Concept of Operations: Relating to the introduction of a Personally Controlled Electronic Health Record System
1.6 Ensuring privacy and securityA multi-layered approach will safeguard the PCEHR System, and will incorporate both technical and non-technical controls. These include:
- Accurate authentication of users accessing the PCEHR System.
- Robust audit trails.
- Proactive monitoring of access to the PCEHR System to detect suspicious and inappropriate behaviour.
- Rigorous security testing, to be conducted both before and after the PCEHR System begins operation.
- Education and training of users of the system.
- Requirements that healthcare providers and organisations comply with specific PCEHR System business rules and other relevant legislation.
Individuals will be able to make enquiries and lodge complaints regarding suspicious or unauthorised access to their PCEHR.