Information and Communications Technology

Generating PDFGenerating PDF

Policy framework statement

The Information and Communications Technology (ICT) Policy Framework specifies the ICT governance and policy requirements that all Health Service Providers (HSPs) must comply with in order to ensure effective and consistent ICT governance, decision-making and use of ICT systems across the WA health system.


The purpose of this policy framework is to ensure:

  • the ICT Governance Structure [intranet] and requirements for ICT decision-making are understood across the WA health system
  • individuals accessing the WA health system's ICT comply with the mandatory requirements relating to the secure and efficient use of systems.

In conjunction with the WA Health Digital Strategy 2020-2030 and ICT Governance Structure [intranet], this ICT Policy Framework has been developed to embed systemwide ICT policies and practices that promote continuous improvement in the use of technology to deliver quality patient care, reflect business needs and align to wider government ICT strategic directions.


This policy framework is binding on each HSP to which it applies or relates. Specifically, HSPs must ensure that in contracting with contracted health entities, the entity and any of their personnel accessing the WA health system comply with all relevant ICT mandatory requirements listed in this policy framework.


The key principles that underpin this policy framework are:

Electronic communications, which are part of the business records of WA health system, are treated as such and managed in accordance with recordkeeping policies and legislation.

ICT policy and management directions support the objectives of the:

Customer focus
Investments in ICT are used to improve safety and quality, improve patient outcomes, create a better patient journey or experience, build knowledge to inform research and changes to clinical practice, or improve efficiencies and financial sustainability.

Effective governance and decision-making on ICT is undertaken in accordance with the ICT Governance Structure. This includes regular, ongoing and responsive clinical and consumer engagement. ICT projects and funding for ICT are well managed in order to deliver better care and better value.

Responsible use
The WA health system ICT resources are used responsibly, including behaviour that:

  • is in accordance with public sector ethics, accepted community standards and relevant law, and
  • does not disrupt the efficient delivery of the WA health system’s services.

Security and privacy
WA health system ICT resources are controlled and protected to safeguard privacy and confidentiality, preserve data integrity and ensure the ongoing availability of information. Security controls and guidelines are applied to the storage, access, processing or transmitting of data on a range of devices and infrastructure, whether it is WA health system owned, privately owned or purchased as a service. Access to and disclosure of information is managed and performed in accordance with the WA health system’s Information Management Policy Framework. ICT security considerations are incorporated into ICT investments, including monitoring and audit capability, where applicable.

Legislative context

This policy framework is made pursuant to ss 26(2)(k) of the Health Services Act 2016.

The Health Services Act 2016 refers to policy frameworks in ss. 26-27 and s. 34(2)(c). Other relevant parts in the Act that relate specifically to this policy framework include s .36(3)(e-f).

The legislation below, may also apply:

  • Corruption, Crime and Misconduct Act 2003
  • Privacy Act 1988 (Cwlth), Schedule 1 Australian Privacy Principles
  • State Records Act 2000.

Policy framework custodian

Assistant Director General
Strategy and Governance

Enquiries relating to this Policy Framework may be directed to:


This policy framework will be reviewed as required to ensure relevance and recency. At a minimum this policy framework will be reviewed within two years after first issue and at least every three years thereafter.


Version Effective from Amendment(s)
10.  25 May 2023 Amendment to MP 0001/16 Information and Communication Technology (ICT) Governance Policy. Minor amendments to Supporting Information document: ICT Patient Safety Risk Assessment PSRA Guide for ICT Projects including fixed broken links and updated control ratings to reflect WA Health Integrated Corporate and Clinical Risk Analysis Tables and Evaluation Criteria. 
9 18 February 2021
Amend MP 0066/17 Acceptable Use of Information and Communications Technology Policy to include Supporting information Microsoft 365 Acceptable Use Guidelines and transition the Policy to the current template. 

Amend MP 0067/17 Information Security Policy to reflect procedural changes for ordering WA Health encrypted USDs, update passphrase requirements, and mandate the use of multifactor authentication (MFA) on all privileged accounts. Include Supporting information Guidelines for the Transmission of Personal Health Information by Fax Machine (to supersede IC 0179/14 Guidelines for the Transmission of Personal Health Information by Facsimile Machine).
8 27 July 2020
New MP 0140/20 Cloud Policy and Major Amendment to MP 0067/17 Information Security Policy.
7 27 February 2020
Updated the ICT Policy Framework page to remove references to WA Health ICT Strategy 2015-2018 and replaced with WA Health Digital Strategy 2020-2030.
6 8 November 2019
Rescinded: (Mandatory) Disposal of ICT Equipment and Data Storage Media Policy; OD 0481/13; OD 0489/14 and OP 2094/06.
5 18 October 2018
New MP 0094/18 My Health Record (MHR) Policy, superseded OD 0463/13.
4 12 April 2018
Major Amendment to MP 0001/16 Information and Communications Technology (ICT) Governance Policy.
3 15 November 2017
Major Amendment to MP 0067/17 Information Security Policy.
2 13 September 2017
New MP 0066/17 Acceptable Use of Information and Communications Technology Policy, superseded OD 0468/13, OD 0469/13, OD 0470/13, OD 0336/11, and OD 0337/11.
New MP 0067/17 Information Security Policy, superseded OD 0389/12, OD 0506/14, and OD 0508/14.
1 1 July 2016 Original version


This policy framework has been approved and issued by the Director General of the Department of Health as the System Manager.

Approval byDr D J Russell-Weisz, Director General, Department of Health
Approval date01 July 2016
Date published18 October 2018
File numberF-AA-40149


This policy framework is binding on those to whom it applies or relates. Implementation at a local level will be subject to audit.

Glossary of terms

Term Meaning
Applicability Under Section 26 of the Health Services Act 2016, policy frameworks may apply to:
  • All Health Service Providers
  • A type of public health service facility
  • A type of public health service
  • A type of staff member of a health service provider.
ICT Governance Structure The ICT Governance Structure outlines the decision making framework for WA Health’s ICT investment. It clarifies the expected roles, responsibilities and accountability of all parties involved in the planning and delivery of ICT programs and projects. The fundamental principle is decision making at the appropriate management level.
Health Service Provider Means a Health Service Provider established by an order made under section 32(1)(b) of the Health Services Act 2016.
Information and Communications Technology Information and Communications Technology (ICT) refers to software and hardware used to support information sharing and communication and includes system infrastructure and architecture, clinical and corporate applications, and telecommunications equipment.
WA health system Pursuant to section 19(1) of the Health Services Act 2016, means the Department of Health, Health Service Providers and to the extent that Contracted Health Entities provide health services to the State, the Contracted Health Entities.