In 2014, the National eHealth Transition Authority (NEHTA) released a suite of documents to transition healthcare practitioners securely to Digital eHealth. The National eHealth Security and Access Framework (NESAF) is a fundamental framework methodology on how to secure information. A comprehensive guide, applicable to all private and public sector organisations connecting to national eHealth systems.
NESAF – National eHealth Security and Access Framework
Based on Australian standards for information security management, and information security management in health, NESAF takes into account the ‘Protective Security Policy Framework’ & the ‘Information Security Manual’, Privacy Act 1988 and the Australian Privacy Principals.
NESAF’s primary leverage for best practice comes from applying ISO Standards; ISO27001, ISO27002, ISO27799 and the AS HB174.
“Health organisations do have a legal responsibility to implement Digital eHealth Security Frameworks” – Trevor Pangbourne, Technical Director, NetWireless
NESAF implementation is one of the key enablers for ensuring that a health organisation meets its privacy obligations. NetWireless’ Healthcare division specialises in implementing NESAF required standards for network security, operation management and access control for health organisations connecting to national eHealth systems.
Healthcare organisations must be aware that even “When outsourcing…the ultimate responsibility for health information processed by an outsourcing party remains with the organisation” (Source: NESAF v4 Framework model and controls 2014)
NetWireless can provide services and/or consultancy on all aspects of NESAF ICT obligations:
- – We provide acceptance criteria for new systems/versions/upgrade sign offs and assure all systems are patched and updated.
- – We implement appropriate prevention, detection and response controls in real time.
- – We can enhance your visibility over BYOD devices, with MDM investigation we can gain greater controls over devices to understand what happens when they are not on your network.
- – We perform regular testing of backups, simultaneously confirming they are stored in an encrypted format.
- – We manage and control network access to the highest degree of security to protect against unauthorised access.
- – We document the management of network equipment and services including controls to ensure the confidentiality and integrity of data passing over the network.
- – We provide comprehensive business continuity plans and supporting documentation that considers the impact of network unavailability upon clinical practise.
- – We can work with you to define clear escalation pathways and incident response plans.
- – We can assist in the movement of health media to ensure it is encrypted in transit.
- – We can aid in the disposal of media securely and safely and provide a certificate of destruction.
- – We will help you with your documentation procedures for the storage, handling, processing and communication of information.
- – We can also educate employees on information security and the individual’s responsibility.
- 1. Identify the threats and vulnerabilities and highlight the associated risks to your business and clinical consumers.
- 2. Apply measures that reduce the risk of a breach and support your legal obligations.
- 3. NetWireless are experts in Digital Health Network Security, so you can rest assured the integrity of your network will be maintained.
NetWireless is a multi-disciplinary IT Network and management company specialising in Wi-Fi design, deployment, security and managed services. Speak to our technical consultants today (CALL 1300 324 844) to ensure your infrastructure meets your needs.