National eHealth Security and Access Framework v4.0
The National eHealth Security and Access Framework (NESAF) provides standards, tools, and guides for the Australian healthcare sector to build and implement secure systems that protect patient data and eHealth-related assets, while providing the provenance required for ensuring patient safety and privacy. (For more details and to download fact sheets, see eHealth Security and Authentication.) NESAF v4.0 is derived directly from previous releases and includes refinements and minor inclusions to improve the value of the current product set. This release consolidates stakeholder feedback from independent reviews by reputable security firms as well as updates based on lessons learned during the application of the framework from the March 2012 release. The NESAF has also been updated to reflect changes to:
- Processes relating to online registration for the My Health Record system;
- The use of NASH certificates; and
- Australian privacy legislation.
The clinical, consumer and business fact sheets published in the NESAF v3.1 bundle are still available from eHealth Security and Authentication. No changes have been made to these fact sheets since their last release. Future release: Three industry guides have been developed for NESAF v4 to address security for healthcare organisations looking at implementing:
- Bring your own device (BYOD)
- Cloud computing
- Secure mobile applications
These guides are currently undergoing industry consultation and will be published in a future minor release.