New security requirements for My Health Record


By Dylan Bushell-Embling
Wednesday, 21 December, 2022
New security requirements for My Health Record

The Australian Digital Health Agency (ADHA) is introducing new security requirements for clinical information systems to connect with the My Health Record digital health record system.

The new requirements will take affect in April. Software vendors with clinical software products designed for use in GP clinics, pharmacies and allied health services will need to ensure they comply with the enhanced security requirements using a phased approach.

The conformance profile was co-developed with stakeholders including regulators, software vendors and security experts.

ADHA plans to support the industry with their transition to the new requirements by providing visibility of the conformance profile in advance of the official implementation period, and will be fielding questions and comments on the profile and proposed phased implementation schedule up until the April start date.

Included in the new profile is an evidence-based list of security requirements that harden clinical information systems from cybersecurity attacks and enhance the information security for data held on the clinical systems. The requirements align with best-practice standards recommended by the Australian Cyber Security Centre.

Each vendor with software products connected to My Health Record will be required to submit an extensive file of evidence to demonstrate conformance to each of these requirements.

ADHA Acting Chief Digital Officer Dr Holger Kaufmann said the new requirements are important considering the growing threat posed by cyber attacks and malicious threat actors.

“Protecting sensitive information is essential in the provision of healthcare services and is a fundamental capability that is required to enable connected healthcare systems and safe, seamless, secure and confidential information sharing across all healthcare providers,” he said.

“The Agency has and will continue to work with clinical information system vendors to provide support and guidance to further secure and protect their software for the benefit of patient privacy, national infrastructure, and their own businesses.”

Image credit: iStock.com/LeoWolfert

Related News

Australian ransomware payments average at $9.27 million

Data from Sophos suggests that Australian businesses falling victim to a ransomware attack...

Akamai launches zero trust platform

Akamai's new Guardicore platform combined Zero Trust Network Access with microsgmentation to...

Veeam buys ransomware response company Coveware

Veeam has arranged to augment its cyber extortion incident response capabilities with the...

Content from other channels on our network

Govt funds telco resilience tech, responds to LEOSat report

Extreme enclosure heli-lifted into an extreme environment

Cyber secured at critical network device level has never been more important

Cradlepoint 'Vehicle as a Node' is the Next Frontier for Emergency Services

Govt responds to post-incident review of Optus outage

LAPP ÖLFLEX CLASSIC 110 control cables empower industrial connectivity

Delivering Dependable Fibre Optic Solutions for Challenging Environments through Enhanced Beam Cable Assemblies

Indonesia moves towards power grid resilience

Qld networks launch powerline safety campaign

Virtual power plants installed at regional schools

Central Highlands Water chooses Infor for ERP

The benefits and risks of AI usage in the public sector

Cobalt Iron earns patent on analytics-based dynamic authorisation control

Shoalhaven City Council uses AI to deliver safer roads to the community

Smart technologies: helping councils improve community services and sustainability

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd