Go to top of page

A new version has been released for this end product

Please refer to National eHealth Security and Access Framework v4.0 or refer to the Release History for all releases of this End Product.


The National eHealth Security and Access Framework has been developed as a control mechanism to ‘increase certainty that health information is created and accessed in a secure and trustworthy manner’.   It aims to ensure:

  • Access to consumer health information is consistently controlled and monitored as it transitions through independent organisations, business processes and systems in the Australian Health Sector.
  • The provenance of all electronic health information is traceable from its creation at a verifiable trusted source through its transition and possible augmentation on route to its destination.


NESAF supports organisations engaged in national eHealth to adopt a consistent approach and application of health information security standards, and provides better practice guidance in relation to eHealth specific security and access practices. Some of the key benefits of a National eHealth Security and Access Framework for use in the Australian environment include:

  • Promotion of a consistent, risk-based approach to eHealth security and access.
  • Consistent interpretation of relevant standards for application in the Australian eHealth environment.
  • Provision of a holistic view of security and access requirements within an organisation, that includes controls that are implemented at a business, healthcare, information technology and eHealth specific level, with a greater focus and detailed guidance provided in relation to eHealth specific controls.
  • Contemporary better practice guidance on specific eHealth security and access practices
  • A document suite that provides different views on the framework for different audiences - business, clinical, technical and consumer.


It is expected that broad application of NESAF within healthcare organisations will contribute to engendering trust within the national eHealth system, thus increasing adoption and uptake of these systems and maximising the expected benefits from these investments.

Download file
16.26 MB
SHA256 Checksum: 
Associated components

NESAF - Business Blueprint v3.1

This document describes the purpose, structure and benefits of the NESAF as well as providing detailed implementation advice for healthcare business owners, managers or practice team leads responsible for information security within healthcare organisations.
Friday, 30 Mar 2012

NESAF - Framework Model and Controls v3.1

This document provides a detailed description of each control in the NESAF. It gives a unique reference number for each control, notes the control category, gives detailed wording for each control and also attributes the source of the control back to a recognised standard or framework.
Friday, 30 Mar 2012

NESAF - Release Note v3.1

This interim release consolidates stakeholder feedback; lessons learned during application of the framework and carried forward actions from the November 2011 release.
Friday, 30 Mar 2012

NESAF - Standards Mapping v3.1

This document provides an illustrated map of primary and secondary standards and relevant frameworks related to NESAF R3.1 A brief description is provided in relation to each of the standards and frameworks in the map.
Friday, 30 Mar 2012

NESAF - Clinical Factsheet v1.0

This fact sheet describes eHealth information security for healthcare providers and introduces the National eHealth Security and Access Framework (NESAF).
Friday, 19 Oct 2012

NESAF - Business Factsheet v1.0

This fact sheet describes eHealth information security for business owners and managers and introduces the National eHealth Security and Access Framework (NESAF). It aims to provide businesses with the necessary security processes, tools and information to help adjust to the new eHealth environment.
Friday, 19 Oct 2012
Release history