Increased cyber security requirements for systems connecting to My Health Record
Published 20 December 2022
The Australian Digital Health Agency (the Agency) is strengthening My Health Record protections through a new mandatory security requirements conformance profile (the profile) for clinical information systems (including those used in GP clinics, pharmacies and allied health services) connected to the My Health Record system.
The profile will be effective from April 2023 following a 3-month period where industry is invited to provide feedback on the profile. Software vendors with clinical software products will be supported to implement changes to their products in a phased approach, to balance the need to strengthen security for all systems connected to My Health Record with the capability of software vendors to make necessary adjustments in a timely manner. The profile was co-developed with stakeholders including regulators, software vendors and security experts.
The Agency is supporting industry with their preparation by providing visibility of the profile in advance of the official implementation period. Questions and comments from across the software industry on the new profile and the proposed phased implementation schedule can be sent to the Agency until April 2023.
The profile contains an evidence-based suite of security requirements that harden clinical information systems from cyber security attacks, uplift information security and provide better protection for consumer information. Each vendor with software products connected to My Health Record will be required to submit extensive evidence to demonstrate conformance to each requirement, as well as participate in an observation session conducted by an Agency specialist team.
Australian Digital Health Agency Acting Chief Digital Officer, Dr. Holger Kaufmann said, “Protecting sensitive information is essential in the provision of healthcare services and is a fundamental capability that is required to enable connected healthcare systems and safe, seamless, secure, and confidential information sharing across all healthcare providers.”
“The Agency has and will continue to work with clinical information system vendors to provide support and guidance to further secure and protect their software for the benefit of patient privacy, national infrastructure, and their own businesses” he said.
The new requirements align to the best-practice standards recommended by the Australian Cyber Security Centre (ACSC), detailed in the ACSC’s Strategies to Mitigate Cyber Security Incidents, known as the Essential Eight, that help protect systems against a range of online and cyber security threats.
Media contact
Mobile: 0428 772 421
Email: [email protected]
About the Australian Digital Health Agency
When it comes to improving the health of all Australians, the role of digital innovation and connection is a vital part of a modern, accessible healthcare system. Against the backdrop of COVID-19, digital health has seen exponential growth in relevance and importance, making it more pertinent than ever for all Australians and healthcare providers.
Better patient healthcare and health outcomes are possible when you have a health infrastructure that can be safely accessed, easily used and responsibly shared.
For further information: www.digitalhealth.gov.au.
The Australian Digital Health Agency is a statutory authority in the form of a corporate Commonwealth entity.