Information and Communications Technology
Generating PDF
Policy framework statement
The Information and Communications Technology (ICT) Policy Framework specifies the ICT governance and policy requirements that all Health Service Providers (HSPs) must comply with in order to ensure effective and consistent ICT governance, decision-making and use of ICT systems across the WA health system.
Purpose
The purpose of this policy framework is to ensure:
- the ICT Governance Structure [intranet] and requirements for ICT decision-making are understood across the WA health system
- individuals accessing the WA health system's ICT comply with the mandatory requirements relating to the secure and efficient use of systems.
In conjunction with the WA Health Digital Strategy 2020-2030 and ICT Governance Structure [intranet], this ICT Policy Framework has been developed to embed systemwide ICT policies and practices that promote continuous improvement in the use of technology to deliver quality patient care, reflect business needs and align to wider government ICT strategic directions.
Applicability
This policy framework is binding on each HSP to which it applies or relates. Specifically, HSPs must ensure that in contracting with contracted health entities, the entity and any of their personnel accessing the WA health system comply with all relevant ICT mandatory requirements listed in this policy framework.
Principles
The key principles that underpin this policy framework are:
Accountability
Electronic communications, which are part of the business records of WA health system, are treated as such and managed in accordance with recordkeeping policies and legislation.
Consistency
ICT policy and management directions support the objectives of the:
Customer focus
Investments in ICT are used to improve safety and quality, improve patient outcomes, create a better patient journey or experience, build knowledge to inform research and changes to clinical practice, or improve efficiencies and financial sustainability.
Governance
Effective governance and decision-making on ICT is undertaken in accordance with the ICT Governance Structure. This includes regular, ongoing and responsive clinical and consumer engagement. ICT projects and funding for ICT are well managed in order to deliver better care and better value.
Responsible use
The WA health system ICT resources are used responsibly, including behaviour that:
- is in accordance with public sector ethics, accepted community standards and relevant law, and
- does not disrupt the efficient delivery of the WA health system’s services.
Security and privacy
WA health system ICT resources are controlled and protected to safeguard privacy and confidentiality, preserve data integrity and ensure the ongoing availability of information. Security controls and guidelines are applied to the storage, access, processing or transmitting of data on a range of devices and infrastructure, whether it is WA health system owned, privately owned or purchased as a service. Access to and disclosure of information is managed and performed in accordance with the WA health system’s Information Management Policy Framework. ICT security considerations are incorporated into ICT investments, including monitoring and audit capability, where applicable.
Legislative context
This policy framework is made pursuant to ss 26(2)(k) of the Health Services Act 2016.
The Health Services Act 2016 refers to policy frameworks in ss. 26-27 and s. 34(2)(c). Other relevant parts in the Act that relate specifically to this policy framework include s .36(3)(e-f).
The legislation below, may also apply:
- Corruption, Crime and Misconduct Act 2003
- Privacy Act 1988 (Cwlth), Schedule 1 Australian Privacy Principles
- State Records Act 2000.
Mandatory requirements
Under this policy framework HSPs must comply with all mandatory requirements* including:
Policy framework custodian
Assistant Director General
Strategy and Governance
Review
Show allHide review details
This policy framework will be reviewed as required to ensure relevance and recency. At a minimum this policy framework will be reviewed within two years after first issue and at least every three years thereafter.
| Version |
Effective from |
Amendment(s) |
| 10. |
25 May 2023 |
Amendment to MP 0001/16 Information and Communication Technology (ICT) Governance Policy. Minor amendments to Supporting Information document: ICT Patient Safety Risk Assessment PSRA Guide for ICT Projects including fixed broken links and updated control ratings to reflect WA Health Integrated Corporate and Clinical Risk Analysis Tables and Evaluation Criteria. |
| 9 |
18 February 2021
|
Amend MP 0066/17 Acceptable Use of Information and Communications Technology Policy to include Supporting information Microsoft 365 Acceptable Use Guidelines and transition the Policy to the current template.
Amend MP 0067/17 Information Security Policy to reflect procedural changes for ordering WA Health encrypted USDs, update passphrase requirements, and mandate the use of multifactor authentication (MFA) on all privileged accounts. Include Supporting information Guidelines for the Transmission of Personal Health Information by Fax Machine (to supersede IC 0179/14 Guidelines for the Transmission of Personal Health Information by Facsimile Machine).
|
| 8 |
27 July 2020
|
New MP 0140/20 Cloud Policy and Major Amendment to MP 0067/17 Information Security Policy.
|
| 7 |
27 February 2020
|
Updated the ICT Policy Framework page to remove references to WA Health ICT Strategy 2015-2018 and replaced with WA Health Digital Strategy 2020-2030.
|
| 6 |
8 November 2019
|
Rescinded: (Mandatory) Disposal of ICT Equipment and Data Storage Media Policy; OD 0481/13; OD 0489/14 and OP 2094/06.
|
| 5 |
18 October 2018
|
New MP 0094/18 My Health Record (MHR) Policy, superseded OD 0463/13.
|
| 4 |
12 April 2018
|
Major Amendment to MP 0001/16 Information and Communications Technology (ICT) Governance Policy.
|
| 3 |
15 November 2017
|
Major Amendment to MP 0067/17 Information Security Policy.
|
| 2 |
13 September 2017
|
New MP 0066/17 Acceptable Use of Information and Communications Technology Policy, superseded OD 0468/13, OD 0469/13, OD 0470/13, OD 0336/11, and OD 0337/11.
New MP 0067/17 Information Security Policy, superseded OD 0389/12, OD 0506/14, and OD 0508/14.
|
| 1 |
1 July 2016 |
Original version |
Approval
This policy framework has been approved and issued by the Director General of the Department of Health as the System Manager.
| Approval by | Dr D J Russell-Weisz, Director General, Department of Health |
|---|
| Approval date | 01 July 2016 |
|---|
| Date published | 18 October 2018 |
|---|
| File number | F-AA-40149 |
|---|
Compliance
This policy framework is binding on those to whom it applies or relates. Implementation at a local level will be subject to audit.
Glossary of terms
| Term |
Meaning |
| Applicability |
Under Section 26 of the Health Services Act 2016, policy frameworks may apply to:
- All Health Service Providers
- A type of public health service facility
- A type of public health service
- A type of staff member of a health service provider.
|
| ICT Governance Structure |
The ICT Governance Structure outlines the decision making framework for WA Health’s ICT investment. It clarifies the expected roles, responsibilities and accountability of all parties involved in the planning and delivery of ICT programs and projects. The fundamental principle is decision making at the appropriate management level. |
| Health Service Provider |
Means a Health Service Provider established by an order made under section 32(1)(b) of the Health Services Act 2016. |
| Information and Communications Technology |
Information and Communications Technology (ICT) refers to software and hardware used to support information sharing and communication and includes system infrastructure and architecture, clinical and corporate applications, and telecommunications equipment. |
| WA health system |
Pursuant to section 19(1) of the Health Services Act 2016, means the Department of Health, Health Service Providers and to the extent that Contracted Health Entities provide health services to the State, the Contracted Health Entities. |