Select Page


HISA’s 2015 Australian Guidelines for the Protection of Health Information: Protecting Health Information is Everyone’s Business

Eds: Peter Croll, Patricia Williams, Emma Hossack

This publication serves as a resource to assist the health sector as a whole, and especially healthcare professionals, to protect the personal health information (PHI) they require to do their work, and to meet their role and responsibilities.

The Guidelines describe key security and privacy issues faced by healthcare organisations and offers guidance for responding to these issues. It is not an all-encompassing guide on the protection of PHI; rather, it is designed as a stepping stone to help healthcare organisations address common concerns, avoid confusion, and prevent misunderstandings.

In conjunction with applicable privacy legislation, security standards and information protection best practices, HISA Guidelines form part of a privacy and security framework designed to support the appropriate use and protection of PHI.

There are the four major objectives of HISA Guidelines:

  • To educate healthcare professionals and organisations about the privacy rights of their subjects of care.
  • To assist healthcare professionals and organisations to minimise the risk of inappropriate, insecure, or unauthorised collection, use, disclosure, modification, storage, or destruction of PHI.
  • To assist healthcare professionals and organisations to maximise the integrity, availability, and confidentiality of PHI, and the efficacy of administering authorised access.
  • To assist healthcare professionals and organisations to design and/or implement programs to protect the privacy and security of personal health information.

Benefits of Using HISA Guidelines
The extent of the benefits you and your organisation may derive from this publication will depend on the organisation’s current understanding of information protection issues and the maturity of the existing information protection program. Our hope is that you find the information here assists and supports progress in developing, implementing, and improving your organisation’s program.

If your healthcare organisation already has an established information privacy and security program with a designated information privacy officer, you may find the descriptions of fundamental information protection structures and mechanisms to be a review. In that case, your organisation may use HISA Guidelines to identify gaps and enhance existing practices and safeguards and as a tool to advance education and awareness. You will also benefit from the discussions on new privacy laws, technologies, threats, risk management, and other leading best practices in the field.

If your healthcare organisation has only recently begun to identify information protection as an organisational priority, or is introducing new health information systems, or technology, you will benefit from the detailed information provided. HISA Guidelines is an excellent starting point for understanding the value of tools such as privacy impact assessments, threat and risk assessments, privacy and security policies, and education programs. You may use the information provided here as a basis for developing organisational capacity, safeguards, processes and policies, and you can build on this base by exploring the suggested resources listed in the appendices, which provide more detailed information on specific subjects.

Whatever your starting point, you and your organisation will benefit by relying on HISA Guidelines. It is updated regularly by a panel of Australian national and international experts to reflect the latest knowledge in the field. You can use this publication confidently, knowing that you are doing your best to reduce privacy threats for both your organisation and the people it serves.

View the pricing options