General Practice ICT Security Checklist

This checklist is provided to help you undertake both a self-assessment and quick independent assessment of the baseline ICT security within your practice. The checklist should only take 5 minutes to complete. It is based on the baseline requirements discussed in the Health Information Security Framework. There is also a guide document which provides a small amount of additional detail, including some rationale and points of clarification against the checklist.

Download the checklist document and work through the questions for your practice. Once you have answered the questions, set the checklist aside for the next time your IT provider is doing some work for you. Compare your answers and you should discuss anything where you answer the questions differently, or anything where a “No” answer is given. If you agree that you haven’t met the checklist requirements on any items you should formulate a plan on how you will put in place measures to be able to answer “Yes” to the question in the future.

This checklist is not intended to be a comprehensive guide to general practice security. You should always seek independent and professional advice on how you are protecting your health information within general practice. This checklist is a very high level and simplified interpretation of the larger Health Information Security Framework. For a more comprehensive reference, refer to the framework documentation.