Security, Ethics and Privacy Principles
13 March 2013
The requirement for security and privacy of patient clinical and other health information derives principally from:
- The National Privacy Principles (effective 21 December 2001)
- Various state privacy legislation
- Ethical business practice
Smart Health has been committed to the security, privacy and ethical use of patient health information since it commenced the development and live operation of secure on-line information management solutions for patient healthcare in 1999.
1. Voluntary participation by patients and healthcare providers
All patients and healthcare providers that participate in managed health programs that are supported by Smart Health do so a voluntary (opt-in) basis.
2. Informed consent to participate by patients
All patients that participate in these programs must provide informed consent by acknowledging terms and conditions that are provided as part of the enrolment documentation.
3. Authenticating healthcare provider access to patient information
Healthcare provider access to patient information is authenticated using PKI and secure tokens that are provided for this purpose by the National Authentication Service for Health.
4. Authenticating administrative access to patient information
Healthcare administrator access to patient information is authenticated using PKI and secure tokens that are provided for this purpose by the National Authentication Service for Health.
5. Patient authorisation of provider access to patient information
Healthcare providers only gain access to patient information when their healthcare practices are explicitly authorised to access health records by the patient.
6. Access to patient information that is strictly based on existing healthcare practice information management arrangements
Providers are assigned roles and permissions that determine access rights to patient information.
7. Securing repositories of patient and provider information
Smart Health’s servers and data repositories are operated by secure, accredited data centre operators.
Smart Health is committed to the use of national and international standards in eHealth programs.