Go to top of page

The National eHealth Security and Access Framework (NESAF) provides standards, tools, and guides for the Australian healthcare sector to build and implement secure systems that protect patient data and eHealth-related assets, while providing the provenance required for ensuring patient safety and privacy. (For more details and to download fact sheets, see eHealth Security and Authentication.) NESAF v4.0 is derived directly from previous releases and includes refinements and minor inclusions to improve the value of the current product set.   This release consolidates stakeholder feedback from independent reviews by reputable security firms as well as updates based on lessons learned during the application of the framework from the March 2012 release. The NESAF has also been updated to reflect changes to:

  • Processes relating to online registration for the My Health Record system;
  • The use of NASH certificates; and
  • Australian privacy legislation.

The clinical, consumer and business fact sheets published in the NESAF v3.1 bundle are still available from eHealth Security and Authentication. No changes have been made to these fact sheets since their last release. Future release: Three industry guides have been developed for NESAF v4 to address security for healthcare organisations looking at implementing:

  • Bring your own device (BYOD)
  • Cloud computing
  • Secure mobile applications

These guides are currently undergoing industry consultation and will be published in a future minor release.

Download file
SHA256 Checksum: 
15.64 MB
Associated components

NESAF v4 - Release Note v4.0


NESAF v4.0 is derived directly from the previous releases and includes refinements and minor inclusions to improve the value of the current product set.

Friday, 06 Jun 2014

NESAF v4 - Overview v1.0


The NESAF v4 Overview explains the underlying principles behind the NESAF, the benefits of adopting the framework and additional implementation resources. It is a business-oriented document intended primarily for business executives, system owners and healthcare organisation management teams.

Friday, 06 Jun 2014

NESAF v4 - Business Blueprint v1.0


The NESAF v4 Business Blueprint provides a good understanding of the NESAF methodology and appropriate tools to conduct a risk assessment to secure information. It is intended primarily for practice managers, system owners and healthcare information managers.

Friday, 06 Jun 2014

NESAF v4 - Implementer Blueprint v1.0


The NESAF v4 Implementer Blueprint provides a library of process patterns and better practice guidance in relation to key security and access requirements in eHealth. Applying them to your business processes will enable you to design security into any eHealth system.

Friday, 06 Jun 2014

NESAF v4 - Standards Mapping v1.0


The NESAF v4 Standards Mapping describes a suite of standards that have been referenced or mapped in the development of the NESAF, which may provide useful references for readers seeking a deeper understanding of this domain.

Friday, 06 Jun 2014
Release history