New security requirements for My Health Record


By Dylan Bushell-Embling
Wednesday, 21 December, 2022

New security requirements for My Health Record

The Australian Digital Health Agency (ADHA) is introducing new security requirements for clinical information systems to connect with the My Health Record digital health record system.

The new requirements will take affect in April. Software vendors with clinical software products designed for use in GP clinics, pharmacies and allied health services will need to ensure they comply with the enhanced security requirements using a phased approach.

The conformance profile was co-developed with stakeholders including regulators, software vendors and security experts.

ADHA plans to support the industry with their transition to the new requirements by providing visibility of the conformance profile in advance of the official implementation period, and will be fielding questions and comments on the profile and proposed phased implementation schedule up until the April start date.

Included in the new profile is an evidence-based list of security requirements that harden clinical information systems from cybersecurity attacks and enhance the information security for data held on the clinical systems. The requirements align with best-practice standards recommended by the Australian Cyber Security Centre.

Each vendor with software products connected to My Health Record will be required to submit an extensive file of evidence to demonstrate conformance to each of these requirements.

ADHA Acting Chief Digital Officer Dr Holger Kaufmann said the new requirements are important considering the growing threat posed by cyber attacks and malicious threat actors.

“Protecting sensitive information is essential in the provision of healthcare services and is a fundamental capability that is required to enable connected healthcare systems and safe, seamless, secure and confidential information sharing across all healthcare providers,” he said.

“The Agency has and will continue to work with clinical information system vendors to provide support and guidance to further secure and protect their software for the benefit of patient privacy, national infrastructure, and their own businesses.”

Image credit: iStock.com/LeoWolfert

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd