Your browser has 'Cookies' disabled, alert boxes will continue to appear without this feature.

Practice standards

Computer and information security standards

Appendix A - List of related standards, principles and legislation

These Standards have been developed in accordance with recognised best practice and are aligned with the requirements of international and Australian standards, current Australian legislation and legislative instruments, the National Privacy Principles and national standards in health information security as listed below.

  • AZ/NZS ISO 31000:2009 Risk management – principles and guidelines. Sydney: Standards Australia International, 2009.
  • HB 292 – 2006 A practitioners guide to business continuity management. Sydney: Standards Australia International, 2006.
  • HB 174 – 2003 Information security management – implementation guide for the health sector. Sydney: Standards Australia International, 2003.
  • HB 231 – 2004 Information security risk management guidelines. Sydney: Standards Australia International, 2004.
  • HB 292 – 2006 A practitioners guide to business continuity management. Sydney: Standards Australia International, 2006.
  • HB 293 – 2006 Executive guide to business continuity management. Sydney: Standards Australia International, 2006.
  • Information Privacy Principles under the Privacy Act 1988 (www.privacy.gov.au/materials/types/infosheets/view/6541).
  • ISO/IEC 27002:2006 Information technology – security techniques – Code of practice for information security management.
  • ISO 27799:2008 Health informatics – information security management in health using ISO/IEC 27002.
  • Healthcare Identifiers Act 2010 (Cwlth) (incorporating amendments). www.comlaw.gov.au/ Details/C2012C00590
  • Personally Controlled Electronic Health Records Act 2012 (Cwlth). www.comlaw.gov.au/Details/C2012A00063
  • Computer security incident handling guide. Special publication 800-61. National Institute of Standards and Technology, 2008. http://csrc.nist.gov/ publications/nistpubs/ 800-61-rev1/SP800-61rev1.pdf
  • National Privacy Principles. Office of the Australian Information Commissioner, 2006. www.privacy.gov.au/ materials/types/infosheets/view/6583
  • Data breach notification – a guide to handling personal information security breaches. Office of the Australian Information Commissioner, April 2012. www.oaic.gov.au/ publications/guidelines/privacy_guidance/data_breach_notification_ guide_april2012.html.
  • Guide to information security: ‘reasonable’ steps to protect personal information. Consultation draft. Office of the Australian Information Commissioner, 2012.
  • National Ehealth Security and Access Framework v3.1. NEHTA, 2012.

National Privacy Principles

Principle 4 – Data security

4.1 An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.

4.2 An organisation must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under National Privacy Principle 2.

Australian Information Privacy Principles

Principle 4 – Storage and security of personal information

A record-keeper who has possession or control of a record that contains personal information shall ensure:

  1. that the record is protected by, such security safeguards as it is reasonable in the circumstances to take, against loss, against unauthorised access, use, modification or disclosure, and against other misuse; and
  2. that if it is necessary for the record to be given to a person in connection with the provision of a service to the record-keeper, everything reasonably within the power of the record-keeper is done to prevent unauthorised use or disclosure of information contained in the record.
Advertisement loading...

Advertisement

The Royal Australian College of General Practitioners

Contact Us

General Inquiries

General Enquiries

Opening hours 8:00 am-8:00 pm AEST

1800 4RACGP

1800 472 247 | +61 (3) 8699 0300 (international)

Payments

Payments

Pay invoices online

RACGP automated payment service: 1800 198 586

Follow us on

Follow RACGP on Twitter Follow RACGP on Facebook Follow RACGP on LinkedIn


Healthy Profession. Healthy Australia Logo

The Royal Australian College of General Practitioners (RACGP) ABN 34 000 223 807
RACGP House, 100 Wellington Parade, East Melbourne, Victoria 3002 Australia

Terms and conditions | Privacy statement
Sponsor conditions | Delegate conditions