Information and Communications Technology Policy Framework
View the PDF document of the Information and Communications Technology Policy Framework.
1. Policy framework statement
The Information and Communications Technology (ICT) Policy Framework specifies the ICT governance and policy requirements that all Health Service Providers (HSPs) must comply with in order to ensure effective and consistent ICT governance, decision-making and use of ICT systems across the WA health system.
The Director General (DG) of the Department of Health is the System Manager responsible for the overall management, strategic direction and stewardship of the WA health system. The DG will use policy frameworks to ensure a consistent approach to a range of matters undertaken by HSPs. Policy frameworks must be complied with and implemented as a part of ongoing operations.
The purpose of this policy framework is to ensure:
- the ICT Governance Structure and requirements for ICT decision-making are understood across the WA health system
- individuals accessing the WA health system's ICT comply with the mandatory requirements relating to the secure and efficient use of systems.
In conjunction with the WA Health ICT Strategy 2015-2018 and ICT Governance Structure, this ICT Policy Framework has been developed to embed systemwide ICT policies and practices that promote continuous improvement in the use of technology to deliver quality patient care, reflect business needs and align to wider government ICT strategic directions.
This policy framework is binding on each HSP to which it applies or relates. Specifically, HSPs must ensure that in contracting with contracted health entities, the entity and any of their personnel accessing the WA health system comply with all relevant ICT mandatory requirements listed in this policy framework.
The key principles that underpin this policy framework are:
Electronic communications, which are part of the business records of WA health system, are treated as such and managed in accordance with recordkeeping policies and legislation.
ICT policy and management directions support the objectives of the:
- WA Health ICT Strategy 2015-2018
- Whole-of-Government ICT Strategy and policies, issued by the Office of the Government Chief Information Officer (OGCIO).
Investments in ICT are used to improve safety and quality, improve patient outcomes, create a better patient journey or experience, build knowledge to inform research and changes to clinical practice, or improve efficiencies and financial sustainability.
Effective governance and decision-making on ICT is undertaken in accordance with the ICT Governance Structure. This includes regular, ongoing and responsive clinical and consumer engagement. ICT projects and funding for ICT are well managed in order to deliver better care and better value.
The WA health system ICT resources are used responsibly, including behaviour that:
- is in accordance with public sector ethics, accepted community standards and relevant law, and
- does not disrupt the efficient delivery of the WA health system’s services.
Security and privacy
WA health system ICT resources are controlled and protected to safeguard privacy and confidentiality, preserve data integrity and ensure the ongoing availability of information. Security controls and guidelines are applied to the storage, access, processing or transmitting of data on a range of devices and infrastructure, whether it is WA health system owned, privately owned or purchased as a service. Access to and disclosure of information is managed and performed in accordance with the WA health system’s Information Management Policy Framework. ICT security considerations are incorporated into ICT investments, including monitoring and audit capability, where applicable.
5. Legislative context
The Health Services Act 2016 refers to policy frameworks in ss. 26-27 and s. 34(2)(c). Other relevant parts in the Act that relate specifically to this policy framework include s .36(3)(e-f).
The legislation below, may also apply:
- Corruption, Crime and Misconduct Act 2003
- Privacy Act 1988 (Cwlth), Schedule 1 Australian Privacy Principles
- State Records Act 2000
6. Mandatory requirements
Under this policy framework HSPs must comply with all mandatory requirements* including:
- Acceptable Use of Information and Communications Technology Policy - MP 0066/17
- Computer Software Intellectual Property Rights Policy - OD 0481/13
- Information and Communications Technology (ICT) Governance Policy - MP 0001/16
- Information Security Policy - MP 0067/17
- Information Technology Policy – Teleworking – ICT Facilities Policy (P13/0506) - OP 2094/06
- My Health Record (MHR) Policy - MP 0094/18
- Statewide Telehealth Service Use Policy - OD 0489/14
- Disposal of ICT Equipment and Data Storage Media Policy
*Any mandatory requirement document that references the Hospitals and Health Act 1927 must be interpreted as a requirement under the Health Services Act 2016.
7. Supporting information
The following documents support and inform the implementation of the mandatory requirements:
Whole-of-Government ICT Policies are also issued by the Office of the Government Chief Information Officer (OGCIO). These are mandatory for all agencies, and the System Manager will develop systemwide mandatory requirements to align with these as required.
Other policy frameworks relevant to the delivery of ICT include:
- Communications Policy Framework
- Financial Management Policy Framework
- Information Management Policy Framework
- Procurement Policy Framework
- Public Health Policy Framework
- Risk, Compliance and Audit Policy Framework
8. Policy framework custodian
Deputy Director General
Office of the Deputy Director General
Enquiries relating to this policy framework may be directed to:
This policy framework will be reviewed as required to ensure relevance and recency. At a minimum this policy framework will be reviewed within two years after first issue and at least every three years thereafter.
|Version||Effective from||Effective to||Amendment(s)|
|1||1 July 2016||13 September 2017||Original version|
|2||13 September 2017||15 November 2017||New MP 0066/17, superseded OD 0468/13, OD 0469/13, OD 0470/13, OD 0336/11, and OD 0337/11. New MP 0067/17, superseded OD 0389/12, OD 0506/14, and OD 0508/14.|
|3||15 November 2017||12 April 2018||Major Amendment to MP 0067/17.|
|4||12 April 2018||18 October 2018||Major Amendment to MP 0001/16|
|5||18 October 2018||Current||New MP 0094/18, superseded OD 0463/13.|
This policy framework has been approved and issued by the Director General of the Department of Health as the System Manager.
|Approval by||Dr David Russell-Weisz, Director General, Department of Health|
|Approval date||1 July 2016|
|Date published||18 October 2018|
|Dept. File No||F-AA-40149|
This policy framework is binding on those to whom it applies or relates. Implementation at a local level will be subject to audit.
12. Glossary of terms
|Applicability||Under Section 26 of the Health Services Act 2016, policy frameworks may apply to:
|ICT Governance Structure||The ICT Governance Structure outlines the decision making framework for WA Health’s ICT investment. It clarifies the expected roles, responsibilities and accountability of all parties involved in the planning and delivery of ICT programs and projects. The fundamental principle is decision making at the appropriate management level.|
|Health Service Provider||Means a Health Service Provider established by an order made under section 32(1)(b) of the Health Services Act 2016.|
|Information and Communications Technology||Information and Communications Technology (ICT) refers to software and hardware used to support information sharing and communication and includes system infrastructure and architecture, clinical and corporate applications, and telecommunications equipment.|
|WA health system||Pursuant to section 19(1) of the Health Services Act 2016, means the Department of Health, Health Service Providers and to the extent that Contracted Health Entities provide health services to the State, the Contracted Health Entities.|