Health

ADHA prepares new security standards for My Health Record connection



The Australian Digital Health Authority is enforcing new security requirements for software providers whose products connect to the My Health Record system.

From April 2023, the agency will require clinical information systems, including those used in polyclinics, pharmacies, and affiliated health services, to issue records. compliance with the new mandatory security requirements.

“All clinical information systems using one or more of the My Health Record B2B web services will need to comply with the new records,” the ADHA said.

Now in draft form, the security compliance profile is said to contain an “evidence-based set of security requirements that help strengthen clinical information systems from cyberattacks, improving information security.” and provide better protection for consumer information.”

The security controls, to be implemented in five phases over two years, are in line with the best practice standards recommended by the Australian Cybersecurity Center’s strategies for reducing cybersecurity incidents dubbed the “Eight Essentials”.

Clinical software providers whose products are connected to My Health Record will be required to submit “extensive” evidence to demonstrate compliance with each claim and to participate in an observational session led by an expert panel implemented by the ADB. They will be provided with support to ensure their systems pass compliance.

The medical software industry can still submit questions and comments on the new security compliance profile and proposed phased rollout schedule for the ADHA over the next three months.

WHY IT IMPORTANT

The ADHA introduced these new security requirements knowing “the inherent cybersecurity risks posed by connected systems and access to the My Health Record system, as well as aspects of vulnerability of the national infrastructure and all services administered by the agency.”

The agency has noted several benefits from implementing security requirements that comply with the Eight Basics:

  • reduce vulnerability to cyberattacks by disabling redundant technologies;

  • enhanced system validation and application timeout;

  • use contemporary encryption methods;

  • perform third-party security testing (penetration testing and vulnerability testing);

  • reduce the risk of security vulnerabilities by updating software (patching); and

  • Secure backup of personal and clinical information.

“The focus is on combining functionality in CISs connected to the My Health Records system, which will enable healthcare providers to implement better security within their organization.” , while balancing the potential impacts on software vendors and system involvement,” it stressed.

TREND TO BIGGER WOMAN

The healthcare industry reported the most data breaches in the first half of 2022 with 79 cases, based on Notable Data Breach Australian Information Commissioner’s report.

In October, one of Australia’s largest health insurers, Medibank, became the subject of a comprehensive data hack that affected 9.7 million customers.

ON PROFILE

“Protecting sensitive information is essential in the delivery of healthcare services and is a fundamental capability required to enable healthcare systems to connect and share information securely. safe, seamless, confidential and secure between all healthcare providers, the agency has and will continue to work with Dr. Holger Kaufmann, ADHA’s chief digital officer, said in a statement. An announcement.

news7g

News7g: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button