The way you handle, use and manage the personal information of your clients is important. If you provide disability or aged care services, it’s vital to maintain the data security of sensitive information.

In the modern era, where many records are kept electronically, data security has become a major consideration for organizations of all sizes due to the numerous factors and internal processes involved.

Regardless of whether you operate multiple aged care facilities or provide support coordination to NDIS participants as a sole trader, it is crucial to understand the technology infrastructure and platform requirements for maintaining secure data.

Cybercrime is widespread and the criminals involved are well-organised—in fact, 67,500 Australians were affected last year. Every business is a potential target of hackers and cyber attacks, it’s not just large corporations that need to take precautions.

“Security is always excessive until it’s not enough” — Robbie Sinclair, head of security, Country Energy, New South Wales, Australia.

‍

Are you doing enough to keep data secure?

Australia’s Privacy Act places obligations on organisations that collect personal information. There are 13 Australian Privacy Principles that you can use as a guide to ensure you’re doing the right thing.

As you’d expect, data security of personal information is one of these principles—stating that if you hold personal information you must take reasonable steps to protect it: from misuse, interference and loss; and from unauthorised access, modification and disclosure.

In addition to data security, other important principles include maintaining accurate information, managing it in a transparent manner, refraining from disclosing it to third parties for purposes other than intended or without consent, and ensuring that the person whose information is held can access and update it.

Is your cloud-based system compliant?

It makes sense to use the latest technologies to store client information, manage teams and coordinate care for your aged care or NDIS clients. In terms of convenience and accessibility of data within your organisation, a cloud-based system is excellent.

Information stored in the cloud can be shared and updated by multiple people from any location and at any time, so it provides a lot of flexibility. When you use ‘software as a service’ (SaaS) your data is in the cloud, but the underlying infrastructure and security is determined by the provider.

Some organizations or small businesses may be tempted to use free SaaS services like Google Docs, Gmail, Microsoft Office 365, or Asana to manage client information without fully considering the potential consequences.

Here’s two important factors to consider:

• If your provider’s data centres are not based in Australia, you’re probably not compliant with the Privacy Act.
• Your business can be held accountable if your client’s data or privacy is breached via issues with your provider’s security.

Using cloud computing services that are hosted offshore means that data flows to jurisdictions that are not governed by Australia’s Privacy Act. Data can be processed across multiple entities and geographies, which can make access and reforms more difficult should issues arise.

Locally-hosted cloud services are the safest bet and you should ensure the provider or system you use to store client information has this base covered.

Comm.care is a secure & reliable choice for care management

Comm.care is a cloud-based, highly secure platform that ensures client data is well-managed and available to your team where and when you need it.

• We use a locally-hosted AWS (Amazon Web Services) data centre with state-of-the-art infrastructure. Your data stays in Australia.
• We use the same development framework system as PayPal and Netflix.
• Additionally, multiple firewalls and network security measures are utilised to secure your data.

Your NDIS client’s data is secure from unauthorised internal and external access. Firewalls and password protection prevent external access, while internally, permission controls limit what can be seen by different users.

We advocate for transparency, therefore if any changes are made, the appropriate people are notified. Client consent is also required to give a new organisation or person access to their profile.

Our platform is designed to enable collaboration across organisations (where multiple providers support one client). We also comply with Australian Privacy laws and only provide access to records with your client’s consent.

“The companies that do the best job on managing a user’s privacy will be the companies that ultimately are the most successful.” – Fred Wilson, venture capitalist.

Setting up your data management systems to ensure you can meet these obligations. And keep data secure without breaking the bank, giving your team headaches, or having a qualified IT expert on hand, is achievable. However, you might need to rethink some of your current practices, and upgrade to more reliable record-keeping and client management software.