Document Type

Conference Proceeding


SRI Security Research Institute, Edith Cowan University, Perth, Western Australia


Originally published in the Proceedings of the 1st Australian eHealth Informatics and Security Conference, held on the 3rd-5th December, 2012 at Novotel Langley Hotel, Perth, Western Australia


The Australian ehealth landscape is confronted with new challenges for healthcare providers in appropriately managing and protecting personal health information. The vision of the National eHealth Security and Access Framework (NESAF) is to adopt a consistent approach to the application of health information security standards and provide better practice guidance in relation to eHealth specific security and access practices. The eHealth information security landscape has a number of unique attributes, many that are faced by other business that provide a service or products – but we see that there is no industry in Australia where such widespread changes in the access to, the creation and delivery of information is transpiring. As the significant investment in Australian eHealth unfolds the emerging threat and risk assessment for information security and access is more prominent. There is an increasing volume of information being exchanged and accessed, and that this will occur in novel ways supporting emerging clinical models and to meet patient needs and growing expectations from the information age. One key area that must be examined is data provenance, ensuring that all electronic health information is traceable from its creation at a verifiable trusted source, and through its transition and possible augmentation enroute to its destination for immediate and potential futures uses. This will support better health outcomes for patients, and also the use of the information to support tertiary and secondary uses. For example, Clinical Research may generate personal health content in the context of a clinical trial and its context of use bound to the research environment in which it was generated. The goals and principles of the NESAF are intended to guide in the design and implementation of secure eHealth systems to manage and protect healthcare information. This paper presents a description and discussion of the NESAF framework, and the work that has driven its formulation.