The Agency published the My Health Record Connecting Systems Security Conformance Profile v1.0 (Security Profile) on the Agency’s Developer Portal in September 2024.
We are currently in the process of operationalising the Security Profile and developing the conformance assessment process along with related artefacts. As part of the proposed process, software developers will be required to conduct a self-assessment against the mandatory and relevant conditional requirements and submitting their test evidence to the Agency for conformance assessment. Upon successful validation of the evidence, software developers would be able to declare conformance to the Security Profile by submitting a vendor declaration form. Further details of the conformance assessment process are anticipated to be published on the Developer Portal around February 2025.
The Security Profile introduces requirements designed to protect connected clinical information systems from cyber threats and strengthen overall security.
Key benefits include:
- Reduce the likelihood of cyber-attacks by disabling redundant technologies.
- Enhance system authentication and enforce application session timeouts.
- Utilise Australian Signals Directorate (ASD) approved encryption methods to protect data.
- Conduct third-party penetration and vulnerability testing to identify and address potential risks.
- Minimise security vulnerabilities through regular software patching and updates.
- Protect personal and clinical information with encrypted and reliable backup solutions.
We encourage software developers to begin implementing the required software capabilities in preparation for conformance assessment, which will commence in March 2025.
For any questions, please contact the Agency at [email protected].