My Health Record imaging services security failed ADHA password standards

My Health Record system’s physical and information security measures used to access the My Health Record system for pathology and diagnostic imaging services did not meet the ADHA’s recommended standard for passwords, according to assessments made by the Office of the Australian Information Commissioner’s (OAIC). 

“In relation to physical and information security measures, while most assessment targets reported good physical security measures, most did not meet the ADHA’s recommended standard for passwords used to access the My Health Record system,” the OAIC said.

Detailed in the OAIC’s annual digital health report [PDF], the agency did note, however, that most of My Health Record’s assessment targets reported having a procedure in place for identifying and responding to My Health Record-related security and privacy risks even though there were areas for improvement in relation to recording matters relevant to security breaches.

During the 2020-21 financial year, three data breach notifications were submitted to the OAIC in relation to My Health Record. Two of the three have been finalised.

In the agency’s annual report, which was also released this week, it said 975 data breaches were reported in Australia during the 2020-21 financial year. This was 7% less compared to the previous financial year, with the OAIC

Read More: