A sample PCEHR Security and Access Policy for residential aged care

| 30 Oct 2013
PCEHR policy for residential aged care

In our ongoing series dedicated to eHealth, we’re helping aged care providers in Australia overcome some of the challenges in preparing for the Personally Controlled Electronic Health Record (PCEHR) system. Most recently, we called on some of eHealth’s early adopters to provide tips to help your organisation better prepare for the eHealth journey. In this post, we cover some of the essential eHealth policy requirements that aged care providers must consider.

Before a residential aged care provider can start using the PCEHR system, an organisational policy must be in place to demonstrate a clear understanding of the obligations and requirements under the PCEHR compliance guidelines.

A summary of the objectives and key requirements of the PCEHR Security and Access Policy, as established by the PCEHR System Operator (Commonwealth Department of Health), includes:

  • the way authorised staff within the organisation will access the PCEHR system, including the process of suspending and deactivating the user account of any person who leaves organisation; whose security has been compromised; or whose duties no longer require them to access the PCEHR system.
  • the training that will be provided to staff before they are authorised to access the PCEHR system, which includes how to use the system accurately and responsibly; the legal obligations on the organisation and individuals using the PCEHR system; as well as the consequences of breaching those obligations.
  • the process for identifying a person who requests access to a consumer’s PCEHR and providing identification information to the System Operator, ensuring the organisation is able to satisfy its obligations under the PCEHR Act.
  • the physical and information security measures of the organisation, including the procedures for user account management.
  • mitigation strategies to ensure PCEHR-related security risks can be identified, acted upon and reported immediately.

A range of sample PCEHR policies have already  been developed to assist healthcare providers to develop their own organisational policy that complies with the obligations and requirements for eHealth. But until now, there has not been a sample policy available for the aged care sector.

With guidance from the National eHealth Transition Authority (NeHTA), we have modified the following PCEHR policy – originally developed by the Inner East Melbourne Medicare Local – to make it more applicable for the residential aged care sector.

To download the sample policy, please click the link below.

Please note, we believe that our sample policy covers the key elements of a PCEHR policy, as per PCEHR legislative requirements. The sample policy is intended as a guide only and should be customised to meet the needs of your own organisation. Any organisation that uses this sample policy is encouraged to customise it to meet their organisational needs by including additional information where it is suitable to do so. For example, further information on training procedures for staff or RO/OMO contact details may need to be provided.
The final version of your policy must be reviewed and approved by the organisational executive and reviewed on an ongoing basis, as per PCEHR legislative requirements.

Click here to download our sample PCEHR Security and Access Policy for residential aged care.

(Image credit: Stuart Miles)

Tags: ehealth, ehealth policy, NeHTA, PCEHR

iCareHealth icon

The iCareHealth Team


Post a comment