National eHealth Security and Access Framework v3.1

The National eHealth Security and Access Framework has been developed as a control mechanism to ‘increase certainty that health information is created and accessed in a secure and trustworthy manner’.   It aims to ensure:

  • Access to consumer health information is consistently controlled and monitored as it transitions through independent organisations, business processes and systems in the Australian Health Sector.
  • The provenance of all electronic health information is traceable from its creation at a verifiable trusted source through its transition and possible augmentation on route to its destination.

 
NESAF supports organisations engaged in national eHealth to adopt a consistent approach and application of health information security standards, and provides better practice guidance in relation to eHealth specific security and access practices. Some of the key benefits of a National eHealth Security and Access Framework for use in the Australian environment include:

  • Promotion of a consistent, risk-based approach to eHealth security and access.
  • Consistent interpretation of relevant standards for application in the Australian eHealth environment.
  • Provision of a holistic view of security and access requirements within an organisation, that includes controls that are implemented at a business, healthcare, information technology and eHealth specific level, with a greater focus and detailed guidance provided in relation to eHealth specific controls.
  • Contemporary better practice guidance on specific eHealth security and access practices
  • A document suite that provides different views on the framework for different audiences - business, clinical, technical and consumer.

 
It is expected that broad application of NESAF within healthcare organisations will contribute to engendering trust within the national eHealth system, thus increasing adoption and uptake of these systems and maximising the expected benefits from these investments.

End products superseded by

A new version has been released for this end product

Please refer to National eHealth Security and Access Framework v4.0 or refer to the Release History for all releases of this End Product.

Identifier: 
EP-1005:2012
Date: 
30-03-2012
Type: 
application/zip
SHA256 Checksum: 
2e586a9effba157d642d885099983d072902e0b497f713713690423988a4efc0
Size: 
16.26 MB

Product Components

Product component
Identifier: 
NEHTA-1004:2012

This document describes the purpose, structure and benefits of the NESAF as well as providing detailed implementation advice for healthcare business owners, managers or practice team leads responsible for information security within healthcare organisations.

Product component
Identifier: 
NEHTA-1006:2012

This document describes at a high level, the purpose, benefits, structure and risk-based approach of the NESAF.

Product component
Identifier: 
NEHTA-1007:2012

This document provides a detailed description of each control in the NESAF. It gives a unique reference number for each control, notes the control category, gives detailed wording for each control and also attributes the source of the control back to a recognised standard or framework.

Product component
Identifier: 
NEHTA-1008:2012

The Implementer Blueprint within the NESAF provides a library of patterns and better practice guidance in relation to key security and access topics in eHealth.

Product component
Identifier: 
NEHTA-1009:2012

This interim release consolidates stakeholder feedback; lessons learned during application of the framework and carried forward actions from the November 2011 release.

Product component
Identifier: 
NEHTA-1010:2012

This document provides an illustrated map of primary and secondary standards and relevant frameworks related to NESAF R3.1 A brief description is provided in relation to each of the standards and frameworks in the map.

Product component
Identifier: 
NEHTA-1122:2012

This fact sheet describes eHealth information security for consumers and introduces the National eHealth Security and Access Framework (NESAF).

Product component
Identifier: 
NEHTA-1123:2012

This fact sheet describes eHealth information security for healthcare providers and introduces the National eHealth Security and Access Framework (NESAF).

Product component
Identifier: 
NEHTA-1124:2012

This fact sheet describes eHealth information security for business owners and managers and introduces the National eHealth Security and Access Framework (NESAF).

Release history

By operation of the Public Governance, Performance and Accountability (Establishing the Australian Digital Health Agency) Rule 2016, on 1 July 2016, all the assets and liabilities of NEHTA will vest in the Australian Digital Health Agency. In this website, on and from 1 July 2016, all references to "National E-Health Transition Authority" or "NEHTA" will be deemed to be references to the Australian Digital Health Agency. PCEHR means the My Health Record, formerly the "Personally Controlled Electronic Health Record", within the meaning of the My Health Records Act 2012 (Cth), formerly called the Personally Controlled Electronic Health Records Act 2012 (Cth).

Back to Top