Document Type

Journal Article


electronic Journal of Health Informatics


Faculty of Health, Engineering and Science


School of Computer and Security Science/eHealth Research Group




This article was originally published as: Mahncke, R. J., & Williams, P. A. (2014). Developing and Validating a Healthcare Information Security Governance Framework. electronic Journal of Health Informatics, 8(2), Article no. e12. Original article available here


General medical practices' in Australia are vulnerable to information security threats and insecure practices. It is well accepted in the healthcare environment that information security is both a technical and a human endeavour, and that the human behaviours, particularly around integration with healthcare workflow, are key barriers to good information security practice. The Royal Australian College of General Practitioner's (RACGP) Computer and Information Security Standards (CISS) 2013 are the best practice standards for general practices, against which information security is assessed during practice accreditation. With the release of ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security in May 2013, it is this governance component of information security that is insufficiently addressed within General Practice at present. This paper documents the development and validation of an information security governance framework for use within general medical practice. The aim of the proposed Information Security Governance Framework is to extend current best practice information security management to include information security governance.

Creative Commons License

Creative Commons Attribution 3.0 License
This work is licensed under a Creative Commons Attribution 3.0 License.