• Shopping Cart
    There are no items in your cart
6 min read

Securing healthcare records and privacy in Australia

Healthcare providers in Australia are responsible for the safe keeping of patients’ healthcare records and information in order to meet their legal obligations.

medical professional using the tablet

A need for standardised patient information security


As the world of technology pushes the boundaries and possibilities within healthcare, a standardised approach to handling, storing and accessing medical data needs to move at the same pace. Information security practices in healthcare is a legal requirement when implementing and maintaining digital health systems. 


ISO & IEC Standards in healthcare security 


The Information technology - Security techniques series of Standards provide guidance for information security management systems and play an important role in guiding healthcare providers on safe and reliable information security systems and management. These documents outlining best practice approaches allow organisations to manage information risks through security controls.  

AS ISO/IEC 27001:2015 provides requirements for establishing, implementing and maintaining an information security system. It also aims to guide organisations to continually improve their systems and includes tailored assessment & treatment of security risks. 

AS ISO/IEC 27002:2015 relates to the code of practice for information security controls and gives guidelines for organisational information security standards and information security management practices. AS ISO/IEC 27003:2017 provides explanation and guidance for implementing AS ISO/IEC 27001:2015

To view the entire range of information technology Standards, click here

Healthcare providers, or other organisations that house sensitive and personal medical data, must ensure risks to their technical infrastructure and information management systems are well managed. AS ISO 27799:2011 Information security management in health using ISO/IEC 27002 was created to provide security controls and measures to protect health information. It is a companion to the AS ISO/IEC 27002 Standard, but related and adapted to the healthcare industry. 

AS ISO/IEC 27799:2016 list 25 specific risks for the healthcare industry, some of which include: 

  • Unauthorised use of a health information application
  • Introduction of damaging or disruptive software
  • Communications infiltration 
  • Technical failure of the host, storage facility or network infrastructure 
  • System or network software failure 
  • Maintenance error 
  • User error 
  • Terrorism 


Australian Standards in digital healthcare security 


There is an array of Standards published by the national Standards body in Australia that aim to provide best practice guidance for all aspects of the healthcare industry. At the time of publishing, Standards Australia created a world-first handbook for digital hospitals and healthcare. A digital hospital being one that utilises information management to support clinical processes. 

This handbook (SA HB 163:2017 Digital Hospitals Handbook) developed a set of principles to inform the design and implementation of digital hospitals, including new and refurbished. Its aim is to provide guidance and positive outcomes for all involved in the digital hospital supply chain, aiding a transition to digital health systems. 

Standards Australia have implemented guidance from the Health Level Seven International (HL7) who work to provide a comprehensive framework and related Standards for the exchange, integration, sharing, and retrieval of electronic health information that supports clinical practice and the management, delivery and evaluation of health services. 

Some of these essential Standards include: 

  • AS 4700.6-2013 Implementation of Health Level Seven (HL7) Version 2.5 Referral, discharge and health record messaging
  • SA TS 90005.1:2014 Collaborative care Logical content model
  • AS 4700.7-2005 Implementation of Health Level Seven (HL7) Version 2.3.1 Diagnostic imaging orders and results
  • HB 262-2012 Guidelines for messaging between diagnostics providers and health service providers
  • SA HB 137-2013 E-health Interoperability Framework
  • SA HB 138-2013 E-health architecture principles 
  • AS 2828.2:2019 Health records Digitized health records
  • HB 304-2007 Guide to Australian electronic communication in health care 


Healthcare records kept safe and sound 


Standards provide best practice guidance for all healthcare and medical data systems, helping to ensure IT systems and infrastructure are following both national and international recommendations. A standardised approach to healthcare records helps both the patients and providers safe from IT security risks. 

Discover how access to the right management Standards through a subscription can improve your organization today.
Medical Devices Regulatory Obligations

Medical Devices Regulatory Obligations

Staying compliant in the medical device industry

Continuing to meet your regulatory obligations means ensuring that your organisation is always using up-to-date and current Standards. i2i can help those in the MedDev space to stay compliant past the short-term focus on the EU MDR 2021 deadline.

Medical device labelling

Medical Device Labelling

Medical device manufacturers obligations

Medical device labelling requirements are essential to meet regulatory and compliance obligations and assist with the safe use of the device.

Infection-control

Control the Spread of Infection

Three Important standards in healthcare and medical industries

In hazardous conditions, such as the potential for the spread of infection, the use of specific Standards can assist in guiding businesses and individuals in best practices for controlling the spread.