Information Breach Policy
MP 0135/20 - Information Breach Policy (pdf 123KB)
Applicable to: This policy is applicable to the WA health entities.
Description: The Information breach policy outlines the mandatory requirements to manage and respond to an information breach to mitigate future breaches.
An information breach occurs when information that an entity holds is subject to unauthorised access, use or disclosure, or is lost, damaged or destroyed. An information breach may be caused by malicious action (by an external or insider party), human error, or a failure in information handling or security systems. It can involve different types of information and give rise to a range of actual or potential harms to the individuals and WA health entities whose information is compromised.
This policy applies to all information generated, collected, accessed, used, managed, stored and disclosed by the WA health system including, but not limited to, information collected under the Health Services Act 2016, Health (Miscellaneous Provisions) Act 1911, Mental Health Act 2014, Private Hospital and Health Services Act 1927, Public Health Act 2016, Public Sector Management Act 1994 or any other written law.
This policy is a mandatory requirement under the Information Management Policy Framework pursuant to section 26(2)(k) of the Health Services Act 2016.
This policy is a mandatory requirement for the Department of Health pursuant to section 29 of the Public Sector Management Act 1994.
Date of effect: 06 May 2020
Policy Framework
Information Management
Information-Breach-Response-Standard (pdf 477KB)
Information-Breach-Notification-Form (docx 70KB)
Information-Breach-Response-Guide (pdf 490KB)
Information-Breach-Response-Checklist (pdf 170KB)