By Rhiannon Riches
Two members of Optometry Australia have been left empty-handed after unrelated attacks from computer viruses and ransomware destroyed patient records.
Both members face a loss of income as they attempt to replace their records. Their cases have involved IT providers, lawyers, insurance companies, Optometry Australia and the organisation’s professional indemnity insurance partner, Avant Mutual.
One of the optometrists must recall more than 200 patients for free-of-charge examinations, to rebuild the practice’s records.
Optometry Australia professional services manager Luke Arundel says the cases highlight the importance and value of backing-up patient records daily and having up to date virus protection software.
‘Two of our members had a significant number of patient records destroyed. In one case, the practice computers were affected by a virus; in the other case, ransomware was to blame,’ Mr Arundel said.
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.
Mr Arundel’s advice is not to pay as those responsible for the malicious software may demand more money.
One of the members lost four months of patient records as a result of a computer virus. The computerised appointment book, clinical notes and basic details of any new patients seen in that period were all lost, along with order details, prescriptions reports and referrals.
‘Their practices have also been exposed medico-legally,’ Mr Arundel said. ‘They have been advised by Avant to rebuild clinical records and their patients will need to be re-examined at no charge, as the optometrists cannot bill Medicare.
‘This is a wake-up call to every member as it is very easy to get complacent in this area. It is critical to ensure back-ups are being performed and virus software is up to date. This costs a lot less than when things go pear-shaped,’ he said.
One of the optometry practices that lost records was attempting to recover data of patients tested in the period by piecing together banking information and records of spectacle and contact lens orders from suppliers but it is assumed there will be significant gaps in information.
Cameron Rule, director of Rule Technology, says back-up is a critical aspect of operating a small business.
‘The first question to ask yourself is: do you know if your back-up is working? If you do it yourself but it’s not being monitored, how do you know if it is working? It is critical that someone, either in the business or externally such as an IT provider, knows it is working,’ Mr Rule said.
He recommends completing a back-up at least daily. ‘It is also important to have an off-site back-up, in case of fire or theft to your practice, for example. Duplicate your on-site back-up at an off-site secure location,’ he said.
‘Be aware that your anti-virus software needs to be up to date, otherwise it’s ineffective. Up to 400,000 new viruses are created every day. You need to have an up to date virus scan otherwise you have no chance.
‘Be compliant. Don’t open suspicious email. Educate your employees about what not to open,’ Mr Rule said.
Rule Technology exhibited at WAVE this year. It is offering optometrists a free IT health check.
Optometry Australia’s professional indemnity insurance partner, Avant Mutual, says each situation where inadvertent damage or destruction of health information occurs is different. For this reason, the Heath Records legislation does not set out specific requirements to follow in these circumstances. Any member affected by this type of issue should contact Optometry Australia and Avant for assistance.