News

New OAIC My Health Record security and access policy template and accompanying e-Learning module

A new My Health Record security and access policy template is now available to assist healthcare providers to comply with their obligations under Rule 42 of the My Health Records Rule 2016.  

Rule 42 of the My Health Records Rule 2016 requires healthcare provider organisations to establish, communicate and enforce a written security and access policy in order to register, and remain registered, with the My Health Record system. 

The policy template was developed by the Office of the Australian Information Commissioner (OAIC), in collaboration with the Australian Digital Health Agency. Input was also provided by clinical peaks, Primary Health Networks and advisers from a range of healthcare settings and disciplines.  

The Agency has also developed an e-Learning module to accompany the security and access policy template, with input from advisers from various healthcare settings and disciplines. The e-Learning module is designed to support healthcare providers in using the policy template by outlining the practical steps that should be followed when drafting a security and access policy for their organisation.  

The policy template is available on the OAIC website: https://www.oaic.gov.au/privacy/guidance-and-advice/security-and-access-policies-rule-42-guidance, and the e-Learning module can be accessed via the Agency’s Digital Health training website: https://training.digitalhealth.gov.au/enrol/index.php?id=65

Related topics