New security requirements for My Health Record


By Dylan Bushell-Embling
Wednesday, 21 December, 2022
New security requirements for My Health Record

The Australian Digital Health Agency (ADHA) is introducing new security requirements for clinical information systems to connect with the My Health Record digital health record system.

The new requirements will take affect in April. Software vendors with clinical software products designed for use in GP clinics, pharmacies and allied health services will need to ensure they comply with the enhanced security requirements using a phased approach.

The conformance profile was co-developed with stakeholders including regulators, software vendors and security experts.

ADHA plans to support the industry with their transition to the new requirements by providing visibility of the conformance profile in advance of the official implementation period, and will be fielding questions and comments on the profile and proposed phased implementation schedule up until the April start date.

Included in the new profile is an evidence-based list of security requirements that harden clinical information systems from cybersecurity attacks and enhance the information security for data held on the clinical systems. The requirements align with best-practice standards recommended by the Australian Cyber Security Centre.

Each vendor with software products connected to My Health Record will be required to submit an extensive file of evidence to demonstrate conformance to each of these requirements.

ADHA Acting Chief Digital Officer Dr Holger Kaufmann said the new requirements are important considering the growing threat posed by cyber attacks and malicious threat actors.

“Protecting sensitive information is essential in the provision of healthcare services and is a fundamental capability that is required to enable connected healthcare systems and safe, seamless, secure and confidential information sharing across all healthcare providers,” he said.

“The Agency has and will continue to work with clinical information system vendors to provide support and guidance to further secure and protect their software for the benefit of patient privacy, national infrastructure, and their own businesses.”

Image credit: iStock.com/LeoWolfert

Related News

Veeam launches free Splunk extension

Veeam's new Splunk extension will allow users of the SIEM tool to monitor the health and...

JFrog uncovers critical Python vulnerability

JFrog researchers uncovered a since-patched security vulnerability in the Python programming...

Mimecast unveils Human Risk Management Platform

Mimecast's new Human Risk Management Platform can help enterprises assess and mitigate...

Content from other channels on our network

Nokia and Claro collaborate on Colombia's largest 5G network

In-vehicle connectivity enabled for SA Power Networks

'Service mesh' technology to solve 6G communication issues

Field trials demonstrate the benefits of Wi-Fi HaLow

Milestone as UWA's TeraNet captures laser signals from satellite

Macquarie Data Centres breaks ground on IC3 Super West

Victorian OPP implements new case management system

The need to cap the ATO's access to personal data

Supporting sustainable employment for neurodivergent individuals

Indonesian hackers apologise, ask for donations

Passivation approach boosts stability of perovskite solar cells

Researchers create safe, long-lasting, high-temp battery

'Organ on a chip' developed for better drug testing

The crucial role of contacts in connector functionality

Silicon photonics for large-scale quantum information applications

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd