GP Clinic Cyber Security Health Check — Self-Assessment Tool

Your patients trust you with their most personal information. Are you protecting it?

General practices hold some of the most sensitive data in existence — health records, Medicare details, mental health notes, pathology results, and prescribing histories. The Privacy Act and Australian Privacy Principles require you to safeguard this information, and RACGP standards expect practices to manage information security as part of accreditation. A breach doesn't just trigger OAIC investigations and financial penalties — it exposes patients' most private health details and can shatter the trust your practice has built with its community.

This Health Check gives you a clear picture of where your practice stands — and a practical action plan to close the gaps. No IT background needed.

Built for practice managers and GPs, not IT professionals:

Every question is written in plain, everyday English. Technical terms include built-in hover tooltips that explain them simply, and the companion user guide explains the intent behind every question so you always understand what's being asked and why.

When you're done, the tool generates a clear, easy-to-follow action plan tailored to your practice. Each recommendation tells you what the gap is, what to do about it, how urgent it is, and roughly how much time and money it will take — automatically sorted by priority. No guesswork, no generic advice — just practical steps based on your actual answers.

What's included:

1. Self-Assessment Tool (HTML file) An interactive assessment covering 12 key security areas across 64 questions, purpose-built for how general practices actually work:

→ Passwords & Access — Are PRODA, Medicare Online, clinical software, and patient records properly secured? → Backups & Recovery — Could you recover patient data after ransomware or hardware failure? → Staff Awareness — Do your team know how to spot phishing and report security concerns? → Patient Data Protection — Are health records, My Health Record access, and clinical data handled in line with the Privacy Act? → Incident Response — Do you know what to do if patient data is compromised? → Suppliers & Services — Are your IT providers, clinical software vendors, and pathology integrations covered? → Plus six more domains covering updates, security software, device security, network protection, secure configuration, and leadership planning.

2. User Guide & Question Reference (Word document) A comprehensive companion guide including:

→ Step-by-step instructions for navigating the assessment and using all features → Tips for answering accurately — what "Yes" really means and how to think about evidence → How to interpret your results — understanding your score, readiness level, and priority actions → How to use the Word and Excel exports for compliance, insurance, and IT provider discussions → Full question reference guide — every question explained with "Why This Matters" context and "Evidence to Look For" indicators

What you get when you complete the assessment:

✔ Overall security score with a clear readiness rating

✔ Visual dashboard with category-by-category breakdown

✔ Prioritised action plan — personalised to your answers, sorted by urgency, with estimated time and cost

✔ Specific, actionable recommendations written in plain language

✔ Exportable Word report — ready to share with practice owners or insurers

✔ Exportable Excel workbook with incident response contacts and step-by-step checklist

✔ Australian-focused — references RACGP, Medicare, PRODA, My Health Record, OAIC, ACSC, Privacy Act, and Notifiable Data Breaches scheme

Who is this for?

• Practice managers wanting to benchmark and improve their security posture
• GP practice owners looking to protect their patients and their practice
• Practices preparing for RACGP accreditation, compliance reviews, or cyber insurance applications
• Solo GPs wanting to demonstrate due diligence in protecting patient data
• Anyone handling patient health records — regardless of technical ability

How it works:

Download both files — open the HTML file in any modern browser and keep the user guide handy. Answer the questions honestly, and the tool does the rest. No installation, no software, no cloud account required. Your data stays on your device.

Built by CyberAssure — practical cyber security tools for Australian businesses.