The healthcare industry is simultaneously innovating whilst facing the persistent threat of cyber attacks. The healthcare industry is specifically targeted because it is where a lot of sensitive personal information is handled and it is so large and distributed that there are significant numbers of vulnerabilities and weaknesses.

Health information is a category of sensitive personal information as defined by the Australian Privacy Act that warrants a high degree of protection. This is a difficult challenge in the healthcare industry as health information needs to be broadly shared in order to provide the best healthcare services.

The health industry also provides a good example where technology-based solutions are challenged on the grounds of privacy and security concerns. Those implementing technology-based solutions in the healthcare industry must be more prepared to demonstrate transparency around their approach to privacy and security.

If you’re looking for more detailed guidance, refer to the Australian and International Standard for Information Security Management Systems (AS ISO/IEC 27001) as it explains how to implement a information security program that includes e.g. asset management, risk management, program evaluation and incident management.

For some healthcare providers, including IT software and service providers, a higher level of cyber security may be expected. This may come in the form of a contractual requirement to comply with the Australian Government Information Security Manual (ISM) and potentially undergo an independent assessment against it.

Key legislation and standards:

Summary of expectations:

  • Identify information assets and sensitivities including sensitive health information
  • Define your information security roles and responsibilities in policies
  • Implement controls to manage risk and protect health information
  • Maintain an information security management system and continually improve
  • Notify relevant stakeholders such as the OAIC of significant information security incidents

How we can help:

Contact TrustyGate

Get in touch to arrange a demonstration, discuss complex requirements or provide feedback.

(03) 9036 9963
Suite 1613, 33 Rose Lane, Melbourne VIC 3000, Australia