh air); and location of power supplies.

The home working environment needs to be assessed as if it was an area in the workplace.


Communication is the conduit that brings all of this together. It’s the start of the process when the business introduces the work from home business arrangement. It’s the connectivity that the business will have with its people, it’s the checks and balances that managers will use to stay on top of their peoples’ outcomes, and it’s the best way to ensure businesses expectations are met and adequate support is being provided to the team.

The business should have – within its policy or setup within its teams, how people will connect and the frequency of these connections. At the start, this may be more frequent and as time progresses the frequency may become less. Ideally, contact and communication should still occur at least at the start of the day and once during the day, not dissimilar to how you’d greet your team at the start of each workday when you arrive, and chat casually or formally throughout the day. This will help remind staff that support is available if they need it.

There is an incredible variety of technology available to businesses these days. This includes platforms such as email, video conferencing, instant messages, use of collaboration software like MS Teams, Zoom, Skype and alike – and let’s not forget the good old telephone. Although not all of these platforms will be needed, it’s a good idea to review the communication needs of your business, the pros and cons of different software options and the volume of contact that your business will need when communicating with its people.

These three key points mentioned are only a guide to the endless possibilities that are available to assist in navigating the unknown in transitioning to a work from home business. It’s extremely important that organisations implement processes and systems that are right for their business. Take the time to ask questions, research and understand what value these changes will provide your business, especially in these unique times.

Authored by:

Brendon Croft
People, Culture and Capability Manager at Best Practice Softwar