iTnews
  • Home
  • News
  • Technology
  • Security

ADHA drafts new security standards for My Health Record interconnection

By Ry Crozier
Dec 21 2022 9:15AM

Software vendors have up to 24 months to make changes.

Systems that interconnect with the government’s My Health Record will need to meet elevated security standards that align with the Essential Eight over the next two years.

ADHA drafts new security standards for My Health Record interconnection

The Australian Digital Health Agency (ADHA) said in a statement late Tuesday that it would introduce a new - mandatory - security requirements “conformance profile” for clinical software vendors.

“All clinical information systems that use one or more My Health Record B2B web services will need to conform to the new security profile,” the agency said in accompanying release notes.

"The agency is cognisant of the inherent cyber security risks posed by systems connected to and accessing the My Health Record system, as well as potentially vulnerable aspects of the national infrastructure and all services under its care.

"To address this risk, a set of security requirements for systems connecting to the My Health Record system have been identified, comprising controls related to application development and web development, with controls aligned to the Australian Cyber Security Centre’s (ACSC) Essential Eight maturity model.

"These controls are selected as the areas of the ACSC Information Security Manual (ISM) that are most relevant to the development of software for healthcare organisations."

The conformance profile is currently in draft, pending industry feedback. Full details are behind a login, accessible to industry participants only.

Although it becomes “effective from April 2023”, implementation will be phased across five tranches and two years, with most clinical software vendors having 18-to-24 months to complete the necessary rework and upgrades on their end.

Tranche one vendors - those making systems used in acute care, which covers hospitals, emergency and the like - have six-to-12 months to make changes.

“Software vendors with clinical software products will be supported to implement changes in their products in a phased approach, to balance the need to strengthen security for all systems connected to My Health Record with the capability of software vendors to make necessary adjustments in a timely manner,” ADHA said.

“The new security requirements profile contains an evidence-based list of security requirements that harden clinical information systems from cyber security attacks, uplift information security and provide better protection for consumer information. 

“Each vendor with software products connected to My Health Record will be required to submit an extensive file of evidence to demonstrate conformance to each requirement, as well as participate in an observation session conducted by the [ADHA] specialist team.”

ADHA’s acting chief digital officer, Dr. Holger Kaufmann said in a statement that “protecting sensitive information is essential in the provision of healthcare services".

"[It] is a fundamental capability that is required to enable connected healthcare systems and safe, seamless, secure, and confidential information sharing across all healthcare providers," Kaufmann said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
adhahealthitsecuritysoftware

Related Articles

  • GPS spoofers 'hack time' on commercial airlines, researchers say GPS spoofers 'hack time' on commercial airlines, researchers say
  • AGL runs retail technology transformation in two phases AGL runs retail technology transformation in two phases
  • In Pictures: Skybox and BT security roundtable In Pictures: Skybox and BT security roundtable
  • Browser vulnerability can be used to breach local networks Browser vulnerability can be used to breach local networks

Partner Content

Non-technical job seekers are missing out on this in-demand cybersecurity career
Partner Content Non-technical job seekers are missing out on this in-demand cybersecurity career
Transforming Education: South Australia's Digital Identity Journey with Okta
Partner Content Transforming Education: South Australia's Digital Identity Journey with Okta
‘Work Anywhere, Thrive Everywhere’: Embracing Boundless Workplaces in a Changing World
Partner Content ‘Work Anywhere, Thrive Everywhere’: Embracing Boundless Workplaces in a Changing World
Unlocking Cloud Potential: The Fusion5 Approach to Seamless Migration
Partner Content Unlocking Cloud Potential: The Fusion5 Approach to Seamless Migration

Sponsored Whitepapers

Nine Ways To Prepare Your Database for a High-Traffic Event
Nine Ways To Prepare Your Database for a High-Traffic Event
How to Put AI at the Heart of Business Growth
How to Put AI at the Heart of Business Growth
Streamline Your Processes and Reduce Managed File Transfer Expenses
Streamline Your Processes and Reduce Managed File Transfer Expenses
Maximise Your Azure Investment with Fusion5
Maximise Your Azure Investment with Fusion5
CyberArk's 2024 Playbook: Identity Security and Cloud Compliance
CyberArk's 2024 Playbook: Identity Security and Cloud Compliance

Events

  • Integrate Integrate
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter

CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Digital Nation

State of Security 2023
State of Security 2023
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.