Go to top of page

The National eHealth Security and Access Framework (NESAF) provides standards, tools, and guides for the Australian healthcare sector to build and implement secure systems that protect patient data and eHealth-related assets, while providing the provenance required for ensuring patient safety and privacy. (For more details and to download fact sheets, see eHealth Security and Authentication.) NESAF v4.0 is derived directly from previous releases and includes refinements and minor inclusions to improve the value of the current product set.   This release consolidates stakeholder feedback from independent reviews by reputable security firms as well as updates based on lessons learned during the application of the framework from the March 2012 release. The NESAF has also been updated to reflect changes to:

  • Processes relating to online registration for the My Health Record system;
  • The use of NASH certificates; and
  • Australian privacy legislation.

The clinical, consumer and business fact sheets published in the NESAF v3.1 bundle are still available from eHealth Security and Authentication. No changes have been made to these fact sheets since their last release. Future release: Three industry guides have been developed for NESAF v4 to address security for healthcare organisations looking at implementing:

  • Bring your own device (BYOD)
  • Cloud computing
  • Secure mobile applications

These guides are currently undergoing industry consultation and will be published in a future minor release.

Download file package
15.64 MB
SHA256 Checksum: 
File package contents

NESAF v4 - Business Blueprint v1.0

The NESAF v4 Business Blueprint provides business managers within organisations that handle eHealth information with a good understanding of the NESAF methodology and appropriate tools to conduct a risk assessment to secure information.

NESAF v4 - Standards Mapping v1.0

The NESAF v4 Standards Mapping describes a suite of standards that have been referenced or mapped in the development of the NESAF, which may provide useful references for readers seeking a deeper understanding of this domain.
Release history